CodeQL library for Java/Kotlin
codeql/java-all 5.0.1-dev (changelog, source)
Search

Module HardcodedCredentialsSourceCallQuery

Provides classes to detect using a hard-coded credential in a sensitive call.

Import path

import semmle.code.java.security.HardcodedCredentialsSourceCallQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

HardcodedCredentials

Provides classes and predicates relating to hardcoded credentials.

java

Provides all default Java QL imports.

Classes

FinalCredentialsSourceSink

An argument to a call, where the parameter name corresponding to the argument indicates that it may contain credentials, and where this expression does not flow on to another CredentialsSink.

Modules

HardcodedCredentialParameterSourceCallConfig

A data-flow configuration that tracks flow from an argument whose corresponding parameter name suggests a credential, to an argument to a sensitive call.

HardcodedCredentialSourceCallConfig

A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests it may be a credential, excluding those which flow on to other such insecure usage sites.

Aliases

HardcodedCredentialParameterSourceCallFlow

Tracks flow from an argument whose corresponding parameter name suggests a credential, to an argument to a sensitive call.

HardcodedCredentialSourceCallFlow

Tracks hardcoded expressions flowing to a parameter whose name suggests it may be a credential, excluding those which flow on to other such insecure usage sites.