From e6450a17ecc3068e9ec0cc53884cf8f61ccac365 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 11:24:51 +0200 Subject: [PATCH 1/7] Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials --- .../Security/CWE-798/HardcodedCredentials.js | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js index 9bd7b68bfbaf..215d31a21b03 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js @@ -415,3 +415,109 @@ app.use(jwt({ secret: secretKey })); // $ Sink })(); + + +(function(usr, passwd) { + const AWS = require("aws-sdk"); + + const ec2 = new AWS.EC2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const lambda = new AWS.Lambda({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const ecs = new AWS.ECS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const eks = new AWS.EKS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const batch = new AWS.Batch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const elasticbeanstalk = new AWS.ElasticBeanstalk({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const lightsail = new AWS.Lightsail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const apprunner = new AWS.AppRunner({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const s3 = new AWS.S3({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const efs = new AWS.EFS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const glacier = new AWS.Glacier({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const s3control = new AWS.S3Control({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const storagegateway = new AWS.StorageGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const backup = new AWS.Backup({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const dynamodb = new AWS.DynamoDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const dynamodbstreams = new AWS.DynamoDBStreams({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const rds = new AWS.RDS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const redshift = new AWS.Redshift({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const elasticache = new AWS.ElastiCache({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const neptune = new AWS.Neptune({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const qldb = new AWS.QLDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const athena = new AWS.Athena({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const route53 = new AWS.Route53({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cloudfront = new AWS.CloudFront({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const apigateway = new AWS.APIGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const apigatewayv2 = new AWS.ApiGatewayV2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const directconnect = new AWS.DirectConnect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const globalaccelerator = new AWS.GlobalAccelerator({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cloudwatch = new AWS.CloudWatch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cloudformation = new AWS.CloudFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cloudtrail = new AWS.CloudTrail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const config = new AWS.Config({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const organizations = new AWS.Organizations({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const servicecatalog = new AWS.ServiceCatalog({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const ssm = new AWS.SSM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const resourcegroups = new AWS.ResourceGroups({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const iam = new AWS.IAM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cognitoidentity = new AWS.CognitoIdentity({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const guardduty = new AWS.GuardDuty({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const inspector = new AWS.Inspector({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const kms = new AWS.KMS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const secretsmanager = new AWS.SecretsManager({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const securityhub = new AWS.SecurityHub({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const sts = new AWS.STS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const waf = new AWS.WAF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const wafregional = new AWS.WAFRegional({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const sagemaker = new AWS.SageMaker({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const rekognition = new AWS.Rekognition({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const comprehend = new AWS.Comprehend({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const textract = new AWS.Textract({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const translate = new AWS.Translate({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const polly = new AWS.Polly({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const lexmodelbuildingservice = new AWS.LexModelBuildingService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const machinelearning = new AWS.MachineLearning({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const personalize = new AWS.Personalize({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const emr = new AWS.EMR({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const kinesis = new AWS.Kinesis({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const kinesisanalytics = new AWS.KinesisAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const kinesisvideo = new AWS.KinesisVideo({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const quicksight = new AWS.QuickSight({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const datapipeline = new AWS.DataPipeline({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const glue = new AWS.Glue({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const lakeformation = new AWS.LakeFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const sns = new AWS.SNS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const sqs = new AWS.SQS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const ses = new AWS.SES({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const pinpoint = new AWS.Pinpoint({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const chime = new AWS.Chime({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const connect = new AWS.Connect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const amplify = new AWS.Amplify({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const appsync = new AWS.AppSync({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const devicefarm = new AWS.DeviceFarm({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const iotanalytics = new AWS.IoTAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const iotevents = new AWS.IoTEvents({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const iot1clickdevicesservice = new AWS.IoT1ClickDevicesService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const iotsitewise = new AWS.IoTSiteWise({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const mediaconvert = new AWS.MediaConvert({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const medialive = new AWS.MediaLive({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const mediapackage = new AWS.MediaPackage({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const mediastore = new AWS.MediaStore({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const elastictranscoder = new AWS.ElasticTranscoder({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const eventbridge = new AWS.EventBridge({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const mq = new AWS.MQ({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING:Alert + + AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ MISSING: Alert + AWS.config.secretAccessKey = "hgfedcba"; // $ MISSING: Alert + + const creds = new AWS.Credentials( + "SOMEACCESSKEY", // $ MISSING: Alert + "hgfedcba" // $ MISSING: Alert + ); + AWS.config.setCredentials(creds); + + AWS.config.update({ + accessKeyId: "SOMEACCESSKEY", // $ Alert + secretAccessKey: "hgfedcba" // $ Alert + }); +})(); From 05e4677fd167c1631e1832ffccf243b88df243f1 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 10:58:31 +0200 Subject: [PATCH 2/7] Added ability to detect `new AWS.ServiceName` cases with hardcoded credentials --- .../lib/semmle/javascript/frameworks/AWS.qll | 41 +++ .../CWE-798/HardcodedCredentials.expected | 262 ++++++++++++++++++ .../Security/CWE-798/HardcodedCredentials.js | 170 ++++++------ 3 files changed, 388 insertions(+), 