CodeQL library for Java/Kotlin
codeql/java-all 4.2.1 (changelog, source)
Search

Module HardcodedCredentials

Provides classes and predicates relating to hardcoded credentials.

Import path

import semmle.code.java.security.HardcodedCredentials

Imports

SensitiveApi

Provides predicates defining methods that consume sensitive data, such as usernames and passwords.

java

Provides all default Java QL imports.

Classes

CredentialsApiSink

An argument to a sensitive call of a known API, expected to contain username, password or cryptographic key credentials.

CredentialsSink

An argument to a sensitive call, expected to contain credentials.

CredentialsSourceSink

An argument to a call, where the parameter name corresponding to the argument indicates that it may contain credentials.

HardcodedExpr

An expression that is either a non-empty string literal or a hard-coded byte or char array.

PasswordVariable

A variable whose name indicates that it may hold a password.

UsernameVariable

A variable whose name indicates that it may hold a user name.