hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials

Browse Source 
JS: Sharpen hardcoded credentials
This commit is contained in:
Esben Sparre Andreasen
2022-02-21 10:02:58 +01:00
committed by GitHub
parent 5f9bd7a4a1 f08a140505
commit 1d437dd722
8 changed files with 248 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll
View File

@@ -214,7 +214,8 @@ module PasswordHeuristics {
or
exists(string normalized | normalized = password.toLowerCase() |
count(normalized.charAt(_)) = 1 or
normalized.regexpMatch(".*(pass|test|sample|example|secret|root|admin|user|change|auth).*")
normalized
.regexpMatch(".*(pass|test|sample|example|secret|root|admin|user|change|auth|fake|(my(token|password))|string|foo|bar|baz|qux|1234|3141|abcd).*")
)
}