hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix conflict

Browse Source
This commit is contained in:
am0o0
2024-05-25 12:01:12 +02:00
parent bdee99ae88
commit 1860af075d
2 changed files with 166 additions and 369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

309
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -5,22 +5,22 @@ nodes
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:15:37:15:51 | "user:hgfedcba" |
| HardcodedCredentials.js:15:37:15:51 | "user:hgfedcba" |
| HardcodedCredentials.js:15:37:15:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:38:16:52 | "user:hgfedcba" |
| HardcodedCredentials.js:16:38:16:52 | "user:hgfedcba" |
| HardcodedCredentials.js:16:38:16:52 | "user:hgfedcba" |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
| HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:27:26:27:32 | 'admin' |
| HardcodedCredentials.js:27:26:27:32 | 'admin' |
| HardcodedCredentials.js:27:26:27:32 | 'admin' |
| HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' |
| HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' |
| HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
@@ -150,18 +150,18 @@ nodes
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:135:45:135:54 | "hgfedcba" |
| HardcodedCredentials.js:135:45:135:54 | "hgfedcba" |
| HardcodedCredentials.js:135:45:135:54 | "hgfedcba" |
| HardcodedCredentials.js:160:41:160:51 | "change_me" |
| HardcodedCredentials.js:160:41:160:51 | "change_me" |
| HardcodedCredentials.js:160:41:160:51 | "change_me" |
| HardcodedCredentials.js:161:44:161:54 | 'change_me' |
| HardcodedCredentials.js:161:44:161:54 | 'change_me' |
| HardcodedCredentials.js:161:44:161:54 | 'change_me' |
| HardcodedCredentials.js:164:39:164:49 | 'change_me' |
| HardcodedCredentials.js:164:39:164:49 | 'change_me' |
| HardcodedCredentials.js:164:39:164:49 | 'change_me' |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:171:11:171:25 | USER |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' |
@@ -202,22 +202,17 @@ nodes
| HardcodedCredentials.js:231:11:231:29 | username |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' |
| HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:39:237:76 | Buffer. ... ssword) |
| HardcodedCredentials.js:237:39:237:95 | Buffer. ... ase64') |
| HardcodedCredentials.js:237:51:237:58 | username |
| HardcodedCredentials.js:237:51:237:75 | usernam ... assword |
| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) |
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') |
| HardcodedCredentials.js:237:47:237:54 | username |
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
| HardcodedCredentials.js:245:9:245:44 | privateKey |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:246:42:246:51 | privateKey |
| HardcodedCredentials.js:246:42:246:51 | privateKey |
| HardcodedCredentials.js:248:9:248:42 | publicKey |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" |
| HardcodedCredentials.js:249:23:249:31 | publicKey |
| HardcodedCredentials.js:249:23:249:31 | publicKey |
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
@@ -228,42 +223,42 @@ nodes
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
| HardcodedCredentials.js:275:37:275:60 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:37:275:60 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:37:275:60 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:37:276:66 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:37:276:66 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:37:276:66 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:37:277:58 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:37:277:58 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:37:277:58 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:37:278:65 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:37:278:65 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:37:278:65 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:37:279:51 | "user:abcdefgh" |
| HardcodedCredentials.js:279:37:279:51 | "user:abcdefgh" |
| HardcodedCredentials.js:279:37:279:51 | "user:abcdefgh" |
| HardcodedCredentials.js:280:37:280:51 | "user:12345678" |
| HardcodedCredentials.js:280:37:280:51 | "user:12345678" |
