mobsf.mobsfscan.secrets.hardcoded_username

MobSF

Author

505

Download Count*

GPLv3

License

A hardcoded username in plain text is identified.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: hardcoded_username
    patterns:
      - pattern-not: $X = "";
      - pattern-not: $M($X, "", ...);
      - pattern-either:
          - pattern: |
              $X = "...";
          - pattern: |
              $M($X, "...", ...);
      - metavariable-regex:
          metavariable: $X
          regex: (?i:.*user.*)
    message: A hardcoded username in plain text is identified.
    languages:
      - java
    severity: WARNING
    metadata:
      cwe: cwe-798
      owasp-mobile: m9
      masvs: storage-14
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#storing-a-key---example
      license: LGPL-3.0-or-later

Short Link: https://sg.run/lx49