1+ id : hardcoded-connection-password-java
2+ severity : warning
3+ language : java
4+ message : >-
5+ A secret is hard-coded in the application. Secrets stored in source
6+ code, such as credentials, identifiers, and other types of sensitive data,
7+ can be leaked and used by internal or external malicious actors. Use
8+ environment variables to securely provide credentials and other secrets or
9+ retrieve them from a secure vault or Hardware Security Module (HSM).
10+ note : >-
11+ [CWE-798] Use of Hard-coded Credentials.
12+ [REFERENCES]
13+ - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
14+ - https://db.apache.org/jdo/api30/apidocs/javax/jdo/PersistenceManagerFactory.html
15+
16+ ast-grep-essentials : true
17+
18+ utils :
19+
20+ (javax.jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...") :
21+ kind : identifier
22+ regex : ^setConnectionPassword$
23+ all :
24+ - precedes :
25+ kind : argument_list
26+ has :
27+ kind : string_literal
28+ has :
29+ kind : string_fragment
30+ not :
31+ has :
32+ nthChild :
33+ position : 2
34+ ofRule :
35+ not :
36+ kind : line_comment
37+ - inside :
38+ stopBy : end
39+ kind : method_invocation
40+ has :
41+ stopBy : end
42+ kind : identifier
43+ pattern : $INST
44+ nthChild : 1
45+ - inside :
46+ stopBy : end
47+ follows :
48+ stopBy : end
49+ any :
50+ - kind : local_variable_declaration
51+ - kind : field_declaration
52+ all :
53+ - has :
54+ kind : scoped_type_identifier
55+ regex : ^javax.jdo.PersistenceManagerFactory$
56+ - has :
57+ kind : variable_declarator
58+ has :
59+ kind : identifier
60+ pattern : $INST
61+
62+ (javax.jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance :
63+ kind : identifier
64+ regex : ^setConnectionPassword$
65+ all :
66+ - precedes :
67+ kind : argument_list
68+ not :
69+ has :
70+ nthChild :
71+ position : 2
72+ ofRule :
73+ not :
74+ kind : line_comment
75+ has :
76+ kind : identifier
77+ pattern : $PSWD
78+ - inside :
79+ stopBy : end
80+ kind : method_invocation
81+ has :
82+ stopBy : end
83+ kind : identifier
84+ pattern : $INST
85+ nthChild : 1
86+ - inside :
87+ stopBy : end
88+ follows :
89+ stopBy : end
90+ any :
91+ - kind : local_variable_declaration
92+ - kind : field_declaration
93+ all :
94+ - has :
95+ kind : scoped_type_identifier
96+ regex : ^javax.jdo.PersistenceManagerFactory$
97+ - has :
98+ kind : variable_declarator
99+ has :
100+ kind : identifier
101+ pattern : $INST
102+ - inside :
103+ stopBy : end
104+ follows :
105+ stopBy : end
106+ any :
107+ - kind : local_variable_declaration
108+ - kind : field_declaration
109+ has :
110+ kind : variable_declarator
111+ all :
112+ - has :
113+ kind : identifier
114+ pattern : $PSWD
115+ - has :
116+ kind : string_literal
117+ has :
118+ kind : string_fragment
119+
120+ (jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...") :
121+ kind : identifier
122+ regex : ^setConnectionPassword$
123+ all :
124+ - precedes :
125+ kind : argument_list
126+ not :
127+ has :
128+ nthChild :
129+ position : 2
130+ ofRule :
131+ not :
132+ kind : line_comment
133+ has :
134+ kind : string_literal
135+ has :
136+ kind : string_fragment
137+ - inside :
138+ stopBy : end
139+ kind : method_invocation
140+ has :
141+ stopBy : end
142+ kind : identifier
143+ pattern : $INST
144+ nthChild : 1
145+ - inside :
146+ stopBy : end
147+ follows :
148+ stopBy : end
149+ any :
150+ - kind : local_variable_declaration
151+ - kind : field_declaration
152+ all :
153+ - has :
154+ kind : scoped_type_identifier
155+ regex : ^jdo.PersistenceManagerFactory$
156+ - has :
157+ kind : variable_declarator
158+ has :
159+ kind : identifier
160+ pattern : $INST
161+ - inside :
162+ stopBy : end
163+ follows :
164+ stopBy : end
165+ any :
166+ - pattern : import javax.*;
167+
168+ (jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance :
169+ kind : identifier
170+ regex : ^setConnectionPassword$
171+ all :
172+ - precedes :
173+ kind : argument_list
174+ not :
175+ has :
176+ nthChild :
177+ position : 2
