Credscan second round

src/Common/tests/System/Net/Configuration.Certificates.cs

@@ -14,8 +14,8 @@ public static partial class Configuration
     {
         public static partial class Certificates
         {
-            private const string CertificatePassword = "testcertificate";
-            private const string TestDataFolder = "TestData";
+            private const string CertificatePassword = "PLACEHOLDER";
+            private const string TestDataFolder = "TestDataCertificates";
             private const int MutexTimeoutMs = 120_000;
 
             private static readonly X509Certificate2 s_serverCertificate;

src/System.Data.Common/tests/System/Data/Common/DbConnectionStringBuilderTest.cs

@@ -1867,12 +1867,12 @@ public void EmbeddedCharTest1()
 
             sb["Data Source"] = "testdb";
             sb["User ID"] = "someuser";
-            sb["Password"] = "abcdef";
-            Assert.Equal("Data Source=testdb;User ID=someuser;Password=abcdef",
+            sb["Password"] = "PLACEHOLDER";
+            Assert.Equal("Data Source=testdb;User ID=someuser;Password=PLACEHOLDER",
                 sb.ConnectionString);
 
-            sb["Password"] = "abcdef#";
-            Assert.Equal("Data Source=testdb;User ID=someuser;Password=abcdef#",
+            sb["Password"] = "PLACEHOLDER#";
+            Assert.Equal("Data Source=testdb;User ID=someuser;Password=PLACEHOLDER#",
                 sb.ConnectionString);
 
             // an embedded single-quote value will result in the value being delimieted with double quotes
@@ -1893,39 +1893,39 @@ public void EmbeddedCharTest1()
                 sb.ConnectionString);
 
             sb = new DbConnectionStringBuilder();
-            sb["PASSWORD"] = "abcdef1";
+            sb["PASSWORD"] = "PLACEHOLDERabcdef1";
             sb["user id"] = "someuser";
             sb["Data Source"] = "testdb";
-            Assert.Equal("PASSWORD=abcdef1;user id=someuser;Data Source=testdb",
+            Assert.Equal("PASSWORD=PLACEHOLDERabcdef1;user id=someuser;Data Source=testdb",
                 sb.ConnectionString);
 
             // case is preserved for a keyword that was added the first time
             sb = new DbConnectionStringBuilder();
-            sb["PassWord"] = "abcdef2";
+            sb["PassWord"] = "PLACEHOLDERabcdef2";
             sb["uSER iD"] = "someuser";
             sb["DaTa SoUrCe"] = "testdb";
-            Assert.Equal("PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb",
+            Assert.Equal("PassWord=PLACEHOLDERabcdef2;uSER iD=someuser;DaTa SoUrCe=testdb",
                 sb.ConnectionString);
-            sb["passWORD"] = "abc123";
-            Assert.Equal("PassWord=abc123;uSER iD=someuser;DaTa SoUrCe=testdb",
+            sb["passWORD"] = "PLACEHOLDERabc123";
+            Assert.Equal("PassWord=PLACEHOLDERabc123;uSER iD=someuser;DaTa SoUrCe=testdb",
                 sb.ConnectionString);
 
             // embedded equal sign in the value will cause the value to be
             // delimited with double-quotes
             sb = new DbConnectionStringBuilder();
-            sb["Password"] = "abc=def";
+            sb["Password"] = "PLACEHOLDER=def";
             sb["Data Source"] = "testdb";
             sb["User ID"] = "someuser";
-            Assert.Equal("Password=\"abc=def\";Data Source=testdb;User ID=someuser",
+            Assert.Equal("Password=\"PLACEHOLDER=def\";Data Source=testdb;User ID=someuser",
                 sb.ConnectionString);
 
             // embedded semicolon in the value will cause the value to be
             // delimited with double-quotes
             sb = new DbConnectionStringBuilder();
-            sb["Password"] = "abc;def";
+            sb["Password"] = "PLACEHOLDER;def";
             sb["Data Source"] = "testdb";
             sb["User ID"] = "someuser";
-            Assert.Equal("Password=\"abc;def\";Data Source=testdb;User ID=someuser",
+            Assert.Equal("Password=\"PLACEHOLDER;def\";Data Source=testdb;User ID=someuser",
                 sb.ConnectionString);
 