| HardcodedCredentials.js:280:37:280:51 | "user:12345678" |
| HardcodedCredentials.js:281:37:281:46 | "user:foo" |
| HardcodedCredentials.js:281:37:281:46 | "user:foo" |
| HardcodedCredentials.js:281:37:281:46 | "user:foo" |
| HardcodedCredentials.js:282:37:282:53 | "user:mypassword" |
| HardcodedCredentials.js:282:37:282:53 | "user:mypassword" |
| HardcodedCredentials.js:282:37:282:53 | "user:mypassword" |
| HardcodedCredentials.js:283:37:283:50 | "user:mytoken" |
| HardcodedCredentials.js:283:37:283:50 | "user:mytoken" |
| HardcodedCredentials.js:283:37:283:50 | "user:mytoken" |
| HardcodedCredentials.js:284:37:284:53 | "user:fake token" |
| HardcodedCredentials.js:284:37:284:53 | "user:fake token" |
| HardcodedCredentials.js:284:37:284:53 | "user:fake token" |
| HardcodedCredentials.js:285:37:285:47 | "user:dcba" |
| HardcodedCredentials.js:285:37:285:47 | "user:dcba" |
| HardcodedCredentials.js:285:37:285:47 | "user:dcba" |
| HardcodedCredentials.js:286:37:286:56 | "user:custom string" |
| HardcodedCredentials.js:286:37:286:56 | "user:custom string" |
| HardcodedCredentials.js:286:37:286:56 | "user:custom string" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
@@ -276,61 +271,17 @@ nodes
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
| HardcodedCredentials.js:302:9:302:44 | privateKey |
| HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:303:34:303:43 | privateKey |
| HardcodedCredentials.js:303:34:303:43 | privateKey |
| HardcodedCredentials.js:310:9:310:44 | privateKey |
| HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" |
| HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) |
| HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) |
| HardcodedCredentials.js:311:52:311:61 | privateKey |
| HardcodedCredentials.js:314:11:317:29 | spki |
| HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` |
| HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` |
| HardcodedCredentials.js:318:11:318:58 | publicKey |
| HardcodedCredentials.js:318:23:318:58 | await j ... RS256') |
| HardcodedCredentials.js:318:45:318:48 | spki |
| HardcodedCredentials.js:319:27:319:35 | publicKey |
| HardcodedCredentials.js:319:27:319:35 | publicKey |
| HardcodedCredentials.js:325:9:325:43 | secretKey |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:330:21:330:29 | secretKey |
| HardcodedCredentials.js:330:21:330:29 | secretKey |
| HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") |
| HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") |
| HardcodedCredentials.js:341:33:341:41 | secretKey |
| HardcodedCredentials.js:356:9:356:43 | secretKey |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:359:24:359:32 | secretKey |
| HardcodedCredentials.js:359:24:359:32 | secretKey |
| HardcodedCredentials.js:366:31:366:39 | secretKey |
| HardcodedCredentials.js:366:31:366:39 | secretKey |
| HardcodedCredentials.js:377:9:377:43 | secretKey |
| HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:380:17:380:25 | secretKey |
| HardcodedCredentials.js:380:17:380:25 | secretKey |
| HardcodedCredentials.js:395:9:395:43 | secretKey |
| HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" |
| HardcodedCredentials.js:397:27:397:35 | secretKey |
| HardcodedCredentials.js:397:27:397:35 | secretKey |
edges
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:15:37:15:51 | "user:hgfedcba" | HardcodedCredentials.js:15:37:15:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:38:16:52 | "user:hgfedcba" | HardcodedCredentials.js:16:38:16:52 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:37:20:52 | getCredentials() |
| HardcodedCredentials.js:27:26:27:32 | 'admin' | HardcodedCredentials.js:27:26:27:32 | 'admin' |
| HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' | HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' |
@@ -374,10 +325,10 @@ edges
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:135:45:135:54 | "hgfedcba" | HardcodedCredentials.js:135:45:135:54 | "hgfedcba" |
| HardcodedCredentials.js:160:41:160:51 | "change_me" | HardcodedCredentials.js:160:41:160:51 | "change_me" |
| HardcodedCredentials.js:161:44:161:54 | 'change_me' | HardcodedCredentials.js:161:44:161:54 | 'change_me' |
