Pattern: Use of hard-coded password argument defaults
Issue: -
The use of hard-coded passwords increases the possibility of password guessing tremendously. This rule looks for all function definitions that specify a default string literal for some argument. It checks that the argument does not look like a password.
Variables are considered to look like a password if they have match any one of:
passwordpasspasswdpwdsecrettokensecrete
Note: this can be noisy and may generate false positives.
Example of insecure code:
def someFunction(user, password="Admin"):
print("Hi " + user)