85 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index 1eac5888b955..011311c7af18 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -5,6 +5,42 @@ import javascript module AWS { + /** + * Gets the name of a supported AWS service. + */ + private string getAWSServiceName() { + result = + [ + "EC2", "Lambda", "ECS", "EKS", "Batch", "ElasticBeanstalk", "Lightsail", "AppRunner", "S3", + "EFS", "Glacier", "S3Control", "StorageGateway", "Backup", "DynamoDB", "DynamoDBStreams", + "RDS", "Redshift", "ElastiCache", "Neptune", "QLDB", "Athena", "Route53", "CloudFront", + "APIGateway", "ApiGatewayV2", "DirectConnect", "GlobalAccelerator", "CloudWatch", + "CloudFormation", "CloudTrail", "Config", "Organizations", "ServiceCatalog", "SSM", + "ResourceGroups", "IAM", "CognitoIdentity", "CognitoIdentityServiceProvider", "GuardDuty", + "Inspector", "KMS", "SecretsManager", "SecurityHub", "STS", "WAF", "WAFRegional", + "SageMaker", "Rekognition", "Comprehend", "Textract", "Translate", "Polly", + "LexModelBuildingService", "MachineLearning", "Personalize", "EMR", "Kinesis", + "KinesisAnalytics", "KinesisVideo", "QuickSight", "DataPipeline", "Glue", "LakeFormation", + "SNS", "SQS", "SES", "Pinpoint", "Chime", "Connect", "Amplify", "AppSync", "DeviceFarm", + "IoTAnalytics", "IoTEvents", "IoT1ClickDevicesService", "IoTSiteWise", "MediaConvert", + "MediaLive", "MediaPackage", "MediaStore", "ElasticTranscoder", "EventBridge", "MQ", "SWF", + "StepFunctions" + ] + } + + /** + * Gets a node representing an import of the AWS SDK. + */ + private API::Node getAWSImport() { result = API::moduleImport("aws-sdk") } + + /** + * Gets a data flow node representing an instantiation of an AWS service. + */ + private DataFlow::Node getServiceInstantation() { + result = + getAWSImport().getMember(getAWSServiceName()).getAnInstantiation().getReturn().asSource() + } + /** * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ @@ -36,6 +72,11 @@ module AWS { exists(string prop, DataFlow::InvokeNode invk, int i | takesConfigurationObject(invk, i) and this = invk.getOptionArgument(i, prop) + or + // `new AWS.ServiceName({ accessKeyId: , secretAccessKey: })` + invk = getServiceInstantation() and + i = 0 and + this = invk.getOptionArgument(i, prop) | prop = "accessKeyId" and kind = "user name" or diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index d2da5f21b3cd..566023bb07b3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -75,6 +75,94 @@ | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | jwt key | | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | jwt key | | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | jwt key | +| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | user name | +| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | user name | +| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | user name | +| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | user name | +| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | user name | +| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | user name | +| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | user name | +| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | user name | +| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | user name | +| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | user name | +| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | user name | +| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | user name | +| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | user name | +| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | user name | +| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | user name | +| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | user name | +| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | user name | +| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | user name | +| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | user name | +| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | user name | +| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | user name | +| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | user name | +| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | user name | +| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | user name | +| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | user name | +| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | user name | +| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | user name | +| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | user name | +| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | user name | +| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | user name | +| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | user name | +| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | user name | +| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | user name | +| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | user name | +| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | user name | +| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | user name | +| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | user name | +| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | user name | +| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | user name | +| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | user name | +| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | user name | +| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | user name | +| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | user name | +| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | user name | +| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | user name | +| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | user name | +| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | user name | +| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | user name | +| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | user name | +| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | user name | +| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | user name | +| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | user name | +| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | user name | +| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | user name | +| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | user name | +| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | user name | +| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | user name | +| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | user name | +| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | user name | +| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | user name | +| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | user name | +| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | user name | +| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | user name | +| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | user name | +| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | user name | +| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | user name | +| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | user name | +| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | user name | +| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | user name | +| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | user name | +| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | user name | +| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | user name | +| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | user name | +| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | user name | +| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | user name | +| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | user name | +| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | user name | +| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | user name | +| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | user name | +| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | user name | +| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | user name | +| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | user name | +| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | user name | +| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | user name | +| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | user name | +| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | user name | +| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name | +| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name | | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | password | edges @@ -297,6 +385,180 @@ nodes | HardcodedCredentials.js:414:9:414:43 | secretKey | semmle.label | secretKey | | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" | | HardcodedCredentials.js:416:27:416:35 | secretKey | semmle.label | secretKey | +| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:423:73:423:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:424:79:424:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:425:73:425:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:426:73:426:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:427:77:427:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:428:99:428:115 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:429:85:429:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:430:85:430:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:431:71:431:87 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:432:73:432:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:433:81:433:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:434:85:434:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:435:95:435:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:436:79:436:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:437:83:437:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:438:97:438:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:439:73:439:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:440:83:440:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:441:89:441:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:442:81:442:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:443:75:443:91 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:444:79:444:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:445:81:445:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:446:87:446:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:447:87:447:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:448:91:448:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:449:93:449:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:450:101:450:117 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:451:87:451:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:452:95:452:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:453:87:453:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:454:79:454:95 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:455:93:455:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:456:95:456:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:457:73:457:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:458:95:458:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:459:73:459:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:460:97:460:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:461:127:461:143 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:462:85:462:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:463:85:463:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:464:73:464:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:465:95:465:111 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:466:89:466:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:467:73:467:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:468:73:468:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:469:89:469:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:470:85:470:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:471:89:471:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:472:87:472:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:473:83:473:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:474:85:474:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:475:77:475:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:476:113:476:129 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:477:97:477:113 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:478:89:478:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:479:73:479:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:480:81:480:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:481:99:481:115 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:482:91:482:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:483:87:483:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:484:91:484:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:485:75:485:91 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:486:93:486:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:487:73:487:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:488:73:488:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:489:73:489:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:490:83:490:99 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:491:77:491:93 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:492:81:492:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:493:81:493:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:494:81:494:97 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:495:87:495:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:496:91:496:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:497:85:497:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:498:113:498:129 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:499:89:499:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:500:91:500:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:501:85:501:101 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:502:91:502:107 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:503:87:503:103 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:504:101:504:117 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:505:89:505:105 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:506:71:506:87 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:507:73:507:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | semmle.label | "AccessID1" | +| HardcodedCredentials.js:508:93:508:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | +| HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | semmle.label | "hgfedcba" | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | subpaths diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js index 215d31a21b03..8141b4d8c584 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js @@ -420,92 +420,92 @@ (function(usr, passwd) { const AWS = require("aws-sdk"); - const ec2 = new AWS.EC2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const lambda = new AWS.Lambda({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const ecs = new AWS.ECS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const eks = new AWS.EKS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const batch = new AWS.Batch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const elasticbeanstalk = new AWS.ElasticBeanstalk({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const lightsail = new AWS.Lightsail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const apprunner = new AWS.AppRunner({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const s3 = new AWS.S3({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const efs = new AWS.EFS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const glacier = new AWS.Glacier({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const s3control = new AWS.S3Control({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const storagegateway = new AWS.StorageGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const backup = new AWS.Backup({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const dynamodb = new AWS.DynamoDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const dynamodbstreams = new AWS.DynamoDBStreams({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const rds = new AWS.RDS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const redshift = new AWS.Redshift({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const elasticache = new AWS.ElastiCache({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const neptune = new AWS.Neptune({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const qldb = new AWS.QLDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const athena = new AWS.Athena({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const route53 = new AWS.Route53({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cloudfront = new AWS.CloudFront({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const apigateway = new AWS.APIGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const apigatewayv2 = new AWS.ApiGatewayV2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const directconnect = new