remove sanitnzer and add a where condition instead

use a simpler where condition(the former sanitizer) for overcoming performance problems

Author: am0o0

javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsCustomizations.qll

@@ -32,16 +32,6 @@ module HardcodedCredentials {
     ConstantStringSource() { not astNode.getStringValue() = "" }
   }
 
-  class NonProductionFiles extends Sanitizer {
-    NonProductionFiles() {
-      this.getFile()
-          .getLocation()
-          .hasLocationInfo(any(string s |
-              s.regexpMatch(["/.*test[.].*", "/.*demo[.].*", "/.*example[.].*", "/.*sample[.].*"])
-            ), _, _, _, _)
-    }
-  }
-
   /**
    * A subclass of `Sink` that includes every `CredentialsNode`
    * as a credentials sink.

javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql

@@ -23,6 +23,11 @@ predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value
 where
   cfg.hasFlowPath(source, sink) and
+  not sink.getNode()
+      .getFile()
+      .getAbsolutePath()
+      .toLowerCase()
+      .matches(["%stest%s", "%sdemo%s", "%sexample%s", "%ssample%s"]) and
   // use source value in message if it's available
   if source.getNode().asExpr() instanceof ConstantString
   then