mirror of
https://github.com/github/codeql.git
synced 2026-04-21 23:14:03 +02:00
JS: Port HardcodedCredentials
This commit is contained in:
Asger F
@@ -12,19 +12,14 @@ import HardcodedCredentialsCustomizations::HardcodedCredentials
|
||||
/**
|
||||
* A data flow tracking configuration for hardcoded credentials.
|
||||
*/
|
||||
class Configuration extends DataFlow::Configuration {
|
||||
Configuration() { this = "HardcodedCredentials" }
|
||||
module HardcodedCredentialsConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) { node instanceof Source }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof Source }
|
||||
predicate isSink(DataFlow::Node node) { node instanceof Sink }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
|
||||
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
|
||||
|
||||
override predicate isBarrier(DataFlow::Node node) {
|
||||
super.isBarrier(node) or
|
||||
node instanceof Sanitizer
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
|
||||
predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
|
||||
exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput())
|
||||
or
|
||||
trg.(StringOps::ConcatenationRoot).getALeaf() = src and
|
||||
@@ -37,3 +32,30 @@ class Configuration extends DataFlow::Configuration {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Data flow for reasoning about hardcoded credentials.
|
||||
*/
|
||||
module HardcodedCredentials = DataFlow::Global<HardcodedCredentialsConfig>;
|
||||
|
||||
/**
|
||||
* DEPRECATED. Use the `HardcodedCredentials` module instead.
|
||||
*/
|
||||
deprecated class Configuration extends DataFlow::Configuration {
|
||||
Configuration() { this = "HardcodedCredentials" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
HardcodedCredentialsConfig::isSource(source)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) }
|
||||
|
||||
override predicate isBarrier(DataFlow::Node node) {
|
||||
super.isBarrier(node) or
|
||||
HardcodedCredentialsConfig::isBarrier(node)
|
||||
}
|
||||
|
||||
override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
|
||||
HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,14 +15,14 @@
|
||||
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.HardcodedCredentialsQuery
|
||||
import DataFlow::PathGraph
|
||||
import HardcodedCredentials::PathGraph
|
||||
|
||||
bindingset[s]
|
||||
predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") }
|
||||
|
||||
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value
|
||||
from HardcodedCredentials::PathNode source, HardcodedCredentials::PathNode sink, string value
|
||||
where
|
||||
cfg.hasFlowPath(source, sink) and
|
||||
HardcodedCredentials::flowPath(source, sink) and
|
||||
// use source value in message if it's available
|
||||
if source.getNode().asExpr() instanceof ConstantString
|
||||
then
|
||||
|
||||
@@ -1,340 +1,9 @@
|
||||
nodes
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
|
||||
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
|
||||
| HardcodedCredentials.js:27:25:27:31 | 'admin' |
|
||||
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
|
||||
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
|
||||
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
|
||||
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:35:15:35:24 | 'username' |
|
||||
| HardcodedCredentials.js:35:15:35:24 | 'username' |
|
||||
| HardcodedCredentials.js:35:15:35:24 | 'username' |
|
||||
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:41:38:41:47 | 'username' |
|
||||
| HardcodedCredentials.js:41:38:41:47 | 'username' |
|
||||
| HardcodedCredentials.js:41:38:41:47 | 'username' |
|
||||
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:42:35:42:44 | 'username' |
|
||||
| HardcodedCredentials.js:42:35:42:44 | 'username' |
|
||||
| HardcodedCredentials.js:42:35:42:44 | 'username' |
|
||||
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:44:34:44:43 | 'username' |
|
||||
| HardcodedCredentials.js:44:34:44:43 | 'username' |
|
||||
| HardcodedCredentials.js:44:34:44:43 | 'username' |
|
||||
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:53:27:53:36 | 'username' |
|
||||
| HardcodedCredentials.js:53:27:53:36 | 'username' |
|
||||
| HardcodedCredentials.js:53:27:53:36 | 'username' |
|
||||
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:56:21:56:30 | 'username' |
|
||||
| HardcodedCredentials.js:56:21:56:30 | 'username' |
|
||||
| HardcodedCredentials.js:56:21:56:30 | 'username' |
|
||||
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:69:28:69:37 | 'username' |
|
||||
| HardcodedCredentials.js:69:28:69:37 | 'username' |
|
||||
| HardcodedCredentials.js:69:28:69:37 | 'username' |
|
||||
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:70:28:70:37 | 'username' |
|
||||
| HardcodedCredentials.js:70:28:70:37 | 'username' |
|
||||
| HardcodedCredentials.js:70:28:70:37 | 'username' |
|
||||
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:72:23:72:32 | 'username' |
|
||||
| HardcodedCredentials.js:72:23:72:32 | 'username' |
|
||||
| HardcodedCredentials.js:72:23:72:32 | 'username' |
|
||||
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:75:21:75:30 | 'username' |
|
||||
| HardcodedCredentials.js:75:21:75:30 | 'username' |
|
||||
| HardcodedCredentials.js:75:21:75:30 | 'username' |
|
||||
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:84:38:84:47 | 'username' |
|
||||
| HardcodedCredentials.js:84:38:84:47 | 'username' |
|
||||
| HardcodedCredentials.js:84:38:84:47 | 'username' |
|
||||
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:86:44:86:53 | 'username' |
|
||||
| HardcodedCredentials.js:86:44:86:53 | 'username' |
|
||||
| HardcodedCredentials.js:86:44:86:53 | 'username' |
|
||||
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
|
||||
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
|
||||
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
|
||||
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
|
||||
