forked from PyCQA/bandit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
hardcoded-passwords.py
70 lines (56 loc) · 1.88 KB
/
hardcoded-passwords.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Possible hardcoded password: 'class_password'
# Severity: Low Confidence: Medium
class SomeClass:
password = "class_password"
# Possible hardcoded password: 'Admin'
# Severity: Low Confidence: Medium
def someFunction(user, password="Admin"):
print("Hi " + user)
def someFunction2(password):
# Possible hardcoded password: 'root'
# Severity: Low Confidence: Medium
if password == "root":
print("OK, logged in")
def noMatch(password):
# Possible hardcoded password: ''
# Severity: Low Confidence: Medium
if password == '':
print("No password!")
def NoMatch2(password):
# Possible hardcoded password: 'ajklawejrkl42348swfgkg'
# Severity: Low Confidence: Medium
if password == "ajklawejrkl42348swfgkg":
print("Nice password!")
def noMatchObject():
obj = SomeClass()
# Possible hardcoded password: 'this cool password'
# Severity: Low Confidence: Medium
if obj.password == "this cool password":
print(obj.password)
# Possible hardcoded password: 'blerg'
# Severity: Low Confidence: Medium
def doLogin(password="blerg"):
pass
def NoMatch3(a, b):
pass
# Possible hardcoded password: 'blerg'
# Severity: Low Confidence: Medium
doLogin(password="blerg")
# Possible hardcoded password: 'blerg'
# Severity: Low Confidence: Medium
password = "blerg"
# Possible hardcoded password: 'blerg'
# Severity: Low Confidence: Medium
d["password"] = "blerg"
# Possible hardcoded password: 'secret'
# Severity: Low Confidence: Medium
EMAIL_PASSWORD = "secret"
# Possible hardcoded password: 'emails_secret'
# Severity: Low Confidence: Medium
email_pwd = 'emails_secret'
# Possible hardcoded password: 'd6s$f9g!j8mg7hw?n&2'
# Severity: Low Confidence: Medium
my_secret_password_for_email = 'd6s$f9g!j8mg7hw?n&2'
# Possible hardcoded password: '1234'
# Severity: Low Confidence: Medium
passphrase='1234'