Qt-Security-QAuthenticatorSetPassword

Check QAuthenticator::setPassword

Required inputs: IR

Qt's QAuthenticator class allows to set a password for authentication in signals of the QNetworkAccessManager and QAbstractSocket classes. Passwords that are stored as hardcoded secrets within the binary pose a security risk, since they can be easily extracted by third parties. This rule flags all calls to the method QAuthenticator::setPassword() that rely on hardcoded credentials. Using such hardcoded secrets is always an indicator that there is a fundamental security issue in the design of the application.

Possible Messages

Key	Text	Severity	Disabled
static_password	The method {} is called with a static password.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.