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
|
||||
| HardcodedCredentials.js:98:18:98:21 | 'x1' |
|
||||
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
|
||||
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
|
||||
| HardcodedCredentials.js:99:16:99:19 | 'x2' |
|
||||
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
|
||||
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
|
||||
| HardcodedCredentials.js:100:25:100:28 | 'x3' |
|
||||
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
|
||||
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
|
||||
| HardcodedCredentials.js:101:19:101:22 | 'x4' |
|
||||
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
|
||||
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
|
||||
| HardcodedCredentials.js:112:19:112:22 | 'x5' |
|
||||
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
|
||||
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
|
||||
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
|
||||
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
|
||||
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
|
||||
| HardcodedCredentials.js:160:38:160:48 | "change_me" |
|
||||
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
|
||||
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
|
||||
| HardcodedCredentials.js:161:41:161:51 | 'change_me' |
|
||||
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
|
||||
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
|
||||
| HardcodedCredentials.js:164:35:164:45 | 'change_me' |
|
||||
| HardcodedCredentials.js:171:11:171:25 | USER |
|
||||
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:172:11:172:25 | PASS |
|
||||
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:173:11:173:49 | AUTH |
|
||||
| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) |
|
||||
| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:173:35:173:38 | USER |
|
||||
| HardcodedCredentials.js:173:43:173:46 | PASS |
|
||||
| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:178:39:178:42 | AUTH |
|
||||
| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:188:39:188:42 | AUTH |
|
||||
| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:195:46:195:49 | AUTH |
|
||||
| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:204:44:204:47 | AUTH |
|
||||
| HardcodedCredentials.js:214:11:214:25 | USER |
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:215:11:215:25 | PASS |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:216:11:216:49 | AUTH |
|
||||
| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) |
|
||||
| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:216:35:216:38 | USER |
|
||||
| HardcodedCredentials.js:216:43:216:46 | PASS |
|
||||
| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:221:46:221:49 | AUTH |
|
||||
| HardcodedCredentials.js:231:11:231:29 | username |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' |
|
||||
| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) |
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') |
|
||||
| HardcodedCredentials.js:237:47:237:54 | username |
|
||||
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
|
||||
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
|
||||
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
|
||||
| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
|
||||
| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
|
||||
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' |
|
||||
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' |
|
||||
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
|
||||
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' |
|
||||
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
|
||||
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
|
||||
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
|
||||
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
|
||||
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
|
||||
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
|
||||
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
|
||||
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
|
||||
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
|
||||
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
|
||||
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
|
||||
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
|
||||
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
|
||||
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
|
||||
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
|
||||
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
|
||||
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
|
||||
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
|
||||
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
|
||||
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
|
||||
| HardcodedCredentials.js:281:36:281:45 | "user:foo" |
|
||||
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
|
||||
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
|
||||
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
|
||||
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
|
||||
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
|
||||
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
|
||||
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
|
||||
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
|
||||
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
|
||||
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
|
||||
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
|
||||
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
|
||||
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
|
||||
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
|
||||
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
|
||||
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
|
||||
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
