hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #837 from asger-semmle/hardcoded-empty-string

Browse Source 
Approved by esben-semmle
This commit is contained in:
semmle-qlci
2019-01-30 13:40:39 +00:00
committed by GitHub
parent 24c8a47bb1 5d4192ce0a
commit fc5b9dd55e
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll
View File

@@ -41,9 +41,14 @@ module HardcodedCredentials {
* A subclass of `Sink` that includes every `CredentialsExpr`
* as a credentials sink.
*/
class DefaultCredentialsSink extends Sink {
DefaultCredentialsSink() { this.asExpr() instanceof CredentialsExpr }
class DefaultCredentialsSink extends Sink, DataFlow::ValueNode {
override CredentialsExpr astNode;
override string getKind() { result = this.asExpr().(CredentialsExpr).getCredentialsKind() }
DefaultCredentialsSink() {
// Don't flag an empty user name
not (astNode.getCredentialsKind() = "user name" and astNode.getStringValue() = "")
}
override string getKind() { result = astNode.getCredentialsKind() }
}
}