             // more right parentheses then left parentheses - happily takes it
@@ -2042,32 +2042,32 @@ public void EmbeddedCharTest3()
             DbConnectionStringBuilder sb;
 
             sb = new DbConnectionStringBuilder();
-            sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
+            sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
             Assert.Equal(dataSource, sb["Data Source"]);
             Assert.Equal("SCOTT", sb["User ID"]);
-            Assert.Equal("TiGeR", sb["Password"]);
+            Assert.Equal("PLACEHOLDER", sb["Password"]);
             Assert.Equal(
-                "user id=SCOTT;password=TiGeR;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
+                "user id=SCOTT;password=PLACEHOLDER;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
                 "TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
                 "(SERVICE_NAME=TESTDB)))\"", sb.ConnectionString);
 
             sb = new DbConnectionStringBuilder(false);
-            sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
+            sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
             Assert.Equal(dataSource, sb["Data Source"]);
             Assert.Equal("SCOTT", sb["User ID"]);
-            Assert.Equal("TiGeR", sb["Password"]);
+            Assert.Equal("PLACEHOLDER", sb["Password"]);
             Assert.Equal(
-                "user id=SCOTT;password=TiGeR;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
+                "user id=SCOTT;password=PLACEHOLDER;data source=\"(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
                 "TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
                 "(SERVICE_NAME=TESTDB)))\"", sb.ConnectionString);
 
             sb = new DbConnectionStringBuilder(true);
-            sb.ConnectionString = "User ID=SCOTT;Password=TiGeR;Data Source=" + dataSource;
+            sb.ConnectionString = "User ID=SCOTT;Password=PLACEHOLDER;Data Source=" + dataSource;
             Assert.Equal(dataSource, sb["Data Source"]);
             Assert.Equal("SCOTT", sb["User ID"]);
-            Assert.Equal("TiGeR", sb["Password"]);
+            Assert.Equal("PLACEHOLDER", sb["Password"]);
             Assert.Equal(
-                "user id=SCOTT;password=TiGeR;data source=(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
+                "user id=SCOTT;password=PLACEHOLDER;data source=(DESCRIPTION=(ADDRESS=(PROTOCOL=" +
                 "TCP)(HOST=192.168.1.101)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)" +
                 "(SERVICE_NAME=TESTDB)))", sb.ConnectionString);
         }
@@ -2078,24 +2078,24 @@ public void EmbeddedCharTest4()
             DbConnectionStringBuilder sb;
 
             sb = new DbConnectionStringBuilder();
-            sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
+            sb.ConnectionString = "PassWord=PLACEHOLDER;uSER iD=someuser;DaTa SoUrCe=testdb";
             sb["Integrated Security"] = "False";
             Assert.Equal(
-                "password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
+                "password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
                 sb.ConnectionString);
 
             sb = new DbConnectionStringBuilder(false);
-            sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
+            sb.ConnectionString = "PassWord=PLACEHOLDER;uSER iD=someuser;DaTa SoUrCe=testdb";
             sb["Integrated Security"] = "False";
             Assert.Equal(
-                "password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
+                "password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
                 sb.ConnectionString);
 
             sb = new DbConnectionStringBuilder(true);
-            sb.ConnectionString = "PassWord=abcdef2;uSER iD=someuser;DaTa SoUrCe=testdb";
+            sb.ConnectionString = "PassWord=PLACEHOLDER;uSER iD=someuser;DaTa SoUrCe=testdb";
             sb["Integrated Security"] = "False";
             Assert.Equal(
-                "password=abcdef2;user id=someuser;data source=testdb;Integrated Security=False",
+                "password=PLACEHOLDER;user id=someuser;data source=testdb;Integrated Security=False",
                 sb.ConnectionString);
         }
 

src/System.Data.SqlClient/tests/Tools/TDS/TDS.Servers/TDSServerArguments.cs

@@ -88,7 +88,7 @@ public TDSServerArguments()
             // By Default SQL authentication will be used.
             FedAuthRequiredPreLoginOption = TdsPreLoginFedAuthRequiredOption.FedAuthNotRequired;
 
