forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathEmptyPasswordInConfigurationFile.config
More file actions
105 lines (91 loc) · 4.15 KB
/
EmptyPasswordInConfigurationFile.config
File metadata and controls
105 lines (91 loc) · 4.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
</configSections>
<appSettings>
<add key="service-dir" value="/opt/deki/bin" />
<add key="root-uri" value="http://localhost/@api" />
<add key="apikey" value="12345" />
<add key="script" value="/opt/deki/bin/mindtouch.deki.startup.xml" />
</appSettings>
<connectionStrings>
<add name="connectionstring" providerName="System.Data.SqlClient"
connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;pwd= ;" /> <!-- VIOLATION -->
<add name="connectionstring2" providerName="System.Data.SqlClient"
connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;password = whatever;" /> <!-- NON-VIOLATION -->
</connectionStrings>
<system.web>
<httpHandlers>
<add verb="*" path="*"
type="MindTouch.Dream.Http.HttpHandler, mindtouch.core"/>
</httpHandlers>
<!--<customErrors mode="Off"/>-->
<authentication mode="Windows|Forms|Passport|None">
<forms name="name"
loginUrl="url"
protection="All|None|Encryption|Validation"
timeout="30" path="/" >
<credentials passwordFormat="Clear|SHA1|MD5">
<user name="username" password="" /> <!-- VIOLATION -->
</credentials>
</forms>
<passport redirectUrl="internal"/>
</authentication>
</system.web>
<system.net>
<connectionManagement>
<add address="*" maxconnection="16" />
</connectionManagement>
</system.net>
<log4net>
<appender name="RollingFile-trace" type="log4net.Appender.RollingFileAppender, log4net">
<file value="logs/trace.log" />
<appendToFile value="true" />
<maximumFileSize value="100KB" />
<maxSizeRollBackups value="2" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="RollingFile-info" type="log4net.Appender.RollingFileAppender, log4net">
<threshold value="INFO" />
<file value="logs/info.log" />
<appendToFile value="true" />
<maximumFileSize value="100KB" />
<maxSizeRollBackups value="4" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="RollingFile-warn" type="log4net.Appender.RollingFileAppender, log4net">
<threshold value="WARN" />
<file value="logs/warning.log" />
<appendToFile value="true" />
<maximumFileSize value="100KB" />
<maxSizeRollBackups value="4" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="ConsoleAppender" type="log4net.Appender.ConsoleAppender">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="OutputDebugStringAppender" type="log4net.Appender.TraceAppender" >
<layout type="log4net.Layout.PatternLayout">
<param name="ConversionPattern" value="%date [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<!-- Set root logger level to DEBUG and its only appender to A1 -->
<root>
<level value="DEBUG" />
<appender-ref ref="RollingFile-trace" />
<appender-ref ref="RollingFile-info" />
<appender-ref ref="RollingFile-warn" />
<appender-ref ref="ConsoleAppender" />
<appender-ref ref="OutputDebugStringAppender" />
</root>
</log4net>
</configuration>