Query module HardcodedConnectionString

name
Hard-coded connection string with credentials
description
Credentials are hard-coded in a connection string in the source code of the application.
kind
path-problem
problem.severity
error
precision
high
id
cs/hardcoded-connection-string-credentials
tags
security external/cwe/cwe-259 external/cwe/cwe-321 external/cwe/cwe-798

Imports

Data

Provides definitions related to the namespace System.Data.

HardcodedCredentials

Provides a taint-tracking configuration for reasoning about hard coded credentials.

PathGraph

Provides the query predicates needed to include a graph in a path-problem query.

csharp

The default C# QL library.

Classes

ConnectionStringPasswordOrUsername

A string literal containing a username or password field.

ConnectionStringTaintTrackingConfiguration

A taint-tracking configuration for tracking string literals to a ConnectionString property.