0

My company's development project uses yml files as configuration files. How can I use codeql to detect whether these yml files contain sensitive information such as plain text passwords?

When I created the codeql database, I used the parameter --language=go, yaml, but I don't know how to query the yaml database and whether this method is the right solution.

Improve this question
1
  • Assuming that you are also the author of github.com/github/codeql/issues/16755, please in the future cross-link the questions to avoid people spending time on answering this twice, and for future readers to make it easier to find the answer.
    – Marcono1234
    Commented Jun 14 at 20:45

1 Answer 1

Reset to default
0

github.com/github/codeql/issues/16755

I asked the same question on github and got the solution. This should be solved. We just need to create a javascript database and check the yaml configuration file through the javascript standard library provided by Codelql

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.