From bb7b8e1ad0e345862980a163b688f4554ebc1df8 Mon Sep 17 00:00:00 2001 From: Sakshis Date: Mon, 16 Dec 2024 13:09:06 +0000 Subject: [PATCH 1/2] removed missing-secure-java --- rules/java/security/missing-secure-java.yml | 70 ------------------- .../missing-secure-java-snapshot.yml | 32 --------- tests/java/missing-secure-java-test.yml | 15 ---- 3 files changed, 117 deletions(-) delete mode 100644 rules/java/security/missing-secure-java.yml delete mode 100644 tests/__snapshots__/missing-secure-java-snapshot.yml delete mode 100644 tests/java/missing-secure-java-test.yml diff --git a/rules/java/security/missing-secure-java.yml b/rules/java/security/missing-secure-java.yml deleted file mode 100644 index 755e6660..00000000 --- a/rules/java/security/missing-secure-java.yml +++ /dev/null @@ -1,70 +0,0 @@ -id: missing-secure-java -language: java -severity: warning -message: >- - Detected a cookie where the `Secure` flag is either missing or - disabled. The `Secure` cookie flag instructs the browser to forbid sending - the cookie over an insecure HTTP request. Set the `Secure` flag to `true` - so the cookie will only be sent over HTTPS. -note: >- - [CWE-614]: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - [OWASP A05:2021]: Security Misconfiguration - [REFERENCES] - - https://owasp.org/Top10/A05_2021-Security_Misconfiguration -utils: - match_without_httponly: - kind: argument_list - has: - kind: object_creation_expression - inside: - stopBy: end - kind: method_invocation - - match_cookie_last: - kind: argument_list - has: - kind: method_invocation - has: - kind: argument_list - has: - kind: string_literal - - match_instance: - kind: local_variable_declaration - has: - stopBy: end - kind: identifier - follows: - stopBy: end - kind: variable_declarator - - match_identifier_with_simplecookie: - kind: identifier - inside: - stopBy: end - kind: local_variable_declaration - all: - - has: - stopBy: end - kind: type_identifier - regex: '^SimpleCookie$|^Cookie$' - - has: - stopBy: neighbor - kind: variable_declarator - all: - - has: - stopBy: neighbor - kind: identifier - - has: - stopBy: neighbor - kind: object_creation_expression - - not: - precedes: - stopBy: neighbor - kind: expression_statement -rule: - any: - - matches: match_instance - - matches: match_without_httponly - - matches: match_cookie_last - - matches: match_identifier_with_simplecookie diff --git a/tests/__snapshots__/missing-secure-java-snapshot.yml b/tests/__snapshots__/missing-secure-java-snapshot.yml deleted file mode 100644 index 3931463b..00000000 --- a/tests/__snapshots__/missing-secure-java-snapshot.yml +++ /dev/null @@ -1,32 +0,0 @@ -id: missing-secure-java -snapshots: - ? | - SimpleCookie s = new SimpleCookie("foo", "bar"); - .orElse( new NettyCookie( "foo", "bar" ) ); - Cookie z = new NettyCookie("foo", "bar"); - return HttpResponse.ok().cookie(Cookie.of("zzz", "ddd")); - : labels: - - source: s - style: primary - start: 13 - end: 14 - - source: SimpleCookie - style: secondary - start: 0 - end: 12 - - source: s - style: secondary - start: 13 - end: 14 - - source: new SimpleCookie("foo", "bar") - style: secondary - start: 17 - end: 47 - - source: s = new SimpleCookie("foo", "bar") - style: secondary - start: 13 - end: 47 - - source: SimpleCookie s = new SimpleCookie("foo", "bar"); - style: secondary - start: 0 - end: 48 diff --git a/tests/java/missing-secure-java-test.yml b/tests/java/missing-secure-java-test.yml deleted file mode 100644 index 507f951f..00000000 --- a/tests/java/missing-secure-java-test.yml +++ /dev/null @@ -1,15 +0,0 @@ -id: missing-secure-java -valid: - - | - Cookie c1 = getCookieSomewhere(); - return HttpResponse.ok().cookie(Cookie.of("foo", "bar").secure(true)); - Cookie cookie = request.getCookies().findCookie( "foobar" ) - Cookie c = new NettyCookie("foo", "bar"); - c.secure(true); - NettyCookie r = new NettyCookie("foo", "bar").secure(true); -invalid: - - | - SimpleCookie s = new