hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials

Browse Source 
JS: Sharpen hardcoded credentials
This commit is contained in:
Esben Sparre Andreasen
2022-02-21 10:02:58 +01:00
committed by GitHub
parent 5f9bd7a4a1 f08a140505
commit 1d437dd722
8 changed files with 248 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll
View File

@@ -214,7 +214,8 @@ module PasswordHeuristics {
or
exists(string normalized | normalized = password.toLowerCase() |
count(normalized.charAt(_)) = 1 or
normalized.regexpMatch(".*(pass|test|sample|example|secret|root|admin|user|change|auth).*")
normalized
.regexpMatch(".*(pass|test|sample|example|secret|root|admin|user|change|auth|fake|(my(token|password))|string|foo|bar|baz|qux|1234|3141|abcd).*")
)
}

10
javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
View File

@@ -17,6 +17,9 @@ import javascript
import semmle.javascript.security.dataflow.HardcodedCredentialsQuery
import DataFlow::PathGraph
bindingset[s]
predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") }
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value
where
cfg.hasFlowPath(source, sink) and
@@ -24,13 +27,16 @@ where
if source.getNode().asExpr() instanceof ConstantString
then
exists(string val | val = source.getNode().getStringValue() |
// exclude dummy passwords
// exclude dummy passwords and templates
not (
sink.getNode().(Sink).(DefaultCredentialsSink).getKind() = "password" and
sink.getNode().(Sink).(DefaultCredentialsSink).getKind() =
["password", "credentials", "token"] and
PasswordHeuristics::isDummyPassword(val)
or
sink.getNode().(Sink).getKind() = "authorization header" and
PasswordHeuristics::isDummyAuthHeader(val)
or
looksLikeATemplate(val)
) and
value = "The hard-coded value \"" + val + "\""
)

3
javascript/ql/test/library-tests/SensitiveActions/tests.expected
View File

@@ -12,10 +12,11 @@ cleartextPasswordExpr
dummyPasswords
| | true |
| XXXXXXXX | true |
| abcdefgh | false |
| abcdefgh | true |
| admin | true |
| change_me | true |
| example_password | true |
| hgfedcba | false |
| insert-auth-from-gui | true |
| root | true |
| sOKY6ccizpmvF*32so%Q | false |

4
javascript/ql/test/library-tests/SensitiveActions/tests.ql
View File

@@ -6,8 +6,8 @@ query predicate cleartextPasswordExpr(CleartextPasswordExpr e) { any() }
string getASamplePassword() {
result =
[
"abcdefgh", "sOKY6ccizpmvF*32so%Q", "XXXXXXXX", "example_password", "change_me", "",
"insert-auth-from-gui", "admin", "root"
"hgfedcba", "abcdefgh", "sOKY6ccizpmvF*32so%Q", "XXXXXXXX", "example_password", "change_me",
"", "insert-auth-from-gui", "admin", "root"
]
}

2
javascript/ql/test/query-tests/Security/CWE-313/PasswordInConfigurationFile.expected
View File

@@ -1,3 +1,3 @@
| mysql-config.json:4:16:4:25 | "abcdefgh" | Hard-coded password 'abcdefgh' in configuration file. |
| mysql-config.json:4:16:4:25 | "hgfedcba" | Hard-coded password 'hgfedcba' in configuration file. |
| tst4.json:2:10:2:38 | "script ... ecret'" | Hard-coded password ''secret'' in configuration file. |
| tst7.yml:2:9:2:6 | \| | Hard-coded password 'abc' in configuration file. |

2
javascript/ql/test/query-tests/Security/CWE-313/mysql-config.json
View File

@@ -1,6 +1,6 @@
{
"host" : "localhost",
"user" : "me",
"password" : "abcdefgh",
"password" : "hgfedcba",
"database" : "my_db"
}

