ajinabraham.njsscan.generic.hardcoded_secrets.node_password

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
GPLv3
License

A hardcoded password in plain text is identified. Store it properly in an environment variable.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: node_password
    patterns:
      - pattern-not: $X = ''
      - pattern-not: $OBJ[$X] = ''
      - pattern-not: $OBJ.$X = ''
      - pattern-either:
          - pattern: |
              $X = '...'
      - metavariable-regex:
          metavariable: $X
          regex: (?i:.*pass.*)
    message: A hardcoded password in plain text is identified. Store it properly in
      an environment variable.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a3
      cwe: cwe-798
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other