hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

ignore deliberately hardcoded password strings

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2022-02-16 09:47:01 +01:00
parent 78744a0182
commit 816d79692b
3 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -386,9 +386,6 @@ edges
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password |
| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | The hard-coded value "user:hgfedcba" is used as $@. | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | credentials |
| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | The hard-coded value "user:hgfedcba" is used as $@. | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | credentials |
| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | The hard-coded value "user:hgfedcba" is used as $@. | HardcodedCredentials.js:20:36:20:51 | getCredentials() | credentials |
| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | The hard-coded value "admin" is used as $@. | HardcodedCredentials.js:27:25:27:31 | 'admin' | user name |
| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | password |
| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | The hard-coded value "unknown-admin-name" is used as $@. | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | user name |
@@ -449,15 +446,3 @@ edges
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization header |
| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | authorization header |
| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key |
| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | The hard-coded value "user:{{ INSERT_HERE }}" is used as $@. | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | credentials |
| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | The hard-coded value "user:token {{ INSERT_HERE }}" is used as $@. | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | credentials |
| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | The hard-coded value "user:( INSERT_HERE )" is used as $@. | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | credentials |
| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | The hard-coded value "user:{{ env.access_token }}" is used as $@. | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | credentials |
| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | The hard-coded value "user:abcdefgh" is used as $@. | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | credentials |
| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" | The hard-coded value "user:12345678" is used as $@. | HardcodedCredentials.js:280:36:280:50 | "user:12345678" | credentials |
| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" | The hard-coded value "user:foo" is used as $@. | HardcodedCredentials.js:281:36:281:45 | "user:foo" | credentials |
| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | The hard-coded value "user:mypassword" is used as $@. | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | credentials |
| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | The hard-coded value "user:mytoken" is used as $@. | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | credentials |
| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" | The hard-coded value "user:fake token" is used as $@. | HardcodedCredentials.js:284:36:284:52 | "user:fake token" | credentials |
| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" | The hard-coded value "user:dcba" is used as $@. | HardcodedCredentials.js:285:36:285:46 | "user:dcba" | credentials |
| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" | The hard-coded value "user:custom string" is used as $@. | HardcodedCredentials.js:286:36:286:55 | "user:custom string" | credentials |