329
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -2,70 +2,70 @@ nodes
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
@@ -75,39 +75,39 @@ nodes
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
@@ -123,36 +123,36 @@ nodes
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
@@ -223,61 +223,97 @@ nodes
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
edges
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' |
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' |
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' |
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' |
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' |
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' |
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' |
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' |
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' |
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' |
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' |
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' |
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' |
| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' |
| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' |
| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' |
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | HardcodedCredentials.js:135:41:135:50 | "abcdefgh" |
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' |
| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' |
@@ -335,58 +371,67 @@ edges
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | password |
| HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | The hard-coded value "user:abcdefgh" is used as $@. | HardcodedCredentials.js:15:36:15:50 | "user:abcdefgh" | credentials |
| HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | The hard-coded value "user:abcdefgh" is used as $@. | HardcodedCredentials.js:16:37:16:51 | "user:abcdefgh" | credentials |
| HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:18:16:18:30 | "user:abcdefgh" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | The hard-coded value "user:abcdefgh" is used as $@. | HardcodedCredentials.js:20:36:20:51 | getCredentials() | credentials |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | The hard-coded value "admin" is used as $@. | HardcodedCredentials.js:27:25:27:31 | 'admin' | user name |
| HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:27:34:27:43 | 'abcdefgh' | password |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | password |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | The hard-coded value "unknown-admin-name" is used as $@. | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | user name |
| HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:29:35:29:44 | 'abcdefgh' | password |
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | password |
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:35:15:35:24 | 'username' | user name |
| HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:35:27:35:36 | 'abcdefgh' | password |
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | password |
| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:41:38:41:47 | 'username' | user name |
| HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:41:67:41:76 | 'abcdefgh' | password |
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | password |
| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:42:35:42:44 | 'username' | user name |
| HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'abcdefgh' | password |
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | password |
| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:44:34:44:43 | 'username' | user name |
| HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:44:63:44:72 | 'abcdefgh' | password |
| HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:46:25:46:34 | 'abcdefgh' | password |
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | password |
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | password |
| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:53:27:53:36 | 'username' | user name |
| HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:53:39:53:48 | 'abcdefgh' | password |
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | password |
| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:56:21:56:30 | 'username' | user name |
| HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:57:21:57:30 | 'abcdefgh' | password |
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | password |
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | The hard-coded value "bearerToken" is used as $@. | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | token |
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | The hard-coded value "bearerToken" is used as $@. | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | token |
| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:69:28:69:37 | 'username' | user name |
| HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:69:40:69:49 | 'abcdefgh' | password |
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | password |
| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:70:28:70:37 | 'username' | user name |
| HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:70:40:70:49 | 'abcdefgh' | password |
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | password |
| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:72:23:72:32 | 'username' | user name |
| HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:72:35:72:44 | 'abcdefgh' | password |
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | password |
| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:75:21:75:30 | 'username' | user name |
| HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:76:21:76:30 | 'abcdefgh' | password |
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | password |
| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:84:38:84:47 | 'username' | user name |
| HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:84:50:84:59 | 'abcdefgh' | password |
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | password |
| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:86:44:86:53 | 'username' | user name |
| HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:86:56:86:65 | 'abcdefgh' | password |
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | password |
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | The hard-coded value "TOKEN" is used as $@. | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | token |
| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' | The hard-coded value "x1" is used as $@. | HardcodedCredentials.js:98:18:98:21 | 'x1' | user name |
| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' | The hard-coded value "x2" is used as $@. | HardcodedCredentials.js:99:16:99:19 | 'x2' | user name |
| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' | The hard-coded value "x3" is used as $@. | HardcodedCredentials.js:100:25:100:28 | 'x3' | user name |
| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' | The hard-coded value "x4" is used as $@. | HardcodedCredentials.js:101:19:101:22 | 'x4' | user name |
| HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:102:14:102:23 | 'abcdefgh' | password |
| HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:103:17:103:26 | 'abcdefgh' | password |
| HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:104:27:104:36 | 'abcdefgh' | password |
| HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:105:19:105:28 | 'abcdefgh' | password |
| HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:106:16:106:25 | 'abcdefgh' | token |
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | password |
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | password |
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | password |
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | token |
| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' | The hard-coded value "x5" is used as $@. | HardcodedCredentials.js:112:19:112:22 | 'x5' | user name |
| HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:113:19:113:28 | 'abcdefgh' | password |
| HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:130:44:130:53 | 'abcdefgh' | key |
| HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:131:52:131:61 | 'abcdefgh' | key |
| HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:135:41:135:50 | "abcdefgh" | key |
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | key |
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | key |
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | key |
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:160:38:160:48 | "change_me" | key |
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:161:41:161:51 | 'change_me' | key |
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | authorization header |

