From a82a3be357197bcc7dc7add28b8b4415be1290bb Mon Sep 17 00:00:00 2001 From: BotGJ16 Date: Fri, 10 Jul 2026 22:16:18 +0530 Subject: [PATCH] Create vulnerable-test.js Signed-off-by: BotGJ16 --- vulnerable-test.js | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 vulnerable-test.js diff --git a/vulnerable-test.js b/vulnerable-test.js new file mode 100644 index 000000000..fcb7861df --- /dev/null +++ b/vulnerable-test.js @@ -0,0 +1,7 @@ +const crypto = require('crypto'); +// CodeQL flags MD5 as a weak/broken cryptographic algorithm +const hash = crypto.createHash('md5').update('secret').digest('hex'); +console.log("Password hash:", hash); + +// CodeQL flags hardcoded credentials +const dbPassword = "SuperSecretHardcodedPassword123!";