Pattern: Use of hard-coded password function arguments
Issue: -
The use of hard-coded passwords increases the possibility of password guessing tremendously. This rule looks for all function calls being passed a keyword argument that is a string literal. It checks that the assigned local variable does not look like a password.
Variables are considered to look like a password if they have match any one of:
passwordpasspasswdpwdsecrettokensecrete
Note: this can be noisy and may generate false positives.
Example of insecure code:
doLogin(password="1234")