hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b62e9dc92c246a075f4e3a63ecfe07984d8c0d5d
codeql/java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedJ2sshCredentials.java
Chris Smowton b62e9dc92c Convert tests to inline expectations and fix one bug revealed doing so 
Specifically Apache sshd defines its sensitive api calls on an inherited interface, and they need to be described that way for us to pick them up.
2022-08-13 14:02:05 +01:00

11 lines
673 B
Java
Raw Blame History

import com.sshtools.j2ssh.authentication.SshAuthenticationClient;
import com.sshtools.j2ssh.authentication.PasswordAuthenticationClient;
public class HardcodedJ2sshCredentials {
public static void main(SshAuthenticationClient client1, PasswordAuthenticationClient client2) {
// BAD: Hardcoded credentials used for the session username and/or password.
client1.setUsername("Username"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
client2.setUsername("Username"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
client2.setPassword("password"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
}
}
Reference in New Issue View Git Blame Copy Permalink