hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

better support for browser based fetch API

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-06-03 11:51:24 +02:00
parent 3622fb8716
commit ba44ebe8a8
3 changed files with 59 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -185,6 +185,20 @@ nodes
| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
| HardcodedCredentials.js:204:44:204:47 | AUTH |
| HardcodedCredentials.js:214:11:214:25 | USER |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' |
| HardcodedCredentials.js:215:11:215:25 | PASS |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' |
| HardcodedCredentials.js:216:11:216:49 | AUTH |
| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) |
| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
| HardcodedCredentials.js:216:35:216:38 | USER |
| HardcodedCredentials.js:216:43:216:46 | PASS |
| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:221:46:221:49 | AUTH |
edges
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' |
@@ -265,6 +279,19 @@ edges
| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` |
| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER |
| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS |
| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH |
| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH |
| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) |
| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` |
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` |
#select
| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name |
| HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | The hard-coded value "abcdefgh" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'abcdefgh' | password |
@@ -327,3 +354,5 @@ edges
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | authorization headers |
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | authorization headers |
| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | authorization headers |
| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization headers |
| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | authorization headers |

17
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
View File

@@ -206,4 +206,21 @@
method: 'get',
headers: headers2
});
});
(function () {
const base64 = require('base-64');
const USER = 'sdsdag';
const PASS = 'sdsdag';
const AUTH = base64.encode(`${USER}:${PASS}`);
// browser API
var headers = new Headers();
headers.append("Content-Type", 'application/json');
headers.append("Authorization", `Basic ${AUTH}`);
fetch(ENDPOINT, {
method: 'get',
headers: headers
});
});