Home / keycloak / keycloak
Repository Analysis

keycloak/keycloak

Open Source Identity and Access Management For Modern Applications and Services

1.4 Likely human-written View on GitHub
1.4
Adjusted Score
1.4
Raw Score
100%
Time Factor
2026-05-30
Last Push
34,645
Stars
Java
Language
1,431,154
Lines of Code
9954
Files
482
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 154HIGH 7MEDIUM 15LOW 306

Pattern Findings

482 matches across 10 categories. Click a row to expand file-level details.

Hallucination Indicators154 hits · 1590 pts
SeverityFileLineSnippet
CRITICAL…rg/keycloak/themeverifier/VerifyMessageProperties.java237 sanitized = org.apache.commons.text.StringEscapeUtils.unescapeHtml4(sanitized);
CRITICAL…rg/keycloak/themeverifier/VerifyMessageProperties.java300 value = org.apache.commons.text.StringEscapeUtils.unescapeHtml4(value);
CRITICAL…uarkus/runtime/cli/UpdateCompatibilityPicocliTest.java96 assertEquals(majorMinorOf(org.infinispan.commons.util.Version.getVersion()), info.get(CacheEmbeddedConfigProvide
CRITICAL…uarkus/runtime/cli/UpdateCompatibilityPicocliTest.java129 String ispnVersion = majorMinorOf(org.infinispan.commons.util.Version.getVersion());
CRITICAL…uarkus/runtime/cli/UpdateCompatibilityPicocliTest.java338 m.put("version", majorMinorOf(org.infinispan.commons.util.Version.getVersion()));
CRITICAL…ain/java/org/keycloak/quarkus/runtime/Environment.java99 if (org.keycloak.common.util.Environment.isDevMode()) {
CRITICAL…ain/java/org/keycloak/quarkus/runtime/Environment.java103 return org.keycloak.common.util.Environment.DEV_PROFILE_VALUE.equals(Configuration.getNonPersistedConfigValue(or
CRITICAL…ain/java/org/keycloak/quarkus/runtime/Environment.java107 return org.keycloak.common.util.Environment.isDevMode();
CRITICAL…in/java/org/keycloak/quarkus/runtime/KeycloakMain.java142 String.format("Failed to start server in (%s) mode", getKeycloakModeFromProfile(org.keycloak.common.util
CRITICAL…in/java/org/keycloak/quarkus/runtime/KeycloakMain.java148 String.format("Failed to start server in (%s) mode", getKeycloakModeFromProfile(org.keycloak
CRITICAL…in/java/org/keycloak/quarkus/runtime/KeycloakMain.java155 String.format("Unexpected error when starting the server in (%s) mode", getKeycloakModeFromProfile(o
CRITICAL…c/main/java/org/keycloak/quarkus/runtime/Messages.java38 if (!org.keycloak.common.util.Environment.DEV_PROFILE_VALUE.equals(org.keycloak.common.util.Environment.getProfi
CRITICAL…untime/configuration/KeycloakConfigSourceProvider.java44 String profile = org.keycloak.common.util.Environment.getProfile();
CRITICAL…runtime/configuration/mappers/HttpPropertyMappers.java239 if (Environment.isDevMode() || org.keycloak.common.util.Environment.isNonServerMode()) {
CRITICAL…time/configuration/mappers/CachingPropertyMappers.java41 (value, context) -> org.keycloak.common.util.Environment.isNonServerMode()
CRITICAL…e/configuration/mappers/HostnameV2PropertyMappers.java59 boolean isProd = Environment.PROD_PROFILE_VALUE.equals(org.keycloak.common.util.Environment.getProfile());
CRITICAL…ain/java/org/keycloak/quarkus/runtime/cli/Picocli.java585 String profile = org.keycloak.common.util.Environment.getProfile();
CRITICAL…ain/java/org/keycloak/quarkus/runtime/cli/Picocli.java932 String profile = Optional.ofNullable(org.keycloak.common.util.Environment.getProfile())
CRITICAL…g/keycloak/quarkus/runtime/cli/command/ShowConfig.java63 String profile = org.keycloak.common.util.Environment.getProfile();
CRITICAL…rkus/runtime/cli/command/AbstractAutoBuildCommand.java55 String profile = org.keycloak.common.util.Environment.getProfile();
CRITICAL…rage/database/liquibase/QuarkusJpaUpdaterProvider.java217 // in org.keycloak.connections.jpa.updater.liquibase.lock.CustomLockService.init() called indirectly from
CRITICAL…ders/java/org/keycloak/it/jaxrs/filter/TestFilter.java63 // should say something like Normal scoped producer method may not return null: org.keycloak.quarkus.runtime
CRITICAL…rg/keycloak/quarkus/deployment/LiquibaseProcessor.java87 classes.removeIf(classInfo -> !org.keycloak.config.database.Database.isLiquibaseDatabaseSupported(classInfo.
