hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

remove some FPs in js/password-in-configuration-file

Browse Source
This commit is contained in:
erik-krogh
2022-10-26 11:51:56 +02:00
parent 52cd200ca0
commit 0f9b4334cc
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
View File

@@ -27,9 +27,9 @@ where
not val.regexpMatch("\\$.*|%.*%") and
not PasswordHeuristics::isDummyPassword(val)
or
key.toLowerCase() != "readme" and
// look for `password=...`, but exclude `password=;`, `password="$(...)"`,
not key.toLowerCase() = ["readme", "run"] and
// look for `password=...`, but exclude `password=;`, `password="$(...)"`, `password=foo()`
// `password=%s` and `password==`
pwd = val.regexpCapture("(?is).*password\\s*=\\s*(?!;|\"?[$`]|%s|=)(\\S+).*", 1)
pwd = val.regexpCapture("(?is).*password\\s*=\\s*(?!;|\"?[$`]|%s|=|\\w+\\(.+\\))(\\S+).*", 1)
)
select valElement.(FirstLineOf), "Hard-coded password '" + pwd + "' in configuration file."