Additional hardcoded credentials candidates 3rd-party api calls

java/ql/src/Security/CWE/CWE-798/SensitiveApi.qll

@@ -438,6 +438,49 @@ private predicate otherApiCallableCredentialParam(string s) {
       "com.azure.identity.UsernamePasswordCredentialBuilder;username(String);0",
       "com.azure.identity.UsernamePasswordCredentialBuilder;password(String);0",
       "com.azure.identity.ClientSecretCredentialBuilder;clientSecret(String);0",
-      "org.apache.shiro.mgt.AbstractRememberMeManager;setCipherKey(byte[]);0"
+      "org.apache.shiro.mgt.AbstractRememberMeManager;setCipherKey(byte[]);0",
+      "com.jcraft.jsch.JSch;getSession(String, String, int);0",
+      "com.jcraft.jsch.JSch;getSession(String, String);0",
+      "ch.ethz.ssh2.Connection;authenticateWithPassword(String, String);0",
+      "org.apache.sshd.client.SshClient;connect(String, String, int);0",
+      "org.apache.sshd.client.SshClient;connect(String, SocketAddress);0",
+      "net.schmizz.sshj.SSHClient;authPassword(String, char[]);0",
+      "net.schmizz.sshj.SSHClient;authPassword(String, String);0",
+      "com.sshtools.j2ssh.authentication.SshAuthenticationClient;setUsername(String);0",
+      "com.sshtools.j2ssh.authentication.PasswordAuthenticationClient;setUsername(String);0",
+      "com.trilead.ssh2.Connection;authenticateWithPassword(String, String);0",
+      "com.trilead.ssh2.Connection;authenticateWithDSA(String, String, String);0",
+      "com.trilead.ssh2.Connection;authenticateWithNone(String);0",
+      "com.trilead.ssh2.Connection;getRemainingAuthMethods(String);0",
+      "com.trilead.ssh2.Connection;isAuthMethodAvailable(String, String);0",
+      "com.trilead.ssh2.Connection;authenticateWithPublicKey(String, char[], String);0",
+      "com.trilead.ssh2.Connection;authenticateWithPublicKey(String, File, String);0",
+      "com.jcraft.jsch.Session;setPassword(byte[]);0",
+      "com.jcraft.jsch.Session;setPassword(String);0",
+      "ch.ethz.ssh2.Connection;authenticateWithPassword(String, String);1",
+      "org.apache.sshd.client.session.AbstractClientSession;addPasswordIdentity(String);0",
+      "net.schmizz.sshj.SSHClient;authPassword(String, char[]);1",
+      "net.schmizz.sshj.SSHClient;authPassword(String, String);1",
+      "com.sshtools.j2ssh.authentication.PasswordAuthenticationClient;setPassword(String);0",
+      "com.trilead.ssh2.Connection;authenticateWithPassword(String, String);1",
+      "com.trilead.ssh2.Connection;authenticateWithDSA(String, String, String);2",
+      "com.trilead.ssh2.Connection;authenticateWithPublicKey(String, char[], String);2",
+      "com.trilead.ssh2.Connection;authenticateWithPublicKey(String, File, String);2",
+      "com.trilead.ssh2.Connection;authenticateWithDSA(String, String, String);1",
+      "com.trilead.ssh2.Connection;authenticateWithPublicKey(String, char[], String);1",
+      "org.apache.commons.net.ftp.FTPClient;login(String, String);0",
+      "org.apache.commons.net.ftp.FTPClient;login(String, String, String);0",
+      "org.apache.commons.net.ftp.FTPClient;login(String, String);1",
+      "org.apache.commons.net.ftp.FTPClient;login(String, String, String);1",
+      "com.mongodb.MongoCredential;createCredential(String, String, char[]);0",
+      "com.mongodb.MongoCredential;createMongoCRCredential(String, String, char[]);0",
+      "com.mongodb.MongoCredential;createPlainCredential(String, String, char[]);0",
+      "com.mongodb.MongoCredential;createScramSha1Credential(String, String, char[]);0",
+      "com.mongodb.MongoCredential;createGSSAPICredential(String);0",
+      "com.mongodb.MongoCredential;createMongoX509Credential(String);0",
+      "com.mongodb.MongoCredential;createCredential(String, String, char[]);2",
+      "com.mongodb.MongoCredential;createMongoCRCredential(String, String, char[]);2",
+      "com.mongodb.MongoCredential;createPlainCredential(String, String, char[]);2",
+      "com.mongodb.MongoCredential;createScramSha1Credential(String, String, char[]);2"
     ]
 }