CRITICAL…g/keycloak/crypto/hash/Argon2PasswordHashProvider.java117 org.bouncycastle.crypto.params.Argon2Parameters parameters = new org.bouncycastle.crypto.params.Argo
CRITICAL…/keycloak/crypto/elytron/test/ElytronPemUtilsTest.java40 String encoded = org.keycloak.common.util.PemUtils.generateThumbprint(test, "SHA-1");
CRITICAL…/keycloak/crypto/elytron/test/ElytronPemUtilsTest.java47 String encoded = org.keycloak.common.util.PemUtils.generateThumbprint(test, "SHA-256");
CRITICALcore/src/test/java/org/keycloak/util/PemUtilsTest.java30 String encoded = org.keycloak.common.util.PemUtils.generateThumbprint(test, "SHA-1");
CRITICALcore/src/test/java/org/keycloak/util/PemUtilsTest.java37 String encoded = org.keycloak.common.util.PemUtils.generateThumbprint(test, "SHA-256");
CRITICAL…re/src/main/java/org/keycloak/jose/jws/JWSBuilder.java117 if (org.keycloak.crypto.Algorithm.Ed25519.equals(sigAlgName) || org.keycloak.crypto.Algorithm.Ed448.equals(sigAl
CRITICALtestsuite/integration-arquillian/HOW-TO-RUN.md607or not known at org.keycloak.testsuite.util.OAuthClient.doWellKnownRequest(OAuthClient.java:1032)
CRITICALtestsuite/integration-arquillian/HOW-TO-RUN.md608at org.keycloak.testsuite.url.DefaultHostnameTest.assertBackendForcedToFrontendWithMatchingHostname(
CRITICAL…va/org/keycloak/testsuite/broker/KcSamlBrokerTest.java332 assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java171 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java206 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java234 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java290 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java319 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…ak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java377 KeysMetadataRepresentation.KeyMetadataRepresentation key = org.keycloak.testsuite.util.KeyUtils.findActiveSignin
CRITICAL…/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java134 .assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Status.BAD_REQUEST));
CRITICAL…c/test/java/org/keycloak/testsuite/oauth/DPoPTest.java390 JWSHeader jwsEdHeader = new JWSHeader(org.keycloak.jose.jws.Algorithm.valueOf(Algorithm.EdDSA), DPOP_JWT_HEADER_
CRITICAL…/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java376 KeyPair keyPair = org.keycloak.common.util.KeyUtils.generateRsaKeyPair(2048);
CRITICAL…/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java389 KeyPair keyPair = org.keycloak.common.util.KeyUtils.generateRsaKeyPair(2048);
CRITICAL…/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java401 testUploadCertificatePEM(org.keycloak.common.util.KeyUtils.generateRsaKeyPair(2048), Algorithm.RS256, null);
CRITICAL…/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java411 testUploadPublicKeyPem(org.keycloak.common.util.KeyUtils.generateRsaKeyPair(2048), Algorithm.RS256, null);
CRITICAL…/oauth/tokenexchange/ClientTokenExchangeSAML2Test.java692 return org.keycloak.testsuite.util.KeyUtils.publicKeyFromString(keyRep.getPublicKey());
CRITICAL…/oauth/tokenexchange/ClientTokenExchangeSAML2Test.java696 return org.keycloak.testsuite.util.KeyUtils.privateKeyFromString(privateKey);
CRITICAL…/org/keycloak/testsuite/forms/PasswordHashingTest.java425 org.bouncycastle.crypto.params.Argon2Parameters parameters = new org.bouncycastle.crypto.params.Argon2Parame
CRITICAL…ava/org/keycloak/testsuite/util/AssertAdminEvents.java300 int expectedLength = prefix.length() + 1 + org.keycloak.models.utils.KeycloakModelUtils.generateId().len
CRITICAL…va/org/keycloak/testsuite/util/ClientPoliciesUtil.java504 return org.keycloak.common.util.KeyUtils.generateEcKeyPair(ecDomainParamName);
CRITICAL…est/java/org/keycloak/testsuite/util/RealmManager.java98 rep.setCodeSecret(org.keycloak.models.utils.KeycloakModelUtils.generateCodeSecret());
CRITICAL…eycloak/testsuite/oidc/LightWeightAccessTokenTest.java997 runOnServerMaster.run(RunHelpers.reinitializeProviderFactoryWithSystemPropertiesScope(org.keycloak.protocol.Logi