|
||||
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
|
||||
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` |
|
||||
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` |
|
||||
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` |
|
||||
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` |
|
||||
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` |
|
||||
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` |
|
||||
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
|
||||
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
|
||||
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
|
||||
edges
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() |
|
||||
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' |
|
||||
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' |
|
||||
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' |
|
||||
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' |
|
||||
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' |
|
||||
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' |
|
||||
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' |
|
||||
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' |
|
||||
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' |
|
||||
| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' |
|
||||
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' |
|
||||
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' |
|
||||
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' |
|
||||
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' |
|
||||
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' |
|
||||
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' |
|
||||
| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' |
|
||||
| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' |
|
||||
| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' |
|
||||
| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' |
|
||||
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' |
|
||||
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" |
|
||||
| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" |
|
||||
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' |
|
||||
| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' |
|
||||
| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER |
|
||||
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER |
|
||||
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER |
|
||||
| HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS |
|
||||
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS |
|
||||
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS |
|
||||
| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH |
|
||||
| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH |
|
||||
| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH |
|
||||
@@ -344,61 +13,146 @@ edges
|
||||
| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER |
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER |
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER |
|
||||
| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS |
|
||||
| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH |
|
||||
| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH |
|
||||
| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) |
|
||||
| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username |
|
||||
| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') |
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
|
||||
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | HardcodedCredentials.js:260:30:260:40 | `Basic foo` |
|
||||
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
|
||||
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` |
|
||||
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" |
|
||||
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" |
|
||||
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" |
|
||||
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" |
|
||||
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" |
|
||||
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" |
|
||||
| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" |
|
||||
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" |
|
||||
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" |
|
||||
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" |
|
||||
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" |
|
||||
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" |
|
||||
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` |
|
||||
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` |
|
||||
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` |
|
||||
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` |
|
||||
nodes
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | semmle.label | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | semmle.label | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | semmle.label | "user:hgfedcba" |
|
||||
| HardcodedCredentials.js:20:36:20:51 | getCredentials() | semmle.label | getCredentials() |
|
||||
| HardcodedCredentials.js:27:25:27:31 | 'admin' | semmle.label | 'admin' |
|
||||
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | semmle.label | 'unknown-admin-name' |
|
||||
| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:35:15:35:24 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:41:38:41:47 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:42:35:42:44 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:44:34:44:43 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:53:27:53:36 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:56:21:56:30 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | semmle.label | 'bearerToken' |
|
||||
| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | semmle.label | 'bearerToken' |
|
||||