AWS.DirectConnect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const globalaccelerator = new AWS.GlobalAccelerator({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cloudwatch = new AWS.CloudWatch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cloudformation = new AWS.CloudFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cloudtrail = new AWS.CloudTrail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert + const ec2 = new AWS.EC2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const lambda = new AWS.Lambda({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const ecs = new AWS.ECS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const eks = new AWS.EKS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const batch = new AWS.Batch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const elasticbeanstalk = new AWS.ElasticBeanstalk({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const lightsail = new AWS.Lightsail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const apprunner = new AWS.AppRunner({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const s3 = new AWS.S3({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const efs = new AWS.EFS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const glacier = new AWS.Glacier({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const s3control = new AWS.S3Control({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const storagegateway = new AWS.StorageGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const backup = new AWS.Backup({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const dynamodb = new AWS.DynamoDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const dynamodbstreams = new AWS.DynamoDBStreams({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const rds = new AWS.RDS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const redshift = new AWS.Redshift({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const elasticache = new AWS.ElastiCache({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const neptune = new AWS.Neptune({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const qldb = new AWS.QLDB({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const athena = new AWS.Athena({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const route53 = new AWS.Route53({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cloudfront = new AWS.CloudFront({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const apigateway = new AWS.APIGateway({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const apigatewayv2 = new AWS.ApiGatewayV2({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const directconnect = new AWS.DirectConnect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const globalaccelerator = new AWS.GlobalAccelerator({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cloudwatch = new AWS.CloudWatch({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cloudformation = new AWS.CloudFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cloudtrail = new AWS.CloudTrail({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert const config = new AWS.Config({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert - const organizations = new AWS.Organizations({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const servicecatalog = new AWS.ServiceCatalog({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const ssm = new AWS.SSM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const resourcegroups = new AWS.ResourceGroups({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const iam = new AWS.IAM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cognitoidentity = new AWS.CognitoIdentity({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const guardduty = new AWS.GuardDuty({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const inspector = new AWS.Inspector({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const kms = new AWS.KMS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const secretsmanager = new AWS.SecretsManager({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const securityhub = new AWS.SecurityHub({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const sts = new AWS.STS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const waf = new AWS.WAF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const wafregional = new AWS.WAFRegional({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const sagemaker = new AWS.SageMaker({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const rekognition = new AWS.Rekognition({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const comprehend = new AWS.Comprehend({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const textract = new AWS.Textract({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const translate = new AWS.Translate({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const polly = new AWS.Polly({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const lexmodelbuildingservice = new AWS.LexModelBuildingService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const machinelearning = new AWS.MachineLearning({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const personalize = new AWS.Personalize({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const emr = new AWS.EMR({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const kinesis = new AWS.Kinesis({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const kinesisanalytics = new AWS.KinesisAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const kinesisvideo = new AWS.KinesisVideo({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const quicksight = new AWS.QuickSight({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const datapipeline = new AWS.DataPipeline({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const glue = new AWS.Glue({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const lakeformation = new AWS.LakeFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const sns = new AWS.SNS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const sqs = new AWS.SQS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const ses = new AWS.SES({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const pinpoint = new AWS.Pinpoint({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const chime = new AWS.Chime({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const connect = new AWS.Connect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const amplify = new AWS.Amplify({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const appsync = new AWS.AppSync({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const devicefarm = new AWS.DeviceFarm({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const iotanalytics = new AWS.IoTAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const iotevents = new AWS.IoTEvents({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const iot1clickdevicesservice = new AWS.IoT1ClickDevicesService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const iotsitewise = new AWS.IoTSiteWise({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const mediaconvert = new AWS.MediaConvert({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const medialive = new AWS.MediaLive({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const mediapackage = new AWS.MediaPackage({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const mediastore = new AWS.MediaStore({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const elastictranscoder = new AWS.ElasticTranscoder({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const eventbridge = new AWS.EventBridge({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const mq = new AWS.MQ({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING: Alert - const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ MISSING:Alert + const organizations = new AWS.Organizations({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const servicecatalog = new AWS.ServiceCatalog({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const ssm = new AWS.SSM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const resourcegroups = new AWS.ResourceGroups({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const iam = new AWS.IAM({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cognitoidentity = new AWS.CognitoIdentity({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const guardduty = new AWS.GuardDuty({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const inspector = new AWS.Inspector({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const kms = new AWS.KMS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const secretsmanager = new