A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests it may be a credential, excluding those which flow on to other such insecure usage sites.
Import path
import semmle.code.java.security.HardcodedCredentialsSourceCallQueryPredicates
| isSink | Holds if |
| isSource | Holds if |
| observeDiffInformedIncrementalMode | Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by |