ajinabraham.njsscan.jwt.jwt_express_hardcoded.jwt_express_hardcoded
ajinabrahamAuthor
unknown
Download Count*
License
Hardcoded JWT secret or private key was found. Store it properly in an environment variable.
Run Locally
Run in CI
Defintion
rules:
- id: jwt_express_hardcoded
patterns:
- pattern-inside: |
$JWT = require('express-jwt')
...
- pattern-either:
- pattern: |
$JWT(<... {secret: "..."} ...>,...)
- pattern: |
$SECRET = "...";
...
$JWT(<... {secret: $SECRET} ...>,...)
- pattern: |
$OPTS = <... {secret: "..."} ...>;
...
$JWT($OPTS,...)
- pattern: |-
$SECRET = "...";
...
$OPTS = <... {secret: $SECRET} ...>;
...
$JWT($OPTS,...)
message: Hardcoded JWT secret or private key was found. Store it properly in an
environment variable.
severity: ERROR
languages:
- javascript
metadata:
cwe: cwe-522
owasp-web: a2
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/EKRe