| HardcodedCredentials.js:164:39:164:49 | 'change_me' | HardcodedCredentials.js:164:39:164:49 | 'change_me' |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' |
| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER |
@@ -413,23 +364,18 @@ edges
| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:51:237:58 | username |
| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username |
| HardcodedCredentials.js:237:39:237:76 | Buffer. ... ssword) | HardcodedCredentials.js:237:39:237:95 | Buffer. ... ase64') |
| HardcodedCredentials.js:237:39:237:95 | Buffer. ... ase64') | HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:39:237:95 | Buffer. ... ase64') | HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:51:237:58 | username | HardcodedCredentials.js:237:51:237:75 | usernam ... assword |
| HardcodedCredentials.js:237:51:237:75 | usernam ... assword | HardcodedCredentials.js:237:39:237:76 | Buffer. ... ssword) |
| HardcodedCredentials.js:237:51:237:75 | usernam ... assword | HardcodedCredentials.js:237:39:237:95 | Buffer. ... ase64') |
| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') |
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) |
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
| HardcodedCredentials.js:248:9:248:42 | publicKey | HardcodedCredentials.js:249:23:249:31 | publicKey |
| HardcodedCredentials.js:248:9:248:42 | publicKey | HardcodedCredentials.js:249:23:249:31 | publicKey |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:9:248:42 | publicKey |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:9:248:42 | publicKey |
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
@@ -437,64 +383,27 @@ edges
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:275:37:275:60 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:37:275:60 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:37:276:66 | "user:t ... ERE }}" | HardcodedCredentials.js:276:37:276:66 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:37:277:58 | "user:( ... HERE )" | HardcodedCredentials.js:277:37:277:58 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:37:278:65 | "user:{ ... ken }}" | HardcodedCredentials.js:278:37:278:65 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:37:279:51 | "user:abcdefgh" | HardcodedCredentials.js:279:37:279:51 | "user:abcdefgh" |
| HardcodedCredentials.js:280:37:280:51 | "user:12345678" | HardcodedCredentials.js:280:37:280:51 | "user:12345678" |
| HardcodedCredentials.js:281:37:281:46 | "user:foo" | HardcodedCredentials.js:281:37:281:46 | "user:foo" |
| HardcodedCredentials.js:282:37:282:53 | "user:mypassword" | HardcodedCredentials.js:282:37:282:53 | "user:mypassword" |
| HardcodedCredentials.js:283:37:283:50 | "user:mytoken" | HardcodedCredentials.js:283:37:283:50 | "user:mytoken" |
| HardcodedCredentials.js:284:37:284:53 | "user:fake token" | HardcodedCredentials.js:284:37:284:53 | "user:fake token" |
| HardcodedCredentials.js:285:37:285:47 | "user:dcba" | HardcodedCredentials.js:285:37:285:47 | "user:dcba" |
| HardcodedCredentials.js:286:37:286:56 | "user:custom string" | HardcodedCredentials.js:286:37:286:56 | "user:custom string" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` |
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` |
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
| HardcodedCredentials.js:302:9:302:44 | privateKey | HardcodedCredentials.js:303:34:303:43 | privateKey |
| HardcodedCredentials.js:302:9:302:44 | privateKey | HardcodedCredentials.js:303:34:303:43 | privateKey |
| HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" | HardcodedCredentials.js:302:9:302:44 | privateKey |
| HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" | HardcodedCredentials.js:302:9:302:44 | privateKey |
| HardcodedCredentials.js:310:9:310:44 | privateKey | HardcodedCredentials.js:311:52:311:61 | privateKey |
| HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" | HardcodedCredentials.js:310:9:310:44 | privateKey |
| HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" | HardcodedCredentials.js:310:9:310:44 | privateKey |
| HardcodedCredentials.js:311:52:311:61 | privateKey | HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) |