178+ ofRule :
179+ not :
180+ kind : line_comment
181+ has :
182+ kind : identifier
183+ pattern : $PSWD
184+ - inside :
185+ stopBy : end
186+ kind : method_invocation
187+ has :
188+ stopBy : end
189+ kind : identifier
190+ pattern : $INST
191+ nthChild : 1
192+ - inside :
193+ stopBy : end
194+ follows :
195+ stopBy : end
196+ any :
197+ - kind : local_variable_declaration
198+ - kind : field_declaration
199+ all :
200+ - has :
201+ kind : scoped_type_identifier
202+ regex : ^jdo.PersistenceManagerFactory$
203+ - has :
204+ kind : variable_declarator
205+ has :
206+ kind : identifier
207+ pattern : $INST
208+ - inside :
209+ stopBy : end
210+ follows :
211+ stopBy : end
212+ any :
213+ - kind : local_variable_declaration
214+ - kind : field_declaration
215+ has :
216+ kind : variable_declarator
217+ all :
218+ - has :
219+ kind : identifier
220+ pattern : $PSWD
221+ - has :
222+ kind : string_literal
223+ has :
224+ kind : string_fragment
225+ - inside :
226+ stopBy : end
227+ follows :
228+ stopBy : end
229+ any :
230+ - pattern : import javax.*;
231+
232+ (PersistenceManagerFactory $JDO). ... .$SETPASS("...") :
233+ kind : identifier
234+ regex : ^setConnectionPassword$
235+ all :
236+ - precedes :
237+ kind : argument_list
238+ not :
239+ has :
240+ nthChild :
241+ position : 2
242+ ofRule :
243+ not :
244+ kind : line_comment
245+ has :
246+ kind : string_literal
247+ has :
248+ kind : string_fragment
249+ - inside :
250+ stopBy : end
251+ kind : method_invocation
252+ has :
253+ stopBy : end
254+ kind : identifier
255+ pattern : $INST
256+ nthChild : 1
257+ - inside :
258+ stopBy : end
259+ follows :
260+ stopBy : end
261+ any :
262+ - kind : local_variable_declaration
263+ - kind : field_declaration
264+ all :
265+ - has :
266+ kind : type_identifier
267+ regex : ^PersistenceManagerFactory$
268+ - has :
269+ kind : variable_declarator
270+ has :
271+ kind : identifier
272+ pattern : $INST
273+ - inside :
274+ stopBy : end
275+ follows :
276+ stopBy : end
277+ any :
278+ - pattern : import javax.jdo.*;
279+ - pattern : import javax.jdo.PersistenceManagerFactory;
280+
281+ (PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance :
282+ kind : identifier
283+ regex : ^setConnectionPassword$
284+ all :
285+ - precedes :
286+ kind : argument_list
287+ not :
288+ has :
289+ nthChild :
290+ position : 2
291+ ofRule :
292+ not :
293+ kind : line_comment
294+ has :
295+ kind : identifier
296+ pattern : $PSWD
297+ - inside :
298+ stopBy : end
299+ kind : method_invocation
300+ has :
301+ stopBy : end
302+ kind : identifier
303+ pattern : $INST
304+ nthChild : 1
305+ - inside :
306+ stopBy : end
307+ follows :
308+ stopBy : end
309+ any :
310+ - kind : local_variable_declaration
311+ - kind : field_declaration
312+ all :
313+ - has :
314+ kind : type_identifier
315+ regex : ^PersistenceManagerFactory$
316+ - has :
317+ kind : variable_declarator
318+ has :
319+ kind : identifier
320+ pattern : $INST
321+ - inside :
322+ stopBy : end
323+ follows :
324+ stopBy : end
325+ any :
326+ - kind : field_declaration
327+ - kind : local_variable_declaration
328+ has :
329+ kind : variable_declarator
330+ all :
331+ - has :
332+ kind : identifier
333+ pattern : $PSWD
334+ - has :
335+ kind : string_literal
336+ has :
337+ kind : string_fragment
338+ - inside :
339+ stopBy : end
340+ follows :
341+ stopBy : end
342+ any :
343+ - pattern : import javax.jdo.*;
344+ - pattern : import javax.jdo.PersistenceManagerFactory;
345+ rule :
346+ any :
347+ - matches : (javax.jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")
348+ - matches : (javax.jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance
349+ - matches : (jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")
350+ - matches : (jdo.PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance
351+ - matches : (PersistenceManagerFactory $JDO). ... .$SETPASS("...")
352+ - matches : (PersistenceManagerFactory $JDO). ... .$SETPASS("...")_with_Instance
0 commit comments