Update ghcp_userservice_lab.md

Georges034302 · web-flow · commit c9cb29db26f7 · 2025-07-13T19:22:02.000+10:00
diff --git a/session2/dotnet/ghcp_userservice_lab.md b/session2/dotnet/ghcp_userservice_lab.md
@@ -475,43 +475,32 @@ paths-ignore:
 
 > **Copilot Prompt:**  
 > Create a custom CodeQL query named `FindHardcodedSecrets.ql` for C# to detect hardcoded secrets.  
-> - Target fields that are initialized with string literals.  
+> - Target fields that are initialized with StringLiteral.  
 > - Match field names containing `apiKey`, `token`, `secret`, `password`, or `auth` (case-insensitive).  
 > - Match values that resemble secrets, such as those starting with `sk_`, `token_`, `apikey_`, or 32+ base64-like characters.  
-> - Use `Field` and `string_literal` from the `csharp` CodeQL library.  
+> - Use `Field` and `Literal` from the `csharp` CodeQL library.  
 > - Return the matched string literal and a message indicating a hardcoded secret.  
 > - Include standard CodeQL metadata: `@name`, `@description`, `@id`, `@tags`, `@problem.severity`, and `@security-severity`.
 
 ### **✅ Expected Outcome:** 
 
 ```ql
 /**
- * @name Find hardcoded secrets in C#
- * @description Detects hardcoded string literals assigned to fields with secret-related names
+ * @name Hardcoded secrets in C# code
+ * @description Finds string literals that may contain hardcoded secrets.
  * @kind problem
  * @problem.severity warning
  * @security-severity 8.0
  * @id cs/hardcoded-secrets
- * @tags security
+ * @tags security, external/cwe/cwe-798
  */
 
 import csharp
 
-predicate isSecretField(Field f) {
-  f.getName().regexpMatch("(?i).*(apiKey|token|secret|password|auth)")
-}
-
-predicate isSecretValue(string_literal s) {
-  s.getValue().regexpMatch("(?i)^(sk_.*|token_.*|apikey_.*|[a-zA-Z0-9+/=]{32,})")
-}
-
-from Field f, string_literal s
+from StringLiteral s
 where
-  isSecretField(f) and
-  f.getInitializer() = s and
-  isSecretValue(s)
-select s, "Hardcoded secret detected: '" + s.getValue() + "' assigned to field '" + f.getName() + "'"
-
+  s.getValue().regexpMatch("(?i)(sk_[a-z0-9]{10,}|api[_-]?key|token|secret|[A-Za-z0-9+/=]{32,})")
+select s, "🔒 Possible hardcoded secret: '" + s.getValue() + "'"
 ```
 
 ### 🔍 Purpose of `FindHardcodedSecrets.ql` Query
