forked from mirrors/kingfisher
35 lines
No EOL
1.1 KiB
YAML
35 lines
No EOL
1.1 KiB
YAML
rules:
|
|
- name: Hardcoded Gradle Credentials
|
|
id: kingfisher.gradle.1
|
|
pattern: |
|
|
(?xi)
|
|
credentials \s* \{
|
|
(?:\s*//.*)*
|
|
\s* (?:username|password) \s ['"]([^'"]{1,60})['"]
|
|
(?:\s*//.*)*
|
|
\s* (?:username|password) \s ['"]([^'"]{1,60})['"]
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
examples:
|
|
- |
|
|
credentials {
|
|
username 'user'
|
|
password 'password'
|
|
}
|
|
- |
|
|
publishing {
|
|
repositories {
|
|
maven {
|
|
url "http://us01cmsysart01.example.com:8081/artifactory/Mobile-Libs-Internal"
|
|
credentials {
|
|
// your password here
|
|
|
|
username "SOME_USERNAME"
|
|
password "SOME_PASSWORD"
|
|
}
|
|
}
|
|
}
|
|
- "credentials {\n username 'user'\n password 'password'\n}"
|
|
- "credentials {\n username \"user\"\n password \"password\"\n}"
|
|
references:
|
|
- https://docs.gradle.org/current/userguide/declaring_repositories.html#sec:handling_credentials |