Skip to content

Commit ad527b8

Browse files
smiddy007smiddy007
authored
Added new example files and renamed existing ones
1 parent ccf152d commit ad527b8

4 files changed

Lines changed: 16 additions & 0 deletions

File tree

javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_CryptoJS.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
const crypto = require('crypto-js')
2+
function hashPassword(email, password) {
3+
var algo = crypto.algo.SHA512.create()
4+
algo.update(password, 'utf-8') // BAD
5+
algo.update(email.toLowerCase(), 'utf-8')
6+
var hash = algo.finalize()
7+
return hash.toString(crypto.enc.Base64)
8+
}

javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_CryptoJS_fixed

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
const crypto = require('crypto-js')
2+
function hashPassword(email, password) {
3+
var algo = crypto.algo.PBKDF2.create()
4+
algo.update(password, 'utf-8') // GOOD
5+
algo.update(email.toLowerCase(), 'utf-8')
6+
var hash = algo.finalize()
7+
return hash.toString(crypto.enc.Base64)
8+
}

javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash.js renamed to javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_NodeJS.js

File renamed without changes.

javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_fixed.js renamed to javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_NodeJS_fixed.js

File renamed without changes.

0 commit comments

Comments
 (0)