| HardcodedCredentials.js:311:52:311:61 | privateKey | HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) |
| HardcodedCredentials.js:314:11:317:29 | spki | HardcodedCredentials.js:318:45:318:48 | spki |
| HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` | HardcodedCredentials.js:314:11:317:29 | spki |
| HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` | HardcodedCredentials.js:314:11:317:29 | spki |
| HardcodedCredentials.js:318:11:318:58 | publicKey | HardcodedCredentials.js:319:27:319:35 | publicKey |
| HardcodedCredentials.js:318:11:318:58 | publicKey | HardcodedCredentials.js:319:27:319:35 | publicKey |
| HardcodedCredentials.js:318:23:318:58 | await j ... RS256') | HardcodedCredentials.js:318:11:318:58 | publicKey |
| HardcodedCredentials.js:318:45:318:48 | spki | HardcodedCredentials.js:318:23:318:58 | await j ... RS256') |
| HardcodedCredentials.js:325:9:325:43 | secretKey | HardcodedCredentials.js:330:21:330:29 | secretKey |
| HardcodedCredentials.js:325:9:325:43 | secretKey | HardcodedCredentials.js:330:21:330:29 | secretKey |
| HardcodedCredentials.js:325:9:325:43 | secretKey | HardcodedCredentials.js:341:33:341:41 | secretKey |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:325:9:325:43 | secretKey |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:325:9:325:43 | secretKey |
| HardcodedCredentials.js:341:33:341:41 | secretKey | HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") |
| HardcodedCredentials.js:341:33:341:41 | secretKey | HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") |
| HardcodedCredentials.js:356:9:356:43 | secretKey | HardcodedCredentials.js:359:24:359:32 | secretKey |
| HardcodedCredentials.js:356:9:356:43 | secretKey | HardcodedCredentials.js:359:24:359:32 | secretKey |
| HardcodedCredentials.js:356:9:356:43 | secretKey | HardcodedCredentials.js:366:31:366:39 | secretKey |
| HardcodedCredentials.js:356:9:356:43 | secretKey | HardcodedCredentials.js:366:31:366:39 | secretKey |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:356:9:356:43 | secretKey |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:356:9:356:43 | secretKey |
| HardcodedCredentials.js:377:9:377:43 | secretKey | HardcodedCredentials.js:380:17:380:25 | secretKey |
| HardcodedCredentials.js:377:9:377:43 | secretKey | HardcodedCredentials.js:380:17:380:25 | secretKey |
| HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" | HardcodedCredentials.js:377:9:377:43 | secretKey |
| HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" | HardcodedCredentials.js:377:9:377:43 | secretKey |
| HardcodedCredentials.js:395:9:395:43 | secretKey | HardcodedCredentials.js:397:27:397:35 | secretKey |
| HardcodedCredentials.js:395:9:395:43 | secretKey | HardcodedCredentials.js:397:27:397:35 | secretKey |
| HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" | HardcodedCredentials.js:395:9:395:43 | secretKey |
| HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" | HardcodedCredentials.js:395:9:395:43 | secretKey |
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:27:26:27:32 | 'admin' | HardcodedCredentials.js:27:26:27:32 | 'admin' | HardcodedCredentials.js:27:26:27:32 | 'admin' | The hard-coded value "admin" is used as $@. | HardcodedCredentials.js:27:26:27:32 | 'admin' | user name |
| HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' | HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' | HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:27:35:27:44 | 'hgfedcba' | password |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | The hard-coded value "admin" is used as $@. | HardcodedCredentials.js:27:25:27:31 | 'admin' | user name |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | password |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | The hard-coded value "unknown-admin-name" is used as $@. | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | user name |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | password |
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:35:15:35:24 | 'username' | user name |
@@ -538,9 +447,9 @@ edges
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | key |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | key |
| HardcodedCredentials.js:135:45:135:54 | "hgfedcba" | HardcodedCredentials.js:135:45:135:54 | "hgfedcba" | HardcodedCredentials.js:135:45:135:54 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:135:45:135:54 | "hgfedcba" | key |
| HardcodedCredentials.js:160:41:160:51 | "change_me" | HardcodedCredentials.js:160:41:160:51 | "change_me" | HardcodedCredentials.js:160:41:160:51 | "change_me" | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:160:41:160:51 | "change_me" | key |
| HardcodedCredentials.js:161:44:161:54 | 'change_me' | HardcodedCredentials.js:161:44:161:54 | 'change_me' | HardcodedCredentials.js:161:44:161:54 | 'change_me' | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:161:44:161:54 | 'change_me' | key |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | key |
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:160:38:160:48 | "change_me" | key |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:161:41:161:51 | 'change_me' | key |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | authorization header |
@@ -551,17 +460,7 @@ edges
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:28:237:95 | 'Basic ... ase64') | authorization header |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | authorization header |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:249:23:249:31 | publicKey | The hard-coded value "myHardCodedPublicKey" is used as $@. | HardcodedCredentials.js:249:23:249:31 | publicKey | key |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | The hard-coded value "Basic sdsdag:sdsdag" is used as $@. | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | authorization header |
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | The hard-coded value "Basic sdsdag:aaaiuogrweuibgbbbbb" is used as $@. | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | authorization header |
| HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" | HardcodedCredentials.js:302:22:302:44 | "myHard ... ateKey" | HardcodedCredentials.js:303:34:303:43 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:303:34:303:43 | privateKey | key |
| HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" | HardcodedCredentials.js:310:22:310:44 | "myHard ... ateKey" | HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:311:27:311:62 | new Tex ... ateKey) | key |
| HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` | HardcodedCredentials.js:314:18:317:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:27:319:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9\n ...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:319:27:319:35 | publicKey | key |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:330:21:330:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:330:21:330:29 | secretKey | key |
| HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:325:21:325:43 | "myHard ... ateKey" | HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:341:21:341:52 | Buffer. ... ase64") | key |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:359:24:359:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:359:24:359:32 | secretKey | key |
| HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:356:21:356:43 | "myHard ... ateKey" | HardcodedCredentials.js:366:31:366:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:366:31:366:39 | secretKey | key |
| HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" | HardcodedCredentials.js:377:21:377:43 | "myHard ... ateKey" | HardcodedCredentials.js:380:17:380:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:380:17:380:25 | secretKey | key |
| HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" | HardcodedCredentials.js:395:21:395:43 | "myHard ... ateKey" | HardcodedCredentials.js:397:27:397:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:397:27:397:35 | secretKey | key |

226
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
View File

@@ -1,4 +1,4 @@
(function () {
(function() {
const pg = require('pg');
const client = new pg.Client({
@@ -11,43 +11,43 @@
client.connect();
})();
(function () {
require("http").request({ auth: "user:hgfedcba" }); // NOT OK
require("https").request({ auth: "user:hgfedcba" }); // NOT OK
(function() {
require("http").request({auth: "user:hgfedcba"}); // NOT OK
