Enhance the check for embedded passwords

2026-04-29 10:45:15 +02:00 · 2020-12-17 03:47:38 +00:00
parent 523f0fb247
commit b44f01a87b
3 changed files with 27 additions and 7 deletions
--- a/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.expected
@@ -1,2 +1,3 @@
 | applicationContext.xml:9:3:9:48 | name=password | Plaintext password in configuration file. |
 | context.xml:4:2:8:50 | password=1234 | Plaintext password in configuration file. |
+| custom-config.xml:3:2:3:137 | value=server=myoracle.example.com;port=1521;database=testdb;username=root;password=test1234 | Plaintext password in configuration file. |
--- a/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml
+++ b/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<db-connections>
+	<db-connection name="oracleServerConn" value="server=myoracle.example.com;port=1521;database=testdb;username=root;password=test1234" /> 
+</db-connections>