Java: CWE-798 Query to detect hard-coded Azure credentials#5852
Java: CWE-798 Query to detect hard-coded Azure credentials#5852smowton merged 5 commits intogithub:mainfrom
Conversation
50cad57 to
fc7d340
Compare
java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.qhelp
Outdated
Show resolved
Hide resolved
|
Thanks @smowton for reviewing this PR. I've made all requested changes. Please re-review. |
java/ql/src/Security/CWE/CWE-798/HardcodedAzureCredentials.java
Outdated
Show resolved
Hide resolved
|
@aschackmull I note two of the predicates in |
smowton
left a comment
There was a problem hiding this comment.
lgtm; over to @aschackmull for final review
java/change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md
Outdated
Show resolved
Hide resolved
|
@aschackmull @smowton I'll close this PR once @bananabr or another staff merges this query. Or please close it on my behalf. |
|
Sorry, forgot about this because it wasn't in the bug bounty program any longer |
|
@smowton Thanks for merging the code and closing the PR. I know it wasn't in the bug bounty program any longer as per the previous discussion and just want to have the code contributed to the code repository to have one less open PRs:-) |
|
Hi @luchua-bc, I can definitely work on merging this query. I had an impossible week but I plan to work on my PR soon. |
|
Thanks @bananabr for the update. |
Microsoft Azure is one of the most popular cloud computing solutions for building, testing, deploying, and managing applications and services in the cloud.
Azure offers a well-maintained Java SDK for provisioning, managing, and using Azure resources from Java application code. The Azure SDK for Java is composed of many individual Java libraries that relate to specific Azure services.
The query detects calling Azure SDK with a hard-coded user name and password or client secret.
Please consider to merge the PR. Thanks.