ENDRPrint_12CRelease/rules/java-jdbc-url-with-creds.yml

rules:
  - id: org.yourorg.jdbc.url-with-creds
    languages: [java, python]
    message: "JDBC URL appears to contain credentials. Avoid embedding username/password in URL."
    severity: ERROR
    pattern: $VAR = "$URL"
    metavariable-pattern:
      metavariable: $URL
      pattern: "jdbc:*user=*password=*"