Query module PasswordInConfigurationFile

name
Password in configuration file
description
Storing unencrypted passwords in configuration files is unsafe.
kind
problem
problem.severity
warning
precision
high
id
js/password-in-configuration-file
tags
security external/cwe/cwe-256 external/cwe/cwe-260 external/cwe/cwe-313

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

config

Holds if some JSON or YAML file contains a property with name key and value val, where valElement is the entity corresponding to the value.

exclude

Holds if file f should be excluded because it looks like it may be a dictionary file, or a test or example.