hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add new default cred kind

Browse Source
This commit is contained in:
am0o0
2024-07-01 14:42:34 +02:00
parent fa8c457015
commit 6ecd8b7ee8
4 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll
View File

@@ -12,7 +12,7 @@ import javascript
abstract class CredentialsNode extends DataFlow::Node {
/**
* Gets a description of the kind of credential this expression is used as,
* such as `"user name"`, `"password"`, `"key"`.
* such as `"user name"`, `"password"`, `"key"`, `"jwt key"`.
*/
abstract string getCredentialsKind();
}

12
javascript/ql/lib/semmle/javascript/frameworks/JWT.qll
View File

@@ -48,7 +48,7 @@ private module JsonWebToken {
API::moduleImport("jsonwebtoken").getMember(["sign", "verify"]).getParameter(1).asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -64,7 +64,7 @@ private module Jose {
this = API::moduleImport("jose").getMember("jwtVerify").getParameter(1).asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -78,7 +78,7 @@ private module JwtSimple {
private class JwtKey extends CredentialsNode {
JwtKey() { this = API::moduleImport("jwt-simple").getMember("decode").getParameter(1).asSink() }
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -94,7 +94,7 @@ private module KoaJwt {
this = API::moduleImport("koa-jwt").getParameter(0).getMember("secret").asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -115,7 +115,7 @@ private module ExpressJwt {
.asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
@@ -145,6 +145,6 @@ private module PassportJwt {
.asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}

2
javascript/ql/lib/semmle/javascript/frameworks/Next.qll
View File

@@ -268,7 +268,7 @@ module NextJS {
this = API::moduleImport("next-auth").getParameter(0).getMember("secret").asSink()
}
override string getCredentialsKind() { result = "key" }
override string getCredentialsKind() { result = "jwt key" }
}
}
}

24
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -587,18 +587,18 @@ edges
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | authorization header |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:249:23:249:31 | publicKey | The hard-coded value "myHardCodedPublicKey" is used as $@. | HardcodedCredentials.js:249:23:249:31 | publicKey | key |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | jwt key |
| HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:248:21:248:42 | "myHard ... licKey" | HardcodedCredentials.js:249:23:249:31 | publicKey | The hard-coded value "myHardCodedPublicKey" is used as $@. | HardcodedCredentials.js:249:23:249:31 | publicKey | jwt key |
| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | The hard-coded value "Basic sdsdag:sdsdag" is used as $@. | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | authorization header |
| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | The hard-coded value "Basic sdsdag:aaaiuogrweuibgbbbbb" is used as $@. | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | authorization header |
| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | The hard-coded value "iubfewiaaweiybgaeuybgera" is used as $@. | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | key |
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:309:34:309:43 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:309:34:309:43 | privateKey | key |
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | key |
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:323:27:323:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:323:27:323:35 | publicKey | key |
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:335:31:335:39 | publicKey | The hard-coded value "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6f..." is used as $@. | HardcodedCredentials.js:335:31:335:39 | publicKey | key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:349:21:349:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:349:21:349:29 | secretKey | key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:378:24:378:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:378:24:378:32 | secretKey | key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | key |
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | key |
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | key |
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:309:34:309:43 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:309:34:309:43 | privateKey | jwt key |
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | jwt key |
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:323:27:323:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:323:27:323:35 | publicKey | jwt key |
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:335:31:335:39 | publicKey | The hard-coded value "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6f..." is used as $@. | HardcodedCredentials.js:335:31:335:39 | publicKey | jwt key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:349:21:349:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:349:21:349:29 | secretKey | jwt key |
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | jwt key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:378:24:378:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:378:24:378:32 | secretKey | jwt key |
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | jwt key |
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | jwt key |
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | jwt key |