hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hardcoded credentials in CouchBase

Browse Source
This commit is contained in:
Mauro Baluda
2025-12-22 20:22:20 +01:00
parent 359a28e409
commit b22077c371
12 changed files with 319 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java Normal file
View File

@@ -0,0 +1,35 @@
import static com.couchbase.client.java.ClusterOptions.clusterOptions;
import com.couchbase.client.core.env.Authenticator;
import com.couchbase.client.core.env.CertificateAuthenticator;
import com.couchbase.client.core.env.PasswordAuthenticator;
import com.couchbase.client.java.Cluster;
public class HardcodedCouchBaseCredentials {
public static void test() {
Cluster cluster1 =
Cluster.connect(
"127.0.0.1",
"Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
"password"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
Cluster cluster2 =
Cluster.connect(
"127.0.0.1",
clusterOptions(
"Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
"password")); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
PasswordAuthenticator authenticator1 =
PasswordAuthenticator.builder()
.username(
"Administrator") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
.password("password") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
.onlyEnablePlainSaslMechanism()
.build();
Authenticator authenticator2 =
CertificateAuthenticator.fromKeyStore(
null,
"keyStorePassword"); // $ HardcodedCredentialsApiCall
Cluster cluster = Cluster.connect("127.0.0.1", clusterOptions(authenticator2));
}
}

2
java/ql/test/query-tests/security/CWE-798/semmle/tests/options
View File

@@ -1 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/mssql-jdbc-12.2.0:${testdir}/../../../../../stubs/auth0-jwt-2.3
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/mssql-jdbc-12.2.0:${testdir}/../../../../../stubs/auth0-jwt-2.3