-            EncryptionCertificate = new X509Certificate2("TdsServerCertificate.pfx", "SecretPassword123456");
+            EncryptionCertificate = new X509Certificate2("TdsServerCertificate.pfx", "PLACEHOLDER");
 
             ServerPrincipalName = AzureADServicePrincipalName;
             StsUrl = AzureADProductionTokenEndpoint;

src/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs

@@ -677,7 +677,7 @@ await TestHelper.WhenAllCompletedOrAnyFailed(
 
         [Theory]
         [InlineData("Age", "1")]
-        [InlineData("Authorization", "Basic YWxhZGRpbjpvcGVuc2VzYW1l")]
+        [InlineData("Authorization", "Basic YWxhZGRpbjpQTEFDRUhPTERFUgo=")]
         [InlineData("Cache-Control", "no-cache")]
         [InlineData("Content-Encoding", "gzip")]
         [InlineData("Content-Length", "22")]

src/System.Net.Http/tests/UnitTests/HttpEnvironmentProxyTest.cs

@@ -162,7 +162,7 @@ public void HttpProxy_CredentialParsing_Basic()
             {
                 IWebProxy p;
 
-                Environment.SetEnvironmentVariable("all_proxy", "http://foo:bar@1.1.1.1:3000");
+                Environment.SetEnvironmentVariable("all_proxy", "http://foo:PLACEHOLDER@1.1.1.1:3000");
                 Assert.True(HttpEnvironmentProxy.TryCreate(out p));
                 Assert.NotNull(p);
                 Assert.NotNull(p.Credentials);
@@ -174,7 +174,7 @@ public void HttpProxy_CredentialParsing_Basic()
                 Assert.NotNull(p.Credentials);
 
                 // Use different user for http and https
-                Environment.SetEnvironmentVariable("https_proxy", "http://foo1:bar1@1.1.1.1:3000");
+                Environment.SetEnvironmentVariable("https_proxy", "http://foo1:PLACEHOLDER@1.1.1.1:3000");
                 Assert.True(HttpEnvironmentProxy.TryCreate(out p));
                 Assert.NotNull(p);
                 Uri u = p.GetProxy(fooHttp);
@@ -197,7 +197,7 @@ public void HttpProxy_Exceptions_Match()
                 IWebProxy p;
 
                 Environment.SetEnvironmentVariable("no_proxy", ".test.com,, foo.com");
-                Environment.SetEnvironmentVariable("all_proxy", "http://foo:bar@1.1.1.1:3000");
+                Environment.SetEnvironmentVariable("all_proxy", "http://foo:PLACEHOLDER@1.1.1.1:3000");
                 Assert.True(HttpEnvironmentProxy.TryCreate(out p));
                 Assert.NotNull(p);
 
@@ -223,7 +223,7 @@ public static IEnumerable<object[]> HttpProxyNoProxyEnvVarMemberData()
         [MemberData(nameof(HttpProxyNoProxyEnvVarMemberData))]
         public void HttpProxy_TryCreate_CaseInsensitiveVariables(string proxyEnvVar, string noProxyEnvVar)
         {
-            string proxy = "http://foo:bar@1.1.1.1:3000";
+            string proxy = "http://foo:PLACEHOLDER@1.1.1.1:3000";
 
             var options = new RemoteInvokeOptions();
             options.StartInfo.EnvironmentVariables.Add(proxyEnvVar, proxy);
@@ -258,7 +258,7 @@ public static IEnumerable<object[]> HttpProxyCgiEnvVarMemberData()
         public void HttpProxy_TryCreateAndPossibleCgi_HttpProxyUpperCaseDisabledInCgi(
             string proxyEnvVar, bool cgi, bool expectedProxyUse)
         {
-            string proxy = "http://foo:bar@1.1.1.1:3000";
+            string proxy = "http://foo:PLACEHOLDER@1.1.1.1:3000";
 