75
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
View File

@@ -5,17 +5,17 @@
user: 'dbuser', // NOT OK
host: 'database.server.com',
database: 'mydb',
password: 'abcdefgh', // NOT OK
password: 'hgfedcba', // NOT OK
port: 3211,
});
client.connect();
})();
(function() {
require("http").request({auth: "user:abcdefgh"}); // NOT OK
require("https").request({auth: "user:abcdefgh"}); // NOT OK
require("http").request({auth: "user:hgfedcba"}); // NOT OK
require("https").request({auth: "user:hgfedcba"}); // NOT OK
function getCredentials() {
return "user:abcdefgh";
return "user:hgfedcba";
}
require("http").request({auth: getCredentials()}); // NOT OK
require("http").request({auth: getUnknownCredentials()}); // OK
@@ -24,37 +24,37 @@
(function() {
var basicAuth = require('express-basic-auth');
basicAuth({users: { 'admin': 'abcdefgh' }}); // NOT OK
basicAuth({users: { 'admin': 'hgfedcba' }}); // NOT OK
var users = {};
users['unknown-admin-name'] = 'abcdefgh'; // NOT OK
users['unknown-admin-name'] = 'hgfedcba'; // NOT OK
basicAuth({users: users});
})();
(function() {
var basicAuth = require('basic-auth-connect');
basicAuth('username', 'abcdefgh'); // NOT OK
basicAuth('username', 'hgfedcba'); // NOT OK
basicAuth(function(){}); // OK
})();
(function() {
var AWS = require('aws-sdk');
AWS.config.update({ accessKeyId: 'username', secretAccessKey: 'abcdefgh'}); // NOT OK
new AWS.Config({ accessKeyId: 'username', secretAccessKey: 'abcdefgh'}); // NOT OK
AWS.config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
new AWS.Config({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
var config = new AWS.Config();
config.update({ accessKeyId: 'username', secretAccessKey: 'abcdefgh'}); // NOT OK
config.update({ accessKeyId: 'username', secretAccessKey: 'hgfedcba'}); // NOT OK
var o = {};
o.secretAccessKey = 'abcdefgh'; // NOT OK
o.secretAccessKey = 'hgfedcba'; // NOT OK
config.update(o);
})();
(function() {
var request = require('request');
request.get(url).auth('username', 'abcdefgh'); // NOT OK
request.get(url).auth('username', 'hgfedcba'); // NOT OK
request.get(url, {
'auth': {
'user': 'username', // NOT OK
'pass': 'abcdefgh' // NOT OK
'pass': 'hgfedcba' // NOT OK
}
});
@@ -66,14 +66,14 @@
}
});
request.post(url).auth('username', 'abcdefgh'); // NOT OK
request.head(url).auth('username', 'abcdefgh'); // NOT OK
request.post(url).auth('username', 'hgfedcba'); // NOT OK
request.head(url).auth('username', 'hgfedcba'); // NOT OK
request(url).auth('username', 'abcdefgh'); // NOT OK
request(url).auth('username', 'hgfedcba'); // NOT OK
request(url, {
'auth': {
'user': 'username', // NOT OK
'pass': 'abcdefgh' // NOT OK
'pass': 'hgfedcba' // NOT OK
}
});
})();
@@ -81,9 +81,9 @@
(function() {
const MsRest = require('ms-rest-azure');
MsRest.loginWithUsernamePassword('username', 'abcdefgh', function(){}); // NOT OK
MsRest.loginWithUsernamePassword('username', 'hgfedcba', function(){}); // NOT OK
MsRest.loginWithUsernamePassword(process.env.AZURE_USER, process.env.AZURE_PASS, function(){}); // OK
MsRest.loginWithServicePrincipalSecret('username', 'abcdefgh', function(){}); // NOT OK
MsRest.loginWithServicePrincipalSecret('username', 'hgfedcba', function(){}); // NOT OK
})();
(function() {
@@ -99,26 +99,26 @@
keyId: 'x2',// NOT OK
storageAccount: 'x3', // NOT OK
username: 'x4', // NOT OK
key: 'abcdefgh', // NOT OK
apiKey: 'abcdefgh', // NOT OK
storageAccessKey: 'abcdefgh', // NOT OK
password: 'abcdefgh', // NOT OK
token: 'abcdefgh' // NOT OK
key: 'hgfedcba', // NOT OK
apiKey: 'hgfedcba', // NOT OK
storageAccessKey: 'hgfedcba', // NOT OK
password: 'hgfedcba', // NOT OK
token: 'hgfedcba' // NOT OK
});
pkgcloud.compute.createClient({ // OK
INNOCENT_DATA: '42'
});
pkgcloud.providers.SOME_PROVIDER.compute.createClient({
username: 'x5', // NOT OK
password: 'abcdefgh' // NOT OK
password: 'hgfedcba' // NOT OK
});
pkgcloud.UNKNOWN_SERVICE.createClient({ // OK
username: 'x6',
password: 'abcdefgh'
password: 'hgfedcba'
});
pkgcloud.providers.SOME_PROVIDER.UNKNOWN_SERVICE.createClient({
username: 'x7', // OK
password: 'abcdefgh' // OK
password: 'hgfedcba' // OK
});
pkgcloud.compute.createClient({ // OK
username: process.env.USERNAME,
@@ -127,12 +127,12 @@
})();
(function(){
require('crypto').createHmac('sha256', 'abcdefgh');
require("crypto-js/aes").encrypt('my message', 'abcdefgh');
require('crypto').createHmac('sha256', 'hgfedcba');
require("crypto-js/aes").encrypt('my message', 'hgfedcba');
})()
(function(){
require("cookie-session")({ secret: "abcdefgh" });
require("cookie-session")({ secret: "hgfedcba" });
})()
(function(){
@@ -269,4 +269,19 @@
"Content-Type": 'application/json'
})
});
});
(function() {
require("http").request({auth: "user:{{ INSERT_HERE }}"}); // OK
require("http").request({auth: "user:token {{ INSERT_HERE }}"}); // OK
require("http").request({auth: "user:( INSERT_HERE )"}); // OK
require("http").request({auth: "user:{{ env.access_token }}"}); // OK
require("http").request({auth: "user:abcdefgh"}); // OK
require("http").request({auth: "user:12345678"}); // OK
require("http").request({auth: "user:foo"}); // OK
require("http").request({auth: "user:mypassword"}) // OK
require("http").request({auth: "user:mytoken"}) // OK
require("http").request({auth: "user:fake token"}) // OK
require("http").request({auth: "user:dcba"}) // OK
require("http").request({auth: "user:custom string"}) // OK
});