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java143 userRep.setEmail(org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java219 attributes.put(UserModel.USERNAME, org.keycloak.models.utils.KeycloakModelUtils.generateId());
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java222 attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java258 attributes.put(UserModel.USERNAME, org.keycloak.models.utils.KeycloakModelUtils.generateId());
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java261 attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java302 attributes.put(UserModel.USERNAME, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java305 attributes.put(UserModel.EMAIL, org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java509 UserModel user = session.users().addUser(realm, org.keycloak.models.utils.KeycloakModelUtils.generateId());
CRITICAL…g/keycloak/testsuite/user/profile/UserProfileTest.java512 user.setEmail(org.keycloak.models.utils.KeycloakModelUtils.generateId() + "@keycloak.org");
94 more matches not shown…
Hyper-Verbose Identifiers150 hits · 182 pts
SeverityFileLineSnippet
LOWjs/libs/ui-shared/src/utils/errors.ts32export function getNetworkErrorDescription(data: unknown) {
LOW…count-ui/test/account-security/linked-accounts.spec.ts102async function loginWithUsernamePassword(
LOWjs/apps/account-ui/src/api/methods.ts168export async function deleteVerifiableCredential(
LOWjs/apps/admin-ui/test/organization/groups.ts6export async function selectOrgGroupActionToggleItem(page: Page, item: string) {
LOWjs/apps/admin-ui/test/clients/scope.ts9export async function goToClientScopeEvaluateTab(page: Page) {
LOWjs/apps/admin-ui/test/clients/scope.ts22export async function assertTableCellDropdownValue(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/scope.ts26export async function goToGenerateAccessTokenTab(page: Page) {
LOWjs/apps/admin-ui/test/clients/scope.ts30export async function assertHasAccessTokenGenerated(
LOWjs/apps/admin-ui/test/clients/scope.ts40export async function assertNoAccessTokenGenerated(page: Page) {
LOWjs/apps/admin-ui/test/clients/scope.ts47export async function assertHasUserInfoGenerated(page: Page, username: string) {
LOWjs/apps/admin-ui/test/clients/scope.ts62export async function assertHasIdTokenGenerated(page: Page, username: string) {
LOWjs/apps/admin-ui/test/clients/scope.ts80export async function assertNoUserInfoGenerated(page: Page) {
LOWjs/apps/admin-ui/test/clients/initial-access.ts4export async function goToInitialAccessTokenTab(page: Page) {
LOWjs/apps/admin-ui/test/clients/initial-access.ts8export async function assertInitialAccessTokensIsEmpty(page: Page) {
LOWjs/apps/admin-ui/test/clients/initial-access.ts14export async function assertInitialAccessTokensIsNotEmpty(page: Page) {
LOWjs/apps/admin-ui/test/clients/initial-access.ts36export async function assertExpirationGreaterThanZeroError(page: Page) {
LOWjs/apps/admin-ui/test/clients/initial-access.ts50export async function checkSaveButtonIsDisabled(page: Page) {
LOWjs/apps/admin-ui/test/clients/details.ts9function getKeyForCodeExchangeInput(page: Page) {
LOWjs/apps/admin-ui/test/clients/details.ts13export async function selectKeyForCodeExchangeInput(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/details.ts18export async function assertKeyForCodeExchangeInput(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/authorization.ts20export async function clickAuthenticationSaveButton(page: Page) {
LOWjs/apps/admin-ui/test/clients/authorization.ts40export async function assertEmptyStateNotVisible(page: Page) {
LOWjs/apps/admin-ui/test/clients/registration-policies.ts3export async function goToClientRegistrationTab(page: Page) {
LOWjs/apps/admin-ui/test/clients/registration-policies.ts11export async function clickCreateAnonymousPolicy(page: Page) {
