6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"A codeql sensitive configuration detection problem\",\"text\":\"

My company's development project uses yml files as configuration files. How can I use codeql to detect whether these yml files contain sensitive information such as plain text passwords?

\\n

When I created the codeql database, I used the parameter\\n--language=go, yaml,\\nbut I don't know how to query the yaml database and whether this method is the right solution.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"expl0it\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","yaml",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/yaml/1","children":"yaml"}]}],["$","span","rules",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/rules/1","children":"rules"}]}],["$","span","codeql",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/codeql/1","children":"codeql"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/244379d53b9dee3feb1d9dd026646c89?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"expl0it","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/7783218/expl0it","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"expl0it"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",21]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"A codeql sensitive configuration detection problem"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

My company's development project uses yml files as configuration files. How can I use codeql to detect whether these yml files contain sensitive information such as plain text passwords?

When I created the codeql database, I used the parameter\n--language=go, yaml,\nbut I don't know how to query the yaml database and whether this method is the right solution.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",67]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","78625871",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/244379d53b9dee3feb1d9dd026646c89?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"expl0it","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/7783218/expl0it","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"expl0it"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",21]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

github.com/github/codeql/issues/16755

I asked the same question on github and got the solution.\nThis should be solved. We just need to create a javascript database and check the yaml configuration file through the javascript standard library provided by Codelql

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","25231918",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/25231918","className":"text-blue-600 hover:underline","children":"Does spring boot support using both properties and yml files at the same time?"}]}],["$","li","74076950",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/74076950","className":"text-blue-600 hover:underline","children":"Javascript extractor problem with CodeQL create database"}]}],["$","li","60640915",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/60640915","className":"text-blue-600 hover:underline","children":"Azure DevOps dotnet restore task fails due to wrong URL format on Nuget artifact feed"}]}],["$","li","71037617",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/71037617","className":"text-blue-600 hover:underline","children":"Regex for detecting keys in the yaml file"}]}],["$","li","56987954",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/56987954","className":"text-blue-600 hover:underline","children":"Flasgger: How to write description of several endpoints in one yaml file?"}]}],["$","li","43095127",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43095127","className":"text-blue-600 hover:underline","children":"How does a Symfony pass parameters into a yaml config?"}]}],["$","li","45301484",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/45301484","className":"text-blue-600 hover:underline","children":"SpringBoot Configuration with application.yml"}]}],["$","li","24044327",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24044327","className":"text-blue-600 hover:underline","children":"Ruby on Rails locales in .rb extension"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

A codeql sensitive configuration detection problem

Answers (1)

Related Questions