rename change notes

2026-04-26 17:25:19 +02:00 · 2025-12-24 20:39:16 +01:00
parent 0464e64469
commit dda042f7df
5 changed files with 87 additions and 60 deletions
--- a/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java
+++ b/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java
@@ -1,35 +1,53 @@
 import static com.couchbase.client.java.ClusterOptions.clusterOptions;

-import com.couchbase.client.core.env.Authenticator;
 import com.couchbase.client.core.env.CertificateAuthenticator;
 import com.couchbase.client.core.env.PasswordAuthenticator;
+import com.couchbase.client.core.env.UsernameAndPassword;
 import com.couchbase.client.java.Cluster;
+import java.util.function.Supplier;

 public class HardcodedCouchBaseCredentials {
  public static void test() {
-    Cluster cluster1 =
-        Cluster.connect(
-            "127.0.0.1",
-            "Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-            "password"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-    Cluster cluster2 =
-        Cluster.connect(
-            "127.0.0.1",
-            clusterOptions(
-                "Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-                "password")); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-    PasswordAuthenticator authenticator1 =
-        PasswordAuthenticator.builder()
-            .username(
-                "Administrator") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-            .password("password") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
-            .onlyEnablePlainSaslMechanism()
-            .build();
+    // com.couchbase.client.core.env.CertificateAuthenticator sinks
+    CertificateAuthenticator.fromKey(null, "keyPassword", null); // $ HardcodedCredentialsApiCall
+    CertificateAuthenticator.fromKeyStore(
+        null, "keyStorePassword", null); // $ HardcodedCredentialsApiCall
+    CertificateAuthenticator.fromKeyStore(
+        null, "keyStorePassword"); // $ HardcodedCredentialsApiCall

-    Authenticator authenticator2 =
-        CertificateAuthenticator.fromKeyStore(
-            null,
-            "keyStorePassword"); // $ HardcodedCredentialsApiCall
-    Cluster cluster = Cluster.connect("127.0.0.1", clusterOptions(authenticator2));
+    // com.couchbase.client.core.env.PasswordAuthenticator sinks
+    PasswordAuthenticator.create(
+        "Administrator", // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+        "password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+    PasswordAuthenticator.ldapCompatible(
+        "Administrator", // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+        "password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+
+    // com.couchbase.client.core.env.PasswordAuthenticator$Builder sinks
+    PasswordAuthenticator.builder(
+        "Administrator", // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+        "password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+    PasswordAuthenticator.builder()
+        .username("Administrator") // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+        .password("password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+    PasswordAuthenticator.builder((Supplier<UsernameAndPassword>) new UsernameAndPassword(
+                "Administrator", // $ HardcodedCredentialsSourceCall$ MISSING: HardcodedCredentialsApiCall 
+                "password")); // $ HardcodedCredentialsSourceCall$ MISSING: HardcodedCredentialsApiCall 
+    PasswordAuthenticator.builder()
+        .username((Supplier<String>) () -> {return "Administrator";}) // $ MISSING: HardcodedCredentialsApiCall
+        .password((Supplier<String>) () -> {return "password";}); // $ MISSING: HardcodedCredentialsApiCall
+
+    // com.couchbase.client.java.Cluster sinks
+    Cluster.connect(
+        "127.0.0.1",
+        "Administrator", // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+        "password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
+
+    // com.couchbase.client.java.ClusterOptions sinks
+    Cluster.connect(
+        "127.0.0.1",
+        clusterOptions(
+            "Administrator", // $ HardcodedCredentialsApiCall
+            "password")); // $ HardcodedCredentialsApiCall
  }
-}
+}