# Security Issues in Test Files

- ID: javascript-test-security-issues
- Severity: LOW
- CWE: Hardcoded Credentials (CWE-798)
- Languages: JavaScript, TypeScript
- Frameworks: tests

## Description

Detects security anti-patterns in test files that could leak into production.

While test files don't run in production, they can still pose security risks:
1. **Hard-coded credentials** - Test credentials committed to repos
2. **Real API keys** - Production keys used in tests
3. **Exposed secrets** - Secrets in test fixtures or mocks
4. **Insecure test patterns** - Patterns that might be copy-pasted to production

This rule helps maintain test hygiene and prevents credential leaks.

## Detection Message

Test file contains hard-coded credentials at line {line}

## Remediation

Use environment variables or mock data instead of hard-coded credentials.

## Documentation

[object Object]

## Related Rules

- **Django Insecure SECRET_KEY** [CRITICAL]: 
- **Docker Secrets and Security Best Practices** [CRITICAL]: 
- **Hardcoded Secrets in Source Code** [CRITICAL]: 
- **Hardcoded Secret in Environment Variable Fallback** [HIGH]: 
- **Hardcoded Credentials** [HIGH]: