From 83cc647b13116af59a983e0b2e08dcccf1798058 Mon Sep 17 00:00:00 2001 From: Bot-GJ16 Date: Fri, 10 Jul 2026 23:06:37 +0530 Subject: [PATCH] Add vulnerable-test.js with MD5 hashing example This file demonstrates the use of MD5 for hashing and includes hardcoded credentials, which are flagged by CodeQL as vulnerabilities. Signed-off-by: Bot-GJ16 --- vulnerable-test.js | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 vulnerable-test.js diff --git a/vulnerable-test.js b/vulnerable-test.js new file mode 100644 index 000000000..fcb7861df --- /dev/null +++ b/vulnerable-test.js @@ -0,0 +1,7 @@ +const crypto = require('crypto'); +// CodeQL flags MD5 as a weak/broken cryptographic algorithm +const hash = crypto.createHash('md5').update('secret').digest('hex'); +console.log("Password hash:", hash); + +// CodeQL flags hardcoded credentials +const dbPassword = "SuperSecretHardcodedPassword123!";