Hardcoded credentials in CouchBase

Author: mbaluda

java/ql/lib/ext/com.couchbase.client.core.env.model.yml

@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.couchbase.client.core.env", "CertificateAuthenticator", true, "fromKey", "(PrivateKey,String,List)", "", "Argument[0]", "credentials-key", "manual"]
+      - ["com.couchbase.client.core.env", "CertificateAuthenticator", true, "fromKey", "(PrivateKey,String,List)", "", "Argument[1]", "credentials-password", "manual"]
+      - ["com.couchbase.client.core.env", "CertificateAuthenticator", true, "fromKeyStore", "(Path,String,Optional<String>)", "", "Argument[1]", "credentials-password", "manual"]
+      - ["com.couchbase.client.core.env", "CertificateAuthenticator", true, "fromKeyStore", "(KeyStore,String)", "", "Argument[1]", "credentials-password", "manual"]
+      - ["com.couchbase.client.core.env", "PasswordAuthenticator$Builder", true, "username", "(String)", "", "Argument[0]", "credentials-username", "manual"]
+      - ["com.couchbase.client.core.env", "PasswordAuthenticator$Builder", true, "username", "(Supplier<String>)", "", "Argument[0]", "credentials-username", "manual"]
+      - ["com.couchbase.client.core.env", "PasswordAuthenticator$Builder", true, "password", "(String)", "", "Argument[0]", "credentials-password", "manual"]

java/ql/lib/ext/com.couchbase.client.java.model.yml

@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.couchbase.client.java","ClusterOptions",true,"clusterOptions","(String,String)","","Argument[0]","credentials-username","manual"]
+      - ["com.couchbase.client.java","ClusterOptions",true,"clusterOptions","(String,String)","","Argument[1]","credentials-password","manual"]
+      - ["com.couchbase.client.java","Cluster",true,"connect","(String,String,String)","","Argument[1]","credentials-username","manual"]
+      - ["com.couchbase.client.java","Cluster",true,"connect","(String,String,String)","","Argument[2]","credentials-password","manual"]

java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java

@@ -0,0 +1,35 @@
+import static com.couchbase.client.java.ClusterOptions.clusterOptions;
+
+import com.couchbase.client.core.env.Authenticator;
+import com.couchbase.client.core.env.CertificateAuthenticator;
+import com.couchbase.client.core.env.PasswordAuthenticator;
+import com.couchbase.client.java.Cluster;
+
+public class HardcodedCouchBaseCredentials {
+  public static void test() {
+    Cluster cluster1 =
+        Cluster.connect(
+            "127.0.0.1",
+            "Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+            "password"); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+    Cluster cluster2 =
+        Cluster.connect(
+            "127.0.0.1",
+            clusterOptions(
+                "Administrator", // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+                "password")); // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+    PasswordAuthenticator authenticator1 =
+        PasswordAuthenticator.builder()
+            .username(
+                "Administrator") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+            .password("password") // $ HardcodedCredentialsApiCall $ HardcodedCredentialsSourceCall
+            .onlyEnablePlainSaslMechanism()
+            .build();
+
+    Authenticator authenticator2 =
+        CertificateAuthenticator.fromKeyStore(
+            null,
+            "keyStorePassword"); // $ HardcodedCredentialsApiCall
+    Cluster cluster = Cluster.connect("127.0.0.1", clusterOptions(authenticator2));
+  }
+}

java/ql/test/query-tests/security/CWE-798/semmle/tests/options

@@ -1 +1 @@
-// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/mssql-jdbc-12.2.0:${testdir}/../../../../../stubs/auth0-jwt-2.3
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/mssql-jdbc-12.2.0:${testdir}/../../../../../stubs/auth0-jwt-2.3