             var options = new RemoteInvokeOptions();
             options.StartInfo.EnvironmentVariables.Add(proxyEnvVar, proxy);

src/System.Net.WebSockets.Client/tests/ConnectTest.cs

@@ -217,7 +217,7 @@ await LoopbackServer.CreateClientAndServerAsync(async uri =>
                 using (var clientSocket = new ClientWebSocket())
                 using (var cts = new CancellationTokenSource(TimeOutMilliseconds))
                 {
-                    clientSocket.Options.SetRequestHeader("Authorization", "AWS4-HMAC-SHA256 Credential= AKIAXXXXXXXXXXXYSZA /20190301/us-east-2/neptune-db/aws4_request, SignedHeaders=host;x-amz-date, Signature=b8155de54d9faab00000000000000000000000000a07e0d7dda49902e4d9202");
+                    clientSocket.Options.SetRequestHeader("Authorization", "AWS4-HMAC-SHA256 Credential=PLACEHOLDER /20190301/us-east-2/neptune-db/aws4_request, SignedHeaders=host;x-amz-date, Signature=b8155de54d9faab00000000000000000000000000a07e0d7dda49902e4d9202");
                     await clientSocket.ConnectAsync(uri, cts.Token);
                 }
             }, server => server.AcceptConnectionAsync(async connection =>

src/System.Private.Uri/tests/FunctionalTests/UriBuilderRefreshTest.cs

@@ -8,7 +8,7 @@ namespace System.PrivateUri.Tests
 {
     public class UriBuilderRefreshTest
     {
-        private static Uri s_starterUri = new Uri("http://user:psw@host:9090/path/file.txt?query#fragment");
+        private static Uri s_starterUri = new Uri("http://user:PLACEHOLDER@host:9090/path/file.txt?query#fragment");
 
         [Fact]
         public void UriBuilder_ChangeScheme_Refreshed()

src/System.Private.Uri/tests/FunctionalTests/UriBuilderTests.cs

@@ -216,7 +216,7 @@ public void UserName_Get_Set(string value, string expected)
         [InlineData(null, "")]
         public void Password_Get_Set(string value, string expected)
         {
-            var uriBuilder = new UriBuilder("http://userinfo1:userinfo2@domain/path?query#fragment");
+            var uriBuilder = new UriBuilder("http://userinfo1:PLACEHOLDER@domain/path?query#fragment");
             uriBuilder.Password = value;
             Assert.Equal(expected, uriBuilder.Password);
 

src/System.Private.Uri/tests/FunctionalTests/UriRelativeResolutionTest.cs

@@ -17,10 +17,10 @@ public class UriRelativeResolutionTest
     {
         // See RFC 3986 Section 5.2.2 and 5.4 http://www.ietf.org/rfc/rfc3986.txt
 
-        private readonly Uri _fullBaseUri = new Uri("http://user:psw@host:9090/path1/path2/path3/fileA?query#fragment");
-        private const string FullBaseUriGetLeftPart_Path = "http://user:psw@host:9090/path1/path2/path3/fileA";
-        private const string FullBaseUriGetLeftPart_Authority = "http://user:psw@host:9090";
-        private const string FullBaseUriGetLeftPart_Query = "http://user:psw@host:9090/path1/path2/path3/fileA?query";
+        private readonly Uri _fullBaseUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/path3/fileA?query#fragment");
+        private const string FullBaseUriGetLeftPart_Path = "http://user:PLACEHOLDER@host:9090/path1/path2/path3/fileA";
+        private const string FullBaseUriGetLeftPart_Authority = "http://user:PLACEHOLDER@host:9090";
+        private const string FullBaseUriGetLeftPart_Query = "http://user:PLACEHOLDER@host:9090/path1/path2/path3/fileA?query";
 