LOWjs/apps/admin-ui/test/clients/registration-policies.ts15export async function clickCreateAuthenticatedPolicy(page: Page) {
LOWjs/apps/admin-ui/test/clients/role.ts13export async function goToCreateRoleFromEmptyState(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts13function getKeyForEncryptionAlgorithmInput(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts17function getKeyForEncryptionKeyAlgorithmInput(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts21function getKeyForEncryptionDigestMethodInput(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts25function getKeyForEncryptionMaskGenerationFunctionInput(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts79export async function clickEncryptionAssertions(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts83export async function clickOffEncryptionAssertions(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts96export async function assertNameIdFormatDropdown(page: Page) {
LOWjs/apps/admin-ui/test/clients/saml.ts110export async function selectEncryptionAlgorithmInput(
LOWjs/apps/admin-ui/test/clients/saml.ts117export async function selectEncryptionKeyAlgorithmInput(
LOWjs/apps/admin-ui/test/clients/saml.ts124export async function selectEncryptionDigestMethodInput(
LOWjs/apps/admin-ui/test/clients/saml.ts131export async function selectEncryptionMaskGenerationFunctionInput(
LOWjs/apps/admin-ui/test/clients/saml.ts142export async function assertEncryptionAlgorithm(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/saml.ts146export async function assertEncryptionKeyAlgorithm(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/saml.ts150export async function assertEncryptionDigestMethod(page: Page, value: string) {
LOWjs/apps/admin-ui/test/clients/saml.ts154export async function assertEncryptionMaskGenerationFunction(
LOWjs/apps/admin-ui/test/clients/saml.ts172export async function assertEncryptionAlgorithmInputVisible(
LOWjs/apps/admin-ui/test/clients/saml.ts179export async function assertEncryptionKeyAlgorithmInputVisible(
LOWjs/apps/admin-ui/test/clients/saml.ts186export async function assertEncryptionDigestMethodInputVisible(
LOWjs/apps/admin-ui/test/clients/saml.ts193export async function assertEncryptionMaskGenerationFunctionInputVisible(
LOWjs/apps/admin-ui/test/clients/advanced.ts25export async function assertTestClusterAvailability(
LOWjs/apps/admin-ui/test/clients/advanced.ts42function getAccessTokenSignatureAlgorithm(page: Page) {
LOWjs/apps/admin-ui/test/clients/advanced.ts46export async function selectAccessTokenSignatureAlgorithm(
LOWjs/apps/admin-ui/test/clients/advanced.ts53export async function assertAccessTokenSignatureAlgorithm(
LOWjs/apps/admin-ui/test/clients/advanced.ts71export async function switchOffExcludeSessionStateSwitch(page: Page) {
LOWjs/apps/admin-ui/test/clients/advanced.ts75export async function assertOnExcludeSessionStateSwitch(page: Page) {
LOWjs/apps/admin-ui/test/clients/advanced.ts79export async function clickAllCompatibilitySwitch(page: Page) {
LOWjs/apps/admin-ui/test/clients/advanced.ts94export async function assertTokenLifespanClientOfflineSessionMaxVisible(
LOWjs/apps/admin-ui/test/user-federation/ldap-mapper.ts13export async function fillHardwareAttributeMapper(
LOWjs/apps/admin-ui/test/utils/masthead.ts4export async function assertNotificationMessage(page: Page, message: string) {
LOWjs/apps/admin-ui/test/utils/form.ts67export async function assertSaveButtonIsDisabled(page: Page) {
LOWjs/apps/admin-ui/test/groups/members.ts26export async function toggleIncludeSubGroupUsers(page: Page) {
LOWjs/apps/admin-ui/test/groups/members.ts30export async function assertIncludeSubGroupUsersNotVisible(page: Page) {
LOWjs/apps/admin-ui/test/permissions/main.ts59export async function clickCreatePolicySaveButton(page: Page) {
LOWjs/apps/admin-ui/test/client-scope/main.ts10export async