hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added ability to detect direct write to global AWS.config

Browse Source
This commit is contained in:
Napalys Klicius
2025-04-24 11:01:35 +02:00
parent 05e4677fd1
commit f69037c176
3 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected
View File

@@ -161,6 +161,8 @@
| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | user name |
| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | user name |
| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | user name |
| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | user name |
| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | password |
| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name |
| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password |
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name |
@@ -557,6 +559,8 @@ nodes
| HardcodedCredentials.js:507:73:507:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | semmle.label | "AccessID1" |
| HardcodedCredentials.js:508:93:508:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" |
| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" |
| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | semmle.label | "hgfedcba" |
| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" |
| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | semmle.label | "hgfedcba" |
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' |

4
javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js
View File

@@ -507,8 +507,8 @@
const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert
AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ MISSING: Alert
AWS.config.secretAccessKey = "hgfedcba"; // $ MISSING: Alert
AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ Alert
AWS.config.secretAccessKey = "hgfedcba"; // $ Alert
const creds = new AWS.Credentials(
"SOMEACCESSKEY", // $ MISSING: Alert