require("https").request({auth: "user:hgfedcba"}); // NOT OK
function getCredentials() {
return "user:hgfedcba";
}
require("http").request({ auth: getCredentials() }); // NOT OK
require("http").request({ auth: getUnknownCredentials() }); // OK
require("http").request({auth: getCredentials()}); // NOT OK
require("http").request({auth: getUnknownCredentials()}); // OK
})();
(function () {
(function() {
var basicAuth = require('express-basic-auth');
basicAuth({ users: { 'admin': 'hgfedcba' } }); // NOT OK
basicAuth({users: { 'admin': 'hgfedcba' }}); // NOT OK
var users = {};
users['unknown-admin-name'] = 'hgfedcba'; // NOT OK
basicAuth({ users: users });
basicAuth({users: users});
})();
(function () {
(function() {
var basicAuth = require('basic-auth-connect');
basicAuth('username', 'hgfedcba'); // NOT OK
basicAuth(function () { }); // OK
basicAuth(function(){}); // OK
})();
(function () {
(function() {
var AWS = require('aws-sdk');
AWS.config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba' }); // NOT OK
new AWS.Config({ accessKeyId: 'username', secretAccessKey: 'hgfedcba' }); // NOT OK
AWS.config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
new AWS.Config({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
var config = new AWS.Config();
config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba' }); // NOT OK
config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
var o = {};
o.secretAccessKey = 'hgfedcba'; // NOT OK
config.update(o);
})();
(function () {
(function() {
var request = require('request');
request.get(url).auth('username', 'hgfedcba'); // NOT OK
@@ -78,21 +78,21 @@
});
})();
(function () {
(function() {
const MsRest = require('ms-rest-azure');
MsRest.loginWithUsernamePassword('username', 'hgfedcba', function () { }); // NOT OK
MsRest.loginWithUsernamePassword(process.env.AZURE_USER, process.env.AZURE_PASS, function () { }); // OK
MsRest.loginWithServicePrincipalSecret('username', 'hgfedcba', function () { }); // NOT OK
MsRest.loginWithUsernamePassword('username', 'hgfedcba', function(){}); // NOT OK
MsRest.loginWithUsernamePassword(process.env.AZURE_USER, process.env.AZURE_PASS, function(){}); // OK
MsRest.loginWithServicePrincipalSecret('username', 'hgfedcba', function(){}); // NOT OK
})();
(function () {
(function() {
var digitalocean = require('digitalocean');
digitalocean.client('TOKEN'); // NOT OK
digitalocean.client(process.env.DIGITAL_OCEAN_TOKEN); // OK
})();
(function () {
(function() {
var pkgcloud = require('pkgcloud');
pkgcloud.compute.createClient({
account: 'x1', // NOT OK
@@ -126,26 +126,26 @@
});
})();
(function () {
(function(){
require('crypto').createHmac('sha256', 'hgfedcba');
require("crypto-js/aes").encrypt('my message', 'hgfedcba');
})()
(function () {
require("cookie-session")({ secret: "hgfedcba" });
})()
(function(){
require("cookie-session")({ secret: "hgfedcba" });
})()
(function () {
var request = require('request');
request.get(url, { // OK
'auth': {
'user': '',
'pass': process.env.PASSWORD
}
});
})();
(function(){
var request = require('request');
request.get(url, { // OK
'auth': {
'user': '',
'pass': process.env.PASSWORD
}
});
})();
(function () {
(function(){
var request = require('request');
let pass = getPassword() || '';
request.get(url, { // OK
@@ -156,12 +156,12 @@
});
})();
(function () {
require("cookie-session")({ secret: "change_me" }); // NOT OK
require('crypto').createHmac('sha256', 'change_me'); // NOT OK
(function(){
require("cookie-session")({ secret: "change_me" }); // NOT OK
require('crypto').createHmac('sha256', 'change_me'); // NOT OK
var basicAuth = require('express-basic-auth');
basicAuth({ users: { [adminName]: 'change_me' } }); // OK
var basicAuth = require('express-basic-auth');
basicAuth({users: { [adminName]: 'change_me' }}); // OK
})();
(async function () {
@@ -231,22 +231,22 @@
const username = 'sdsdag';
const password = config.get('some_actually_secrect_password');
const response = await fetch(ENDPOINT, {
method: 'get',
headers: {
'Content-Type': 'application/json',
Authorization: 'Basic ' + Buffer.from(username + ':' + password).toString('base64'),
},
method: 'get',
headers: {
'Content-Type': 'application/json',
Authorization: 'Basic ' + Buffer.from(username + ':' + password).toString('base64'),