SimpleCookie("foo", "bar"); - .orElse( new NettyCookie( "foo", "bar" ) ); - Cookie z = new NettyCookie("foo", "bar"); - return HttpResponse.ok().cookie(Cookie.of("zzz", "ddd")); From 6686fa1a98b94f3f7d338f0dbde1c08747e0f84a Mon Sep 17 00:00:00 2001 From: ESS ENN Date: Wed, 8 Jan 2025 18:49:14 +0530 Subject: [PATCH 2/2] Removing rule express-jwt-hardcoded-secret-typescript --- ...xpress-jwt-hardcoded-secret-typescript.yml | 513 ----------------- ...t-hardcoded-secret-typescript-snapshot.yml | 515 ------------------ ...s-jwt-hardcoded-secret-typescript-test.yml | 44 -- 3 files changed, 1072 deletions(-) delete mode 100644 rules/typescript/security/express-jwt-hardcoded-secret-typescript.yml delete mode 100644 tests/__snapshots__/express-jwt-hardcoded-secret-typescript-snapshot.yml delete mode 100644 tests/typescript/express-jwt-hardcoded-secret-typescript-test.yml diff --git a/rules/typescript/security/express-jwt-hardcoded-secret-typescript.yml b/rules/typescript/security/express-jwt-hardcoded-secret-typescript.yml deleted file mode 100644 index bd042545..00000000 --- a/rules/typescript/security/express-jwt-hardcoded-secret-typescript.yml +++ /dev/null @@ -1,513 +0,0 @@ -id: express-jwt-hardcoded-secret-typescript -language: typescript -severity: warning -message: >- - A hard-coded credential was detected. It is not recommended to store - credentials in source-code, as this risks secrets being leaked and used by - either an internal or external malicious adversary. It is recommended to - use environment variables to securely provide credentials or retrieve - credentials from a secure vault or HSM (Hardware Security Module). -note: >- - [CWE-798] Use of Hard-coded Credentials. - [REFERENCES] - - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html - -utils: - MATCH_SECRET_DIRECTLY: - kind: string_fragment - pattern: $SECRET - all: - - inside: - stopBy: end - all: - - has: - stopBy: end - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: arguments - has: - stopBy: neighbor - kind: object - has: - stopBy: end - kind: pair - all: - - has: - stopBy: neighbor - kind: property_identifier - nthChild: 1 - regex: ^secret$ - - has: - stopBy: neighbor - kind: string - has: - stopBy: neighbor - kind: string_fragment - pattern: $SECRET - - - any: - - follows: - stopBy: end - kind: variable_declaration - has: - stopBy: end - kind: variable_declarator - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - regex: '^require$' - - has: - stopBy: neighbor - kind: arguments - has: - stopBy: neighbor - kind : string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: end - kind: import_clause - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: string - has: - stopBy: end - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: end - kind: import_clause - has: - stopBy: end - kind: namespace_import - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: neighbor - kind: import_clause - has: - stopBy: neighbor - kind: named_imports - has: - stopBy: neighbor - kind: import_specifier - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - not: - has: - stopBy: neighbor - nthChild: 2 - - has: - stopBy: end - kind: string - has: - stopBy: end - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: lexical_declaration - has: - stopBy: end - kind: variable_declarator - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - regex: '^require$' - - has: - stopBy: neighbor - kind: arguments - has: - stopBy: neighbor - kind : string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - pattern: $E = require('express-jwt'); - - follows: - stopBy: end - kind: import_statement - pattern: import { $E } from 'express-jwt'; - - - inside: - stopBy: end - kind: call_expression - not: - has: - stopBy: neighbor - kind: member_expression - - inside: - stopBy: end - kind: pair - all: - - not: - has: - stopBy: neighbor - any: - - kind: string - - kind: computed_property_name - nthChild: 1 - - not: - has: - stopBy: neighbor - nthChild: 3 - - not: - follows: - stopBy: end - kind: pair - has: - stopBy: neighbor - kind: property_identifier - regex: ^secret$ - - inside: - stopBy: neighbor - kind: object - not: - follows: - stopBy: end - kind: object - has: - stopBy: neighbor - kind: pair - has: - stopBy: neighbor - kind: property_identifier - regex: ^secret$ - - inside: - stopBy: neighbor - kind: string - not: - inside: - stopBy: neighbor - any: - - kind: arguments - - kind: array - - inside: - stopBy: end - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: arguments - all: - - has: - stopBy: neighbor - kind: object - has: - stopBy: neighbor - kind: pair - all: - - has: - stopBy: neighbor - kind: property_identifier - regex: ^secret$ - - has: - stopBy: neighbor - kind: string - has: - stopBy: neighbor - kind: string_fragment - - not: - has: - stopBy: neighbor - kind: object - has: - stopBy: neighbor - kind: pair - all: - - has: - stopBy: neighbor - kind: property_identifier - not: - regex: ^secret$ - MATCH_SECRET_WITH_INSTANCE: - kind: string_fragment - pattern: $STRING - all: - - any: - - inside: - stopBy: end - all: - - has: - stopBy: end - kind: variable_declarator - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $IT - - has: - stopBy: neighbor - kind: string - pattern: $SECRET - has: - stopBy: neighbor - kind: string_fragment - - precedes: - stopBy: end - kind: expression_statement - has: - stopBy: end - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: end - kind: pair - all: - - has: - stopBy: neighbor - kind: property_identifier - regex: ^secret$ - - has: - stopBy: neighbor - kind: identifier - pattern: $IT - - inside: - stopBy: end - kind: expression_statement - all: - - has: - stopBy: neighbor - kind: assignment_expression - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $IT - - has: - stopBy: neighbor - kind: string - has: - stopBy: neighbor - kind: string_fragment - pattern: $SECRET - - precedes: - stopBy: end - kind: expression_statement - has: - stopBy: end - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: end - kind: pair - all: - - has: - stopBy: neighbor - kind: property_identifier - regex: ^secret$ - - has: - stopBy: neighbor - kind: identifier - pattern: $IT - - inside: - stopBy: end - any: - - follows: - stopBy: end - kind: variable_declaration - has: - stopBy: end - kind: variable_declarator - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - regex: '^require$' - - has: - stopBy: neighbor - kind: arguments - has: - stopBy: neighbor - kind : string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: end - kind: import_clause - has: - stopBy: neighbor - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: string - has: - stopBy: end - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: end - kind: import_clause - has: - stopBy: end - kind: namespace_import - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: import_statement - all: - - has: - stopBy: neighbor - kind: import_clause - has: - stopBy: neighbor - kind: named_imports - has: - stopBy: neighbor - kind: import_specifier - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - not: - has: - stopBy: neighbor - nthChild: 2 - - has: - stopBy: end - kind: string - has: - stopBy: end - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - kind: lexical_declaration - has: - stopBy: end - kind: variable_declarator - all: - - has: - stopBy: end - kind: identifier - pattern: $E - - has: - stopBy: neighbor - kind: call_expression - all: - - has: - stopBy: neighbor - kind: identifier - regex: '^require$' - - has: - stopBy: neighbor - kind: arguments - has: - stopBy: neighbor - kind : string - has: - stopBy: neighbor - kind: string_fragment - regex: '^express-jwt$' - - follows: - stopBy: end - pattern: $E = require('express-jwt'); - - not: - inside: - stopBy: end - kind: statement_block -rule: - kind: string_fragment - any: - - matches: MATCH_SECRET_DIRECTLY - - matches: MATCH_SECRET_WITH_INSTANCE - \ No newline at end of file diff --git a/tests/__snapshots__/express-jwt-hardcoded-secret-typescript-snapshot.yml b/tests/__snapshots__/express-jwt-hardcoded-secret-typescript-snapshot.yml deleted file mode 100644 index bd5d5506..00000000 --- a/tests/__snapshots__/express-jwt-hardcoded-secret-typescript-snapshot.yml +++ /dev/null @@ -1,515 +0,0 @@ -id: express-jwt-hardcoded-secret-typescript -snapshots: - ? | - import express from 'express'; - import jwt from 'express-jwt'; - app.get('/protected1', jwt({ secret: 'super-secret-key' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - : labels: - - source: super-secret-key - style: primary - start: 100 - end: 116 - - source: jwt - style: secondary - start: 85 - end: 88 - - source: secret - style: secondary - start: 91 - end: 97 - - source: super-secret-key - style: secondary - start: 100 - end: 116 - - source: '''super-secret-key''' - style: secondary - start: 99 - end: 117 - - source: 'secret: ''super-secret-key''' - style: secondary - start: 91 - end: 117 - - source: '{ secret: ''super-secret-key'' }' - style: secondary - start: 89 - end: 119 - - source: '({ secret: ''super-secret-key'' })' - style: secondary - start: 88 - end: 120 - - source: 'jwt({ secret: ''super-secret-key'' })' - style: secondary - start: 85 - end: 120 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: express-jwt - style: secondary - start: 48 - end: 59 - - source: '''express-jwt''' - style: secondary - start: 47 - end: 60 - - source: import jwt from 'express-jwt'; - style: secondary - start: 31 - end: 61 - - source: |- - app.get('/protected1', jwt({ secret: 'super-secret-key' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - style: secondary - start: 62 - end: 216 - - source: 'jwt({ secret: ''super-secret-key'' })' - style: secondary - start: 85 - end: 120 - - source: '{ secret: ''super-secret-key'' }' - style: secondary - start: 89 - end: 119 - - source: 'secret: ''super-secret-key''' - style: secondary - start: 91 - end: 117 - - source: '''super-secret-key''' - style: secondary - start: 99 - end: 117 - - source: jwt - style: secondary - start: 85 - end: 88 - - source: secret - style: secondary - start: 91 - end: 97 - - source: super-secret-key - style: secondary - start: 100 - end: 116 - - source: '''super-secret-key''' - style: secondary - start: 99 - end: 117 - - source: 'secret: ''super-secret-key''' - style: secondary - start: 91 - end: 117 - - source: '{ secret: ''super-secret-key'' }' - style: secondary - start: 89 - end: 119 - - source: '({ secret: ''super-secret-key'' })' - style: secondary - start: 88 - end: 120 - - source: 'jwt({ secret: ''super-secret-key'' })' - style: secondary - start: 85 - end: 120 - ? | - import express from 'express'; - import jwt from 'express-jwt'; - const secret3 = 'static-secret'; - app.get('/protected4', jwt({ secret: secret3, issuer: 'http://issuer' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - : labels: - - source: static-secret - style: primary - start: 79 - end: 92 - - source: secret3 - style: secondary - start: 68 - end: 75 - - source: static-secret - style: secondary - start: 79 - end: 92 - - source: '''static-secret''' - style: secondary - start: 78 - end: 93 - - source: secret3 = 'static-secret' - style: secondary - start: 68 - end: 93 - - source: jwt - style: secondary - start: 118 - end: 121 - - source: secret - style: secondary - start: 124 - end: 130 - - source: secret3 - style: secondary - start: 132 - end: 139 - - source: 'secret: secret3' - style: secondary - start: 124 - end: 139 - - source: 'jwt({ secret: secret3, issuer: ''http://issuer'' })' - style: secondary - start: 118 - end: 167 - - source: |- - app.get('/protected4', jwt({ secret: secret3, issuer: 'http://issuer' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - style: secondary - start: 95 - end: 263 - - source: const secret3 = 'static-secret'; - style: secondary - start: 62 - end: 94 