| HardcodedCredentials.js:69:28:69:37 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:70:28:70:37 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:72:23:72:32 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:75:21:75:30 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:84:38:84:47 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:86:44:86:53 | 'username' | semmle.label | 'username' |
|
||||
| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | semmle.label | 'TOKEN' |
|
||||
| HardcodedCredentials.js:98:18:98:21 | 'x1' | semmle.label | 'x1' |
|
||||
| HardcodedCredentials.js:99:16:99:19 | 'x2' | semmle.label | 'x2' |
|
||||
| HardcodedCredentials.js:100:25:100:28 | 'x3' | semmle.label | 'x3' |
|
||||
| HardcodedCredentials.js:101:19:101:22 | 'x4' | semmle.label | 'x4' |
|
||||
| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:112:19:112:22 | 'x5' | semmle.label | 'x5' |
|
||||
| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | semmle.label | 'hgfedcba' |
|
||||
| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | semmle.label | "hgfedcba" |
|
||||
| HardcodedCredentials.js:160:38:160:48 | "change_me" | semmle.label | "change_me" |
|
||||
| HardcodedCredentials.js:161:41:161:51 | 'change_me' | semmle.label | 'change_me' |
|
||||
| HardcodedCredentials.js:164:35:164:45 | 'change_me' | semmle.label | 'change_me' |
|
||||
| HardcodedCredentials.js:171:11:171:25 | USER | semmle.label | USER |
|
||||
| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | semmle.label | 'sdsdag' |
|
||||
| HardcodedCredentials.js:172:11:172:25 | PASS | semmle.label | PASS |
|
||||
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | semmle.label | 'sdsdag' |
|
||||
| HardcodedCredentials.js:173:11:173:49 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) |
|
||||
| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:173:35:173:38 | USER | semmle.label | USER |
|
||||
| HardcodedCredentials.js:173:43:173:46 | PASS | semmle.label | PASS |
|
||||
| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:178:39:178:42 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:188:39:188:42 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:195:46:195:49 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:204:44:204:47 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:214:11:214:25 | USER | semmle.label | USER |
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | semmle.label | 'sdsdag' |
|
||||
| HardcodedCredentials.js:215:11:215:25 | PASS | semmle.label | PASS |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | semmle.label | 'sdsdag' |
|
||||
| HardcodedCredentials.js:216:11:216:49 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) |
|
||||
| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` |
|
||||
| HardcodedCredentials.js:216:35:216:38 | USER | semmle.label | USER |
|
||||
| HardcodedCredentials.js:216:43:216:46 | PASS | semmle.label | PASS |
|
||||
| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` |
|
||||
| HardcodedCredentials.js:221:46:221:49 | AUTH | semmle.label | AUTH |
|
||||
| HardcodedCredentials.js:231:11:231:29 | username | semmle.label | username |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | semmle.label | 'sdsdag' |
|
||||
| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | semmle.label | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | semmle.label | Buffer. ... ssword) |
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | semmle.label | Buffer. ... ase64') |
|
||||
| HardcodedCredentials.js:237:47:237:54 | username | semmle.label | username |
|
||||
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | semmle.label | usernam ... assword |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey | semmle.label | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:246:42:246:51 | privateKey | semmle.label | privateKey |
|
||||
| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | semmle.label | `Basic foo` |
|
||||
| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | semmle.label | `${foo ... Token}` |
|
||||
| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | semmle.label | foo ? ' ... 'OAuth' |
|
||||
| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | semmle.label | 'Bearer' |
|
||||
| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | semmle.label | 'OAuth' |
|
||||
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | semmle.label | "user:{ ... ERE }}" |
|
||||
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | semmle.label | "user:t ... ERE }}" |
|
||||
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | semmle.label | "user:( ... HERE )" |
|
||||
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | semmle.label | "user:{ ... ken }}" |
|
||||
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | semmle.label | "user:abcdefgh" |
|
||||
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | semmle.label | "user:12345678" |
|
||||
| HardcodedCredentials.js:281:36:281:45 | "user:foo" | semmle.label | "user:foo" |
|
||||
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | semmle.label | "user:mypassword" |
|
||||
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | semmle.label | "user:mytoken" |
|
||||
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | semmle.label | "user:fake token" |
|
||||
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | semmle.label | "user:dcba" |
|
||||
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | semmle.label | "user:custom string" |
|
||||
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | semmle.label | `Basic ... sdsdag` |
|
||||
| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | semmle.label | `Basic ... xxxxxx` |
|
||||
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | semmle.label | `Basic ... gbbbbb` |
|
||||
| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | semmle.label | `Basic ... 000001` |
|
||||
subpaths
|
||||
#select
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
|
||||
|
||||
Reference in New Issue
Block a user