JS: Update alerts in HardcodedCredentials test

Note that file is inside a folder named __tests__. The same code is found in another file outside the test folder, where it is flagged.
2026-04-26 17:25:19 +02:00 · 2025-02-25 15:40:53 +01:00
parent 69b2d197e6
commit 7fa63fa6ee
1 changed files with 5 additions and 5 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-798/tests/HardcodedCredentialsDemo.js
+++ b/javascript/ql/test/query-tests/Security/CWE-798/tests/HardcodedCredentialsDemo.js
@@ -2,10 +2,10 @@
    const pg = require('pg');

    const client = new pg.Client({
-        user: 'dbuser',
+        user: 'dbuser', // $ Alert
        host: 'database.server.com',
        database: 'mydb',
-        password: 'hgfedcba',
+        password: 'hgfedcba', // $ Alert
        port: 3211,
    });
    client.connect();
@@ -15,17 +15,17 @@
    const JwtStrategy = require('passport-jwt').Strategy;
    const passport = require('passport')

-    var secretKey = "myHardCodedPrivateKey";
+    var secretKey = "myHardCodedPrivateKey"; // OK - JWT keys in tests are not flagged

    const opts = {}
-    opts.secretOrKey = secretKey; // $ Alert
+    opts.secretOrKey = secretKey;
    passport.use(new JwtStrategy(opts, function (jwt_payload, done) {
        return done(null, false);
    }));

    passport.use(new JwtStrategy({
        secretOrKeyProvider: function (request, rawJwtToken, done) {
-            return done(null, secretKey) // $ Alert
+            return done(null, secretKey)
        }
    }, function (jwt_payload, done) {
        return done(null, false);