Skip to content

Commit 36cb60c

Browse files
committed
Add fixed proposition for NodeJS
1 parent eb28266 commit 36cb60c

File tree

3 files changed

+24
-2
lines changed

3 files changed

+24
-2
lines changed

javascript/ql/src/Security/CWE-798/HardcodedCredentials.qhelp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@
3333
<code>username</code> and <code>password</code>, which can be set externally without hard-coding
3434
credentials in the source code.
3535
</p>
36+
37+
For example, in a NodeJS environment :
38+
<sample src="examples/HardcodedCredentialsHttpRequestFixed.js"/>
39+
3640
</example>
3741

3842
<example>

javascript/ql/src/Security/CWE-798/examples/HardcodedCredentialsHttpRequest.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ headers.append('Authorization', 'Basic' + base64.encode(username + ":" + passwor
1111

1212
fetch(url, {method:'GET',
1313
headers: headers,
14-
//credentials: 'user:passwd'
14+
credentials: `${user}:${passwd}`
1515
})
1616
.then(response => response.json())
1717
.then(json => console.log(json));
18-
//.done();
18+
.done();
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
let base64 = require('base-64');
2+
3+
let url = 'http://example.org/auth';
4+
let username = process.env.USERNAME;
5+
let password = process.env.PASSWORD;
6+
7+
let headers = new Headers();
8+
9+
//headers.append('Content-Type', 'text/json');
10+
headers.append('Authorization', 'Basic' + base64.encode(username + ":" + password));
11+
12+
fetch(url, {method:'GET',
13+
headers: headers,
14+
credentials: `${user}:${passwd}`
15+
})
16+
.then(response => response.json())
17+
.then(json => console.log(json));
18+
.done();

0 commit comments

Comments
 (0)