diff --git a/vulnerable-test.js b/vulnerable-test.js new file mode 100644 index 000000000..fcb7861df --- /dev/null +++ b/vulnerable-test.js @@ -0,0 +1,7 @@ +const crypto = require('crypto'); +// CodeQL flags MD5 as a weak/broken cryptographic algorithm +const hash = crypto.createHash('md5').update('secret').digest('hex'); +console.log("Password hash:", hash); + +// CodeQL flags hardcoded credentials +const dbPassword = "SuperSecretHardcodedPassword123!";