Skip to content

Commit 1cf9714

Browse files
GeekMasherGeekMasher
committed
feat(python): Add Hardcoded Credentials MaD support
1 parent 42925b5 commit 1cf9714

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

python/ql/src/Security/CWE-798/HardcodedCredentials.ql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ import semmle.python.dataflow.new.TaintTracking
1818
import semmle.python.filters.Tests
1919
private import semmle.python.dataflow.new.internal.DataFlowDispatch as DataFlowDispatch
2020
private import semmle.python.dataflow.new.internal.Builtins::Builtins as Builtins
21+
private import semmle.python.frameworks.data.ModelsAsData
2122

2223
bindingset[char, fraction]
2324
predicate fewer_characters_than(StringLiteral str, string char, float fraction) {
@@ -80,6 +81,8 @@ class HardcodedValueSource extends DataFlow::Node {
8081

8182
class CredentialSink extends DataFlow::Node {
8283
CredentialSink() {
84+
this = ModelOutput::getASinkNode("credentials-hardcoded").asSink()
85+
or
8386
exists(string name |
8487
name.regexpMatch(getACredentialRegex()) and
8588
not name.matches("%file")

0 commit comments

Comments
 (0)