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: express-jwt - style: secondary - start: 48 - end: 59 - - source: '''express-jwt''' - style: secondary - start: 47 - end: 60 - - source: import jwt from 'express-jwt'; - style: secondary - start: 31 - end: 61 - - source: const secret3 = 'static-secret'; - style: secondary - start: 62 - end: 94 - ? | - import express from 'express'; - import jwt from 'express-jwt'; - let hardcodedSecret1 = 'super-secret-key'; - app.get('/protected2', jwt({ secret: hardcodedSecret1 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - : labels: - - source: super-secret-key - style: primary - start: 86 - end: 102 - - source: hardcodedSecret1 - style: secondary - start: 66 - end: 82 - - source: super-secret-key - style: secondary - start: 86 - end: 102 - - source: '''super-secret-key''' - style: secondary - start: 85 - end: 103 - - source: hardcodedSecret1 = 'super-secret-key' - style: secondary - start: 66 - end: 103 - - source: jwt - style: secondary - start: 128 - end: 131 - - source: secret - style: secondary - start: 134 - end: 140 - - source: hardcodedSecret1 - style: secondary - start: 142 - end: 158 - - source: 'secret: hardcodedSecret1' - style: secondary - start: 134 - end: 158 - - source: 'jwt({ secret: hardcodedSecret1 })' - style: secondary - start: 128 - end: 161 - - source: |- - app.get('/protected2', jwt({ secret: hardcodedSecret1 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - style: secondary - start: 105 - end: 257 - - source: let hardcodedSecret1 = 'super-secret-key'; - style: secondary - start: 62 - end: 104 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: jwt - style: secondary - start: 38 - end: 41 - - source: express-jwt - style: secondary - start: 48 - end: 59 - - source: '''express-jwt''' - style: secondary - start: 47 - end: 60 - - source: import jwt from 'express-jwt'; - style: secondary - start: 31 - end: 61 - - source: let hardcodedSecret1 = 'super-secret-key'; - style: secondary - start: 62 - end: 104 - ? | - import { expressJwt } from 'express-jwt'; - const secret4 = 'jwt-hardcoded-secret'; - app.get('/protected7', expressJwt({ secret: secret4 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - : labels: - - source: jwt-hardcoded-secret - style: primary - start: 59 - end: 79 - - source: secret4 - style: secondary - start: 48 - end: 55 - - source: jwt-hardcoded-secret - style: secondary - start: 59 - end: 79 - - source: '''jwt-hardcoded-secret''' - style: secondary - start: 58 - end: 80 - - source: secret4 = 'jwt-hardcoded-secret' - style: secondary - start: 48 - end: 80 - - source: expressJwt - style: secondary - start: 105 - end: 115 - - source: secret - style: secondary - start: 118 - end: 124 - - source: secret4 - style: secondary - start: 126 - end: 133 - - source: 'secret: secret4' - style: secondary - start: 118 - end: 133 - - source: 'expressJwt({ secret: secret4 })' - style: secondary - start: 105 - end: 136 - - source: |- - app.get('/protected7', expressJwt({ secret: secret4 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - style: secondary - start: 82 - end: 232 - - source: const secret4 = 'jwt-hardcoded-secret'; - style: secondary - start: 42 - end: 81 - - source: expressJwt - style: secondary - start: 9 - end: 19 - - source: expressJwt - style: secondary - start: 9 - end: 19 - - source: '{ expressJwt }' - style: secondary - start: 7 - end: 21 - - source: '{ expressJwt }' - style: secondary - start: 7 - end: 21 - - source: express-jwt - style: secondary - start: 28 - end: 39 - - source: '''express-jwt''' - style: secondary - start: 27 - end: 40 - - source: import { expressJwt } from 'express-jwt'; - style: secondary - start: 0 - end: 41 - - source: const secret4 = 'jwt-hardcoded-secret'; - style: secondary - start: 42 - end: 81 - ? | - var jwt = require('express-jwt'); - app.get('/protected', jwt({ secret: 'shhhhhhared-secret' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - : labels: - - source: shhhhhhared-secret - style: primary - start: 71 - end: 89 - - source: jwt - style: secondary - start: 56 - end: 59 - - source: secret - style: secondary - start: 62 - end: 68 - - source: shhhhhhared-secret - style: secondary - start: 71 - end: 89 - - source: '''shhhhhhared-secret''' - style: secondary - start: 70 - end: 90 - - source: 'secret: ''shhhhhhared-secret''' - style: secondary - start: 62 - end: 90 - - source: '{ secret: ''shhhhhhared-secret'' }' - style: secondary - start: 60 - end: 92 - - source: '({ secret: ''shhhhhhared-secret'' })' - style: secondary - start: 59 - end: 93 - - source: 'jwt({ secret: ''shhhhhhared-secret'' })' - style: secondary - start: 56 - end: 93 - - source: jwt - style: secondary - start: 4 - end: 7 - - source: require - style: secondary - start: 10 - end: 17 - - source: express-jwt - style: secondary - start: 19 - end: 30 - - source: '''express-jwt''' - style: secondary - start: 18 - end: 31 - - source: ('express-jwt') - style: secondary - start: 17 - end: 32 - - source: require('express-jwt') - style: secondary - start: 10 - end: 32 - - source: jwt = require('express-jwt') - style: secondary - start: 4 - end: 32 - - source: var jwt = require('express-jwt'); - style: secondary - start: 0 - end: 33 - - source: |- - app.get('/protected', jwt({ secret: 'shhhhhhared-secret' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - style: secondary - start: 34 - end: 189 - - source: 'jwt({ secret: ''shhhhhhared-secret'' })' - style: secondary - start: 56 - end: 93 - - source: '{ secret: ''shhhhhhared-secret'' }' - style: secondary - start: 60 - end: 92 - - source: 'secret: ''shhhhhhared-secret''' - style: secondary - start: 62 - end: 90 - - source: '''shhhhhhared-secret''' - style: secondary - start: 70 - end: 90 - - source: jwt - style: secondary - start: 56 - end: 59 - - source: secret - style: secondary - start: 62 - end: 68 - - source: shhhhhhared-secret - style: secondary - start: 71 - end: 89 - - source: '''shhhhhhared-secret''' - style: secondary - start: 70 - end: 90 - - source: 'secret: ''shhhhhhared-secret''' - style: secondary - start: 62 - end: 90 - - source: '{ secret: ''shhhhhhared-secret'' }' - style: secondary - start: 60 - end: 92 - - source: '({ secret: ''shhhhhhared-secret'' })' - style: secondary - start: 59 - end: 93 - - source: 'jwt({ secret: ''shhhhhhared-secret'' })' - style: secondary - start: 56 - end: 93 diff --git a/tests/typescript/express-jwt-hardcoded-secret-typescript-test.yml b/tests/typescript/express-jwt-hardcoded-secret-typescript-test.yml deleted file mode 100644 index e3ea87cc..00000000 --- a/tests/typescript/express-jwt-hardcoded-secret-typescript-test.yml +++ /dev/null @@ -1,44 +0,0 @@ -id: express-jwt-hardcoded-secret-typescript -valid: - - | - app.get('/ok-protected', jwt({ secret: process.env.SECRET }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); -invalid: - - | - var jwt = require('express-jwt'); - app.get('/protected', jwt({ secret: 'shhhhhhared-secret' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - - | - import express from 'express'; - import jwt from 'express-jwt'; - let hardcodedSecret1 = 'super-secret-key'; - app.get('/protected2', jwt({ secret: hardcodedSecret1 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - - | - import express from 'express'; - import jwt from 'express-jwt'; - const secret3 = 'static-secret'; - app.get('/protected4', jwt({ secret: secret3, issuer: 'http://issuer' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - - | - import express from 'express'; - import jwt from 'express-jwt'; - app.get('/protected1', jwt({ secret: 'super-secret-key' }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - }); - - | - import { expressJwt } from 'express-jwt'; - const secret4 = 'jwt-hardcoded-secret'; - app.get('/protected7', expressJwt({ secret: secret4 }), function(req, res) { - if (!req.user.admin) return res.sendStatus(401); - res.sendStatus(200); - });