         [Fact]
         public void Uri_Relative_BaseVsAbsolute_ReturnsFullAbsolute()
@@ -529,7 +529,7 @@ public void Uri_Relative_BaseVsSlashTrippleDotSlash_ReturnsSlashTrippleDotSlash(
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToSamePath_ReturnsQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/path2/path3/fileA?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/path3/fileA?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
 
             string expectedResult = "?AQuery#AFragment"; // compareUri.GetParts(UriComponents.Query | UriComponents.Fragment,UriFormat.Unescaped);
@@ -539,7 +539,7 @@ public void Uri_Relative_BaseMadeRelativeToSamePath_ReturnsQueryAndFragment()
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToLastSlash_ReturnsDotSlashPlusQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/path2/path3/?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/path3/?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 
@@ -552,7 +552,7 @@ public void Uri_Relative_BaseMadeRelativeToLastSlash_ReturnsDotSlashPlusQueryAnd
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToLastSlash_ReturnsDotSlash()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/path2/path3/");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/path3/");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 
@@ -564,7 +564,7 @@ public void Uri_Relative_BaseMadeRelativeToLastSlash_ReturnsDotSlash()
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToLastSlashWithExtra_ReturnsDotSlashPlusQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/path2/path3/Path4/fileb?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/path3/Path4/fileb?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 
@@ -576,7 +576,7 @@ public void Uri_Relative_BaseMadeRelativeToLastSlashWithExtra_ReturnsDotSlashPlu
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToSecondToLastSlash_ReturnsDoubleDotSlashPlusQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/path2/?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/path2/?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 
@@ -588,7 +588,7 @@ public void Uri_Relative_BaseMadeRelativeToSecondToLastSlash_ReturnsDoubleDotSla
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToThirdToLastSlash_ReturnsDoubleDoubleDotSlashPlusQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/path1/?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/path1/?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 
@@ -600,7 +600,7 @@ public void Uri_Relative_BaseMadeRelativeToThirdToLastSlash_ReturnsDoubleDoubleD
         [Fact]
         public void Uri_Relative_BaseMadeRelativeToEmptyPath_ReturnsTrippleDoubleDotSlashPlusQueryAndFragment()
         {
-            Uri compareUri = new Uri("http://user:psw@host:9090/?AQuery#AFragment");
+            Uri compareUri = new Uri("http://user:PLACEHOLDER@host:9090/?AQuery#AFragment");
             Uri relative = _fullBaseUri.MakeRelativeUri(compareUri);
             Uri reassembled = new Uri(_fullBaseUri, relative); // Symetric
 

src/System.Runtime/tests/System/Uri.CreateStringTests.cs

@@ -424,7 +424,7 @@ public static IEnumerable<object[]> Scheme_Authority_TestData()
             yield return new object[] { "http://abc\u1234\u2345\u3456@host/", "http", "abc%E1%88%B4%E2%8D%85%E3%91%96", "host", UriHostNameType.Dns, 80, true, false };
             yield return new object[] { "http://\u1234abc\u2345\u3456@host/", "http", "%E1%88%B4abc%E2%8D%85%E3%91%96", "host", UriHostNameType.Dns, 80, true, false };
             yield return new object[] { "http://\u1234\u2345\u3456abc@host/", "http", "%E1%88%B4%E2%8D%85%E3%91%96abc", "host", UriHostNameType.Dns, 80, true, false };
-            yield return new object[] { "http://userinfo!~+-_*()[]:;&$=123USERINFO@host/", "http", "userinfo!~+-_*()[]:;&$=123USERINFO", "host", UriHostNameType.Dns, 80, true, false };
+            yield return new object[] { "http://userinfo!~+-_*()[]:;&$=123PLACEHOLDER@host/", "http", "userinfo!~+-_*()[]:;&$=123PLACEHOLDER", "host", UriHostNameType.Dns, 80, true, false };
             yield return new object[] { "http://%68%65%6C%6C%6F@host/", "http", "hello", "host", UriHostNameType.Dns, 80, true, false };
             yield return new object[] { @"http://£@host/", "http", "%C2%A3", "host", UriHostNameType.Dns, 80, true, false };
             yield return new object[] { "http://\u1234@host/", "http", "%E1%88%B4", "host", UriHostNameType.Dns, 80, true, false };