mirror of
https://github.com/github/codeql.git
synced 2026-05-01 03:35:13 +02:00
add keys used by jsonwebtoken as CredentialsExpr
This commit is contained in:
Erik Krogh Kristensen
@@ -208,6 +208,16 @@ nodes
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') |
|
||||
| HardcodedCredentials.js:237:47:237:54 | username |
|
||||
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:248:9:248:42 | publicKey |
|
||||
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" |
|
||||
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" |
|
||||
| HardcodedCredentials.js:249:23:249:31 | publicKey |
|
||||
| HardcodedCredentials.js:249:23:249:31 | publicKey |
|
||||
edges
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
|
||||
@@ -309,6 +319,14 @@ edges
|
||||
| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') |
|
||||
| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword |
|
||||
| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey |
|
||||
| HardcodedCredentials.js:248:9:248:42 | publicKey | HardcodedCredentials.js:249:23:249:31 | publicKey |
|
||||
| HardcodedCredentials.js:248:9:248:42 | publicKey | HardcodedCredentials.js:249:23:249:31 | publicKey |
|
||||
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:9:248:42 | publicKey |
|
||||
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:9:248:42 | publicKey |
|
||||
#select
|
||||
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
|
||||
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | password |
|
||||
@@ -374,3 +392,5 @@ edges
|
||||
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
|
||||
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
|
||||
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | authorization header |
|
||||
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key |
|
||||
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:249:23:249:31 | publicKey | The hard-coded value "myHardCodedPublicKey" is used as $@. | HardcodedCredentials.js:249:23:249:31 | publicKey | key |
|
||||
|
||||
@@ -237,4 +237,16 @@
|
||||
Authorization: 'Basic ' + Buffer.from(username + ':' + password).toString('base64'),
|
||||
},
|
||||
});
|
||||
})
|
||||
})
|
||||
|
||||
(function () {
|
||||
import jwt from "jsonwebtoken";
|
||||
|
||||
var privateKey = "myHardCodedPrivateKey";
|
||||
var token = jwt.sign({ foo: 'bar' }, privateKey, { algorithm: 'RS256'});
|
||||
|
||||
var publicKey = "myHardCodedPublicKey";
|
||||
jwt.verify(token, publicKey, function(err, decoded) {
|
||||
console.log(decoded);
|
||||
});
|
||||
})();
|
||||
Reference in New Issue
Block a user