File tree Expand file tree Collapse file tree 2 files changed +18
-3
lines changed
src/semmle/javascript/security/dataflow
test/query-tests/Security/CWE-798 Expand file tree Collapse file tree 2 files changed +18
-3
lines changed Original file line number Diff line number Diff line change @@ -41,9 +41,14 @@ module HardcodedCredentials {
4141 * A subclass of `Sink` that includes every `CredentialsExpr`
4242 * as a credentials sink.
4343 */
44- class DefaultCredentialsSink extends Sink {
45- DefaultCredentialsSink ( ) { this . asExpr ( ) instanceof CredentialsExpr }
44+ class DefaultCredentialsSink extends Sink , DataFlow :: ValueNode {
45+ override CredentialsExpr astNode ;
4646
47- override string getKind ( ) { result = this .asExpr ( ) .( CredentialsExpr ) .getCredentialsKind ( ) }
47+ DefaultCredentialsSink ( ) {
48+ // Don't flag an empty user name
49+ not ( astNode .getCredentialsKind ( ) = "user name" and astNode .getStringValue ( ) = "" )
50+ }
51+
52+ override string getKind ( ) { result = astNode .getCredentialsKind ( ) }
4853 }
4954}
Original file line number Diff line number Diff line change 134134( function ( ) {
135135 require ( "cookie-session" ) ( { secret : "cookie-session secret" } ) ;
136136} ) ( )
137+
138+ ( function ( ) {
139+ var request = require ( 'request' ) ;
140+ request . get ( url , { // OK
141+ 'auth' : {
142+ 'user' : '' ,
143+ 'pass' : process . env . PASSWORD
144+ }
145+ } ) ;
146+ } ) ( ) ;
You can’t perform that action at this time.
0 commit comments