AWS.SecretsManager({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const securityhub = new AWS.SecurityHub({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const sts = new AWS.STS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const waf = new AWS.WAF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const wafregional = new AWS.WAFRegional({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const sagemaker = new AWS.SageMaker({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const rekognition = new AWS.Rekognition({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const comprehend = new AWS.Comprehend({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const textract = new AWS.Textract({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const translate = new AWS.Translate({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const polly = new AWS.Polly({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const lexmodelbuildingservice = new AWS.LexModelBuildingService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const machinelearning = new AWS.MachineLearning({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const personalize = new AWS.Personalize({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const emr = new AWS.EMR({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const kinesis = new AWS.Kinesis({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const kinesisanalytics = new AWS.KinesisAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const kinesisvideo = new AWS.KinesisVideo({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const quicksight = new AWS.QuickSight({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const datapipeline = new AWS.DataPipeline({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const glue = new AWS.Glue({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const lakeformation = new AWS.LakeFormation({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const sns = new AWS.SNS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const sqs = new AWS.SQS({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const ses = new AWS.SES({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const pinpoint = new AWS.Pinpoint({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const chime = new AWS.Chime({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const connect = new AWS.Connect({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const amplify = new AWS.Amplify({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const appsync = new AWS.AppSync({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const devicefarm = new AWS.DeviceFarm({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const iotanalytics = new AWS.IoTAnalytics({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const iotevents = new AWS.IoTEvents({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const iot1clickdevicesservice = new AWS.IoT1ClickDevicesService({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const iotsitewise = new AWS.IoTSiteWise({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const mediaconvert = new AWS.MediaConvert({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const medialive = new AWS.MediaLive({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const mediapackage = new AWS.MediaPackage({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const mediastore = new AWS.MediaStore({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const elastictranscoder = new AWS.ElasticTranscoder({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const eventbridge = new AWS.EventBridge({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const mq = new AWS.MQ({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert + const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ MISSING: Alert AWS.config.secretAccessKey = "hgfedcba"; // $ MISSING: Alert From f69037c176c3225c5e70c2dc4a56addf1158b070 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 11:01:35 +0200 Subject: [PATCH 3/7] Added ability to detect direct write to global `AWS.config` --- .../lib/semmle/javascript/frameworks/AWS.qll | 27 +++++++++++++++++++ .../CWE-798/HardcodedCredentials.expected | 4 +++ .../Security/CWE-798/HardcodedCredentials.js | 4 +-- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index 011311c7af18..e07a37df6ff0 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -41,6 +41,19 @@ module AWS { getAWSImport().getMember(getAWSServiceName()).getAnInstantiation().getReturn().asSource() } + /** + * Gets a node representing the AWS global config object. + */ + private API::Node getAWSConfig() { result = getAWSImport().getMember("config") } + + /** + * Gets a property write to the AWS config object. + * This captures assignments to AWS.config properties. + */ + private DataFlow::PropWrite configAssigment() { + result = getAWSConfig().asSource().getAPropertyWrite() + } + /** * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ @@ -82,6 +95,20 @@ module AWS { or prop = "secretAccessKey" and kind = "password" ) + or + // `AWS.config.accessKeyId = ` or `AWS.config.secretAccessKey = ` + exists(string prop, DataFlow::PropWrite propWrite | + propWrite = configAssigment() and + this = propWrite.getRhs() and + prop = propWrite.getPropertyName() and + ( + kind = "user name" and + prop = "accessKeyId" + or + kind = "password" and + prop = "secretAccessKey" + ) + ) } override string getCredentialsKind() { result = kind } diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index 566023bb07b3..c73d5c10f33f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -161,6 +161,8 @@ | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | user name | | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | user name | | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | user name | +| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | user name | +| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | password | | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name | | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name | @@ -557,6 +559,8 @@ nodes | HardcodedCredentials.js:507:73:507:89 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | semmle.label | "AccessID1" | | HardcodedCredentials.js:508:93:508:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | +| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | +| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | semmle.label | "hgfedcba" | | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | semmle.label | "hgfedcba" | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js index 8141b4d8c584..5be11891e2a8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js @@ -507,8 +507,8 @@ const swf = new AWS.SWF({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert const stepfunctions = new AWS.StepFunctions({accessKeyId: "AccessID1", secretAccessKey: "NotSoSecretKey1"}); // $ Alert - AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ MISSING: Alert - AWS.config.secretAccessKey = "hgfedcba"; // $ MISSING: Alert + AWS.config.accessKeyId = "SOMEACCESSKEY"; // $ Alert + AWS.config.secretAccessKey = "hgfedcba"; // $ Alert const creds = new AWS.Credentials( "SOMEACCESSKEY", // $ MISSING: Alert From 42d5b80e8170943954025a2d5055092ff5f7dcca Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 11:05:56 +0200 Subject: [PATCH 4/7] Added support for `AWS.Credentials` hardcoded credentials --- .../lib/semmle/javascript/frameworks/AWS.qll | 19 +++++++++++++++++++ .../CWE-798/HardcodedCredentials.expected | 4 ++++ .../Security/CWE-798/HardcodedCredentials.js | 4 ++-- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index e07a37df6ff0..7e190ca6d5d9 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -54,6 +54,13 @@ module AWS { result = getAWSConfig().asSource().getAPropertyWrite() } + /** + * Gets a data flow node representing an instance of `new AWS.Credentials(accessKeyId, secretAccessKey)`. + */ + private DataFlow::Node getCredentialsCreationNode() { + result = getAWSImport().getMember("Credentials").getAnInstantiation().getReturn().asSource() + } + /** * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ @@ -109,6 +116,18 @@ module AWS { prop = "secretAccessKey" ) ) + or + // `new AWS.Credentials({ accessKeyId: , secretAccessKey: })` + exists(DataFlow::InvokeNode invk | + invk = getCredentialsCreationNode() and + ( + this = invk.getArgument(0) and + kind = "user name" + or + this = invk.getArgument(1) and + kind = "password" + ) + ) } override string getCredentialsKind() { result = kind } diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index c73d5c10f33f..3d2321cedc58 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -163,6 +163,8 @@ | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | user name | | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | user name | | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | password | +| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | user name | +| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | password | | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name | | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name | @@ -561,6 +563,8 @@ nodes | HardcodedCredentials.js:508:93:508:109 | "NotSoSecretKey1" | semmle.label | "NotSoSecretKey1" | | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | semmle.label | "hgfedcba" | +| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | +| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | semmle.label | "hgfedcba" | | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | semmle.label | "SOMEACCESSKEY" | | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | semmle.label | "hgfedcba" | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js index 5be11891e2a8..7d102a4ee3dd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.js @@ -511,8 +511,8 @@ AWS.config.secretAccessKey = "hgfedcba"; // $ Alert const creds = new AWS.Credentials( - "SOMEACCESSKEY", // $ MISSING: Alert - "hgfedcba" // $ MISSING: Alert + "SOMEACCESSKEY", // $ Alert + "hgfedcba" // $ Alert ); AWS.config.setCredentials(creds); From f7f9fb823a4f6f400ed26ae9973c94eb66cac3f1 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 11:16:09 +0200 Subject: [PATCH 5/7] Updated `takesConfigurationObject` with API graphs --- javascript/ql/lib/semmle/javascript/frameworks/AWS.qll | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index 7e190ca6d5d9..2eb1266c190d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -65,12 +65,14 @@ module AWS { * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ private predicate takesConfigurationObject(DataFlow::InvokeNode invk, int i) { - exists(DataFlow::ModuleImportNode mod | mod.getPath() = "aws-sdk" | + exists(API::Node mod | mod = getAWSImport() | // `AWS.config.update(nd)` - invk = mod.getAPropertyRead("config").getAMemberCall("update") and + invk = mod.getMember("config").getMember("update").getACall() and i = 0 or - exists(DataFlow::SourceNode cfg | cfg = mod.getAConstructorInvocation("Config") | + exists(DataFlow::SourceNode cfg | + cfg = mod.getMember("Config").getAnInstantiation().getReturn().asSource() + | // `new AWS.Config(nd)` invk = cfg and i = 0 From 654177daa791e7a157850dfe43fc6dc5a46b666b Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Thu, 24 Apr 2025 11:50:23 +0200 Subject: [PATCH 6/7] Fixed naming acronyms to be `PascalCase` --- .../ql/lib/semmle/javascript/frameworks/AWS.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index 2eb1266c190d..93ba66308217 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -8,7 +8,7 @@ module AWS { /** * Gets the name of a supported AWS service. */ - private string getAWSServiceName() { + private string getAwsServiceName() { result = [ "EC2", "Lambda", "ECS", "EKS", "Batch", "ElasticBeanstalk", "Lightsail", "AppRunner", "S3", @@ -31,41 +31,41 @@ module AWS { /** * Gets a node representing an import of the AWS SDK. */ - private API::Node getAWSImport() { result = API::moduleImport("aws-sdk") } + private API::Node getAwsImport() { result = API::moduleImport("aws-sdk") } /** * Gets a data flow node representing an instantiation of an AWS service. */ private DataFlow::Node getServiceInstantation() { result = - getAWSImport().getMember(getAWSServiceName()).getAnInstantiation().getReturn().asSource() + getAwsImport().getMember(getAwsServiceName()).getAnInstantiation().getReturn().asSource() } /** * Gets a node representing the AWS global config object. */ - private API::Node getAWSConfig() { result = getAWSImport().getMember("config") } + private API::Node getAwsConfig() { result = getAwsImport().getMember("config") } /** * Gets a property write to the AWS config object. * This captures assignments to AWS.config properties. */ private DataFlow::PropWrite configAssigment() { - result = getAWSConfig().asSource().getAPropertyWrite() + result = getAwsConfig().asSource().getAPropertyWrite() } /** * Gets a data flow node representing an instance of `new AWS.Credentials(accessKeyId, secretAccessKey)`. */ private DataFlow::Node getCredentialsCreationNode() { - result = getAWSImport().getMember("Credentials").getAnInstantiation().getReturn().asSource() + result = getAwsImport().getMember("Credentials").getAnInstantiation().getReturn().asSource() } /** * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ private predicate takesConfigurationObject(DataFlow::InvokeNode invk, int i) { - exists(API::Node mod | mod = getAWSImport() | + exists(API::Node mod | mod = getAwsImport() | // `AWS.config.update(nd)` invk = mod.getMember("config").getMember("update").getACall() and i = 0 From 73309fb9dd969e82a4a4e6af1868c363cf9e2b45 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Mon, 28 Apr 2025 12:38:04 +0200 Subject: [PATCH 7/7] Updated modeling of `aws-sdk` with `MaD` --- javascript/ql/lib/ext/aws-sdk.model.yml | 8 + .../lib/semmle/javascript/frameworks/AWS.qll | 95 +-------- .../CWE-798/HardcodedCredentials.expected | 181 +++++++++--------- 3 files changed, 102 insertions(+), 182 deletions(-) create mode 100644 javascript/ql/lib/ext/aws-sdk.model.yml diff --git a/javascript/ql/lib/ext/aws-sdk.model.yml b/javascript/ql/lib/ext/aws-sdk.model.yml new file mode 100644 index 000000000000..eefa87fbe613 --- /dev/null +++ b/javascript/ql/lib/ext/aws-sdk.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"] + - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"] + - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"] diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll index 93ba66308217..1eac5888b955 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll @@ -5,74 +5,16 @@ import javascript module AWS { - /** - * Gets the name of a supported AWS service. - */ - private string getAwsServiceName() { - result = - [ - "EC2", "Lambda", "ECS", "EKS", "Batch", "ElasticBeanstalk", "Lightsail", "AppRunner", "S3", - "EFS", "Glacier", "S3Control", "StorageGateway", "Backup", "DynamoDB", "DynamoDBStreams", - "RDS", "Redshift", "ElastiCache", "Neptune", "QLDB", "Athena", "Route53", "CloudFront", - "APIGateway", "ApiGatewayV2", "DirectConnect", "GlobalAccelerator", "CloudWatch", - "CloudFormation", "CloudTrail", "Config", "Organizations", "ServiceCatalog", "SSM", - "ResourceGroups", "IAM", "CognitoIdentity", "CognitoIdentityServiceProvider", "GuardDuty", - "Inspector", "KMS", "SecretsManager", "SecurityHub", "STS", "WAF", "WAFRegional", - "SageMaker", "Rekognition", "Comprehend", "Textract", "Translate", "Polly", - "LexModelBuildingService", "MachineLearning", "Personalize", "EMR", "Kinesis", - "KinesisAnalytics", "KinesisVideo", "QuickSight", "DataPipeline", "Glue", "LakeFormation", - "SNS", "SQS", "SES", "Pinpoint", "Chime", "Connect", "Amplify", "AppSync", "DeviceFarm", - "IoTAnalytics", "IoTEvents", "IoT1ClickDevicesService", "IoTSiteWise", "MediaConvert", - "MediaLive", "MediaPackage", "MediaStore", "ElasticTranscoder", "EventBridge", "MQ", "SWF", - "StepFunctions" - ] - } - - /** - * Gets a node representing an import of the AWS SDK. - */ - private API::Node getAwsImport() { result = API::moduleImport("aws-sdk") } - - /** - * Gets a data flow node representing an instantiation of an AWS service. - */ - private DataFlow::Node getServiceInstantation() { - result = - getAwsImport().getMember(getAwsServiceName()).getAnInstantiation().getReturn().asSource() - } - - /** - * Gets a node representing the AWS global config object. - */ - private API::Node getAwsConfig() { result = getAwsImport().getMember("config") } - - /** - * Gets a property write to the AWS config object. - * This captures assignments to AWS.config properties. - */ - private DataFlow::PropWrite configAssigment() { - result = getAwsConfig().asSource().getAPropertyWrite() - } - - /** - * Gets a data flow node representing an instance of `new AWS.Credentials(accessKeyId, secretAccessKey)`. - */ - private DataFlow::Node getCredentialsCreationNode() { - result = getAwsImport().getMember("Credentials").getAnInstantiation().getReturn().asSource() - } - /** * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`. */ private predicate takesConfigurationObject(DataFlow::InvokeNode invk, int i) { - exists(API::Node mod | mod = getAwsImport() | + exists(DataFlow::ModuleImportNode mod | mod.getPath() = "aws-sdk" | // `AWS.config.update(nd)` - invk = mod.getMember("config").getMember("update").getACall() and + invk = mod.getAPropertyRead("config").getAMemberCall("update") and i = 0 or - exists(DataFlow::SourceNode cfg | - cfg = mod.getMember("Config").getAnInstantiation().getReturn().asSource() - | + exists(DataFlow::SourceNode cfg | cfg = mod.getAConstructorInvocation("Config") | // `new AWS.Config(nd)` invk = cfg and i = 0 @@ -94,42 +36,11 @@ module AWS { exists(string prop, DataFlow::InvokeNode invk, int i | takesConfigurationObject(invk, i) and this = invk.getOptionArgument(i, prop) - or - // `new AWS.ServiceName({ accessKeyId: , secretAccessKey: })` - invk = getServiceInstantation() and - i = 0 and - this = invk.getOptionArgument(i, prop) | prop = "accessKeyId" and kind = "user name" or prop = "secretAccessKey" and kind = "password" ) - or - // `AWS.config.accessKeyId = ` or `AWS.config.secretAccessKey = ` - exists(string prop, DataFlow::PropWrite propWrite | - propWrite = configAssigment() and - this = propWrite.getRhs() and - prop = propWrite.getPropertyName() and - ( - kind = "user name" and - prop = "accessKeyId" - or - kind = "password" and - prop = "secretAccessKey" - ) - ) - or - // `new AWS.Credentials({ accessKeyId: , secretAccessKey: })` - exists(DataFlow::InvokeNode invk | - invk = getCredentialsCreationNode() and - ( - this = invk.getArgument(0) and - kind = "user name" - or - this = invk.getArgument(1) and - kind = "password" - ) - ) } override string getCredentialsKind() { result = kind } diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index 3d2321cedc58..22311127d548 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -9,7 +9,7 @@ | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | password | | HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:41:38:41:47 | 'username' | user name | | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | password | -| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:42:35:42:44 | 'username' | user name | +| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | key | | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | password | | HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | The hard-coded value "username" is used as $@. | HardcodedCredentials.js:44:34:44:43 | 'username' | user name | | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | password | @@ -75,96 +75,97 @@ | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | jwt key | | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | jwt key | | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | jwt key | -| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | user name | -| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | user name | -| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | user name | -| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | user name | -| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | user name | -| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | user name | -| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | user name | -| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | user name | -| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | user name | -| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | user name | -| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | user name | -| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | user name | -| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | user name | -| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | user name | -| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | user name | -| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | user name | -| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | user name | -| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | user name | -| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | user name | -| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | user name | -| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | user name | -| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | user name | -| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | user name | -| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | user name | -| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | user name | -| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | user name | -| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | user name | -| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | user name | -| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | user name | -| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | user name | -| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | user name | +| HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:423:43:423:53 | "AccessID1" | key | +| HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:424:49:424:59 | "AccessID1" | key | +| HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:425:43:425:53 | "AccessID1" | key | +| HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:426:43:426:53 | "AccessID1" | key | +| HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:427:47:427:57 | "AccessID1" | key | +| HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:428:69:428:79 | "AccessID1" | key | +| HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:429:55:429:65 | "AccessID1" | key | +| HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:430:55:430:65 | "AccessID1" | key | +| HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:431:41:431:51 | "AccessID1" | key | +| HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:432:43:432:53 | "AccessID1" | key | +| HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:433:51:433:61 | "AccessID1" | key | +| HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:434:55:434:65 | "AccessID1" | key | +| HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:435:65:435:75 | "AccessID1" | key | +| HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:436:49:436:59 | "AccessID1" | key | +| HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:437:53:437:63 | "AccessID1" | key | +| HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:438:67:438:77 | "AccessID1" | key | +| HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:439:43:439:53 | "AccessID1" | key | +| HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:440:53:440:63 | "AccessID1" | key | +| HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:441:59:441:69 | "AccessID1" | key | +| HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:442:51:442:61 | "AccessID1" | key | +| HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:443:45:443:55 | "AccessID1" | key | +| HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:444:49:444:59 | "AccessID1" | key | +| HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:445:51:445:61 | "AccessID1" | key | +| HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:446:57:446:67 | "AccessID1" | key | +| HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:447:57:447:67 | "AccessID1" | key | +| HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:448:61:448:71 | "AccessID1" | key | +| HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:449:63:449:73 | "AccessID1" | key | +| HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:450:71:450:81 | "AccessID1" | key | +| HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:451:57:451:67 | "AccessID1" | key | +| HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:452:65:452:75 | "AccessID1" | key | +| HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:453:57:453:67 | "AccessID1" | key | +| HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | key | | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:454:49:454:59 | "AccessID1" | user name | -| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | user name | -| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | user name | -| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | user name | -| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | user name | -| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | user name | -| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | user name | -| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | user name | -| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | user name | -| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | user name | -| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | user name | -| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | user name | -| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | user name | -| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | user name | -| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | user name | -| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | user name | -| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | user name | -| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | user name | -| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | user name | -| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | user name | -| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | user name | -| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | user name | -| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | user name | -| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | user name | -| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | user name | -| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | user name | -| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | user name | -| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | user name | -| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | user name | -| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | user name | -| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | user name | -| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | user name | -| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | user name | -| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | user name | -| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | user name | -| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | user name | -| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | user name | -| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | user name | -| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | user name | -| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | user name | -| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | user name | -| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | user name | -| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | user name | -| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | user name | -| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | user name | -| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | user name | -| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | user name | -| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | user name | -| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | user name | -| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | user name | -| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | user name | -| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | user name | -| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | user name | -| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | user name | -| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | user name | -| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | user name | -| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | password | -| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | user name | -| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | password | +| HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:455:63:455:73 | "AccessID1" | key | +| HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:456:65:456:75 | "AccessID1" | key | +| HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:457:43:457:53 | "AccessID1" | key | +| HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:458:65:458:75 | "AccessID1" | key | +| HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:459:43:459:53 | "AccessID1" | key | +| HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:460:67:460:77 | "AccessID1" | key | +| HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:461:97:461:107 | "AccessID1" | key | +| HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:462:55:462:65 | "AccessID1" | key | +| HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:463:55:463:65 | "AccessID1" | key | +| HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:464:43:464:53 | "AccessID1" | key | +| HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:465:65:465:75 | "AccessID1" | key | +| HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:466:59:466:69 | "AccessID1" | key | +| HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:467:43:467:53 | "AccessID1" | key | +| HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:468:43:468:53 | "AccessID1" | key | +| HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:469:59:469:69 | "AccessID1" | key | +| HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:470:55:470:65 | "AccessID1" | key | +| HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:471:59:471:69 | "AccessID1" | key | +| HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:472:57:472:67 | "AccessID1" | key | +| HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:473:53:473:63 | "AccessID1" | key | +| HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:474:55:474:65 | "AccessID1" | key | +| HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:475:47:475:57 | "AccessID1" | key | +| HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:476:83:476:93 | "AccessID1" | key | +| HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:477:67:477:77 | "AccessID1" | key | +| HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:478:59:478:69 | "AccessID1" | key | +| HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:479:43:479:53 | "AccessID1" | key | +| HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:480:51:480:61 | "AccessID1" | key | +| HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:481:69:481:79 | "AccessID1" | key | +| HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:482:61:482:71 | "AccessID1" | key | +| HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:483:57:483:67 | "AccessID1" | key | +| HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:484:61:484:71 | "AccessID1" | key | +| HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:485:45:485:55 | "AccessID1" | key | +| HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:486:63:486:73 | "AccessID1" | key | +| HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:487:43:487:53 | "AccessID1" | key | +| HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:488:43:488:53 | "AccessID1" | key | +| HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:489:43:489:53 | "AccessID1" | key | +| HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:490:53:490:63 | "AccessID1" | key | +| HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:491:47:491:57 | "AccessID1" | key | +| HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:492:51:492:61 | "AccessID1" | key | +| HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:493:51:493:61 | "AccessID1" | key | +| HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:494:51:494:61 | "AccessID1" | key | +| HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:495:57:495:67 | "AccessID1" | key | +| HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:496:61:496:71 | "AccessID1" | key | +| HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:497:55:497:65 | "AccessID1" | key | +| HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:498:83:498:93 | "AccessID1" | key | +| HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:499:59:499:69 | "AccessID1" | key | +| HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:500:61:500:71 | "AccessID1" | key | +| HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:501:55:501:65 | "AccessID1" | key | +| HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:502:61:502:71 | "AccessID1" | key | +| HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:503:57:503:67 | "AccessID1" | key | +| HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:504:71:504:81 | "AccessID1" | key | +| HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:505:59:505:69 | "AccessID1" | key | +| HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:506:41:506:51 | "AccessID1" | key | +| HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:507:43:507:53 | "AccessID1" | key | +| HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | The hard-coded value "AccessID1" is used as $@. | HardcodedCredentials.js:508:63:508:73 | "AccessID1" | key | +| HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:510:30:510:44 | "SOMEACCESSKEY" | key | +| HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:511:34:511:43 | "hgfedcba" | key | +| HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:514:9:514:23 | "SOMEACCESSKEY" | key | +| HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:515:9:515:18 | "hgfedcba" | key | | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | The hard-coded value "SOMEACCESSKEY" is used as $@. | HardcodedCredentials.js:520:20:520:34 | "SOMEACCESSKEY" | user name | | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:521:24:521:33 | "hgfedcba" | password | | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | user name |