hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

update test cases of __tests__/ dir

Browse Source 
since we want to check if a jwt related sink is in this dir or not
This commit is contained in:
am0o0
2024-07-01 14:48:25 +02:00
parent 6ecd8b7ee8
commit 5a1877547f
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -344,6 +344,13 @@ nodes
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
| __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:21:18:43 | "myHard ... ateKey" |
| __tests__/HardcodedCredentialsDemo.js:18:21:18:43 | "myHard ... ateKey" |
| __tests__/HardcodedCredentialsDemo.js:21:24:21:32 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:21:24:21:32 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:28:31:28:39 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:28:31:28:39 | secretKey |
edges
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' |
@@ -525,6 +532,12 @@ edges
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:9:414:43 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
| __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey | __tests__/HardcodedCredentialsDemo.js:21:24:21:32 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey | __tests__/HardcodedCredentialsDemo.js:21:24:21:32 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey | __tests__/HardcodedCredentialsDemo.js:28:31:28:39 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey | __tests__/HardcodedCredentialsDemo.js:28:31:28:39 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:21:18:43 | "myHard ... ateKey" | __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey |
| __tests__/HardcodedCredentialsDemo.js:18:21:18:43 | "myHard ... ateKey" | __tests__/HardcodedCredentialsDemo.js:18:9:18:43 | secretKey |
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |

21
javascript/ql/test/query-tests/Security/CWE-798/__tests__/HardcodedCredentialsDemo.js
View File

@@ -10,3 +10,24 @@
});
client.connect();
})();
(function () {
const JwtStrategy = require('passport-jwt').Strategy;
const passport = require('passport')
var secretKey = "myHardCodedPrivateKey";
const opts = {}
opts.secretOrKey = secretKey; // NOT OK
passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
return done(null, false);
}));
passport.use(new JwtStrategy({
secretOrKeyProvider: function (request, rawJwtToken, done) {
return done(null, secretKey) // NOT OK
}
}, function (jwt_payload, done) {
return done(null, false);
}));
})();