JavaScript: Tweak PasswordInConfigurationFile alerts.

Only highlight first line, and include the password in the alert message.
2026-04-29 10:45:15 +02:00 · 2019-06-04 17:07:49 +01:00
parent 601ea22bfd
commit a4876270ec
3 changed files with 14 additions and 5 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-313/PasswordInConfigurationFile.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-313/PasswordInConfigurationFile.expected
@@ -1,2 +1,3 @@
-| mysql-config.json:4:16:4:23 | "secret" | Avoid plaintext passwords in configuration files. |
-| tst4.json:2:10:2:38 | "script ... ecret'" | Avoid plaintext passwords in configuration files. |
+| mysql-config.json:4:16:4:23 | "secret" | Hard-coded password 'secret' in configuration file. |
+| tst4.json:2:10:2:38 | "script ... ecret'" | Hard-coded password ''secret'' in configuration file. |
+| tst7.yml:2:9:2:6 | \| | Hard-coded password 'abc' in configuration file. |
--- a/javascript/ql/test/query-tests/Security/CWE-313/tst7.yml
+++ b/javascript/ql/test/query-tests/Security/CWE-313/tst7.yml
@@ -1 +1,7 @@
 password: $$SOME_VAR
+config: |
+    [mail]
+    host = smtp.mydomain.com
+    port = 25
+    username = sample_admin@mydomain.com
+    password = abc