},
});
})();
})
(function () {
import jwt from "jsonwebtoken";
var privateKey = "myHardCodedPrivateKey";
var token = jwt.sign({ foo: 'bar' }, privateKey, { algorithm: 'RS256' }); // NOT OK
var token = jwt.sign({ foo: 'bar' }, privateKey, { algorithm: 'RS256'});
var publicKey = "myHardCodedPublicKey";
jwt.verify(token, publicKey, function (err, decoded) { // NOT OK
jwt.verify(token, publicKey, function(err, decoded) {
console.log(decoded);
});
})();
@@ -271,19 +271,19 @@
});
});
(function () {
require("http").request({ auth: "user:{{ INSERT_HERE }}" }); // OK
require("http").request({ auth: "user:token {{ INSERT_HERE }}" }); // OK
require("http").request({ auth: "user:( INSERT_HERE )" }); // OK
require("http").request({ auth: "user:{{ env.access_token }}" }); // OK
require("http").request({ auth: "user:abcdefgh" }); // OK
require("http").request({ auth: "user:12345678" }); // OK
require("http").request({ auth: "user:foo" }); // OK
require("http").request({ auth: "user:mypassword" }) // OK
require("http").request({ auth: "user:mytoken" }) // OK
require("http").request({ auth: "user:fake token" }) // OK
require("http").request({ auth: "user:dcba" }) // OK
require("http").request({ auth: "user:custom string" }) // OK
(function() {
require("http").request({auth: "user:{{ INSERT_HERE }}"}); // OK
require("http").request({auth: "user:token {{ INSERT_HERE }}"}); // OK
require("http").request({auth: "user:( INSERT_HERE )"}); // OK
require("http").request({auth: "user:{{ env.access_token }}"}); // OK
require("http").request({auth: "user:abcdefgh"}); // OK
require("http").request({auth: "user:12345678"}); // OK
require("http").request({auth: "user:foo"}); // OK
require("http").request({auth: "user:mypassword"}) // OK
require("http").request({auth: "user:mytoken"}) // OK
require("http").request({auth: "user:fake token"}) // OK
require("http").request({auth: "user:dcba"}) // OK
require("http").request({auth: "user:custom string"}) // OK
});
(function () {
@@ -294,105 +294,3 @@
headers.append("Authorization", `Basic sdsdag:aaaiuogrweuibgbbbbb`); // NOT OK
headers.append("Authorization", `Basic sdsdag:000000000000001`); // OK
});
(function () {
const jwt_simple = require("jwt-simple");
var privateKey = "myHardCodedPrivateKey";
jwt_simple.decode(UserToken, privateKey); // NOT OK
})();
(async function () {
const jose = require("jose");
var privateKey = "myHardCodedPrivateKey";
jose.jwtVerify(token, new TextEncoder().encode(privateKey)) // NOT OK
const spki = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9
...
-----END PUBLIC KEY-----`
const publicKey = await jose.importSPKI(spki, 'RS256')
jose.jwtVerify(token, publicKey) // NOT OK
})();
(function () {
const expressjwt = require("express-jwt");
var secretKey = "myHardCodedPrivateKey";
app.get(
"/protected",
expressjwt.expressjwt({
secret: secretKey, algorithms: ["HS256"] // NOT OK
}),
function (req, res) {
if (!req.auth.admin) return res.sendStatus(401);
res.sendStatus(200);
}
);
app.get(
"/protected",
expressjwt.expressjwt({
secret: Buffer.from(secretKey, "base64"), // NOT OK
algorithms: ["RS256"],
}),
function (req, res) {
if (!req.auth.admin) return res.sendStatus(401);
res.sendStatus(200);
}
);
})();
(function () {
const JwtStrategy = require('passport-jwt').Strategy;
const passport = require('passport')
var secretKey = "myHardCodedPrivateKey";
const opts = {}
opts.secretOrKey = secretKey; // NOT OK
passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
return done(null, false);
}));
passport.use(new JwtStrategy({
secretOrKeyProvider: function (request, rawJwtToken, done) {
return done(null, secretKey) // NOT OK
}
}, function (jwt_payload, done) {
return done(null, false);
}));
})();
(function () {
import NextAuth from "next-auth"
import AppleProvider from "next-auth/providers/apple"
var secretKey = "myHardCodedPrivateKey";
NextAuth({
secret: secretKey, // NOT OK
providers: [
AppleProvider({
clientId: process.env.APPLE_ID,
clientSecret: process.env.APPLE_SECRET,
}),
],
})
})();
(function () {
const Koa = require('koa');
const jwt = require('koa-jwt');
const app = new Koa();
var secretKey = "myHardCodedPrivateKey";
app.use(jwt({ secret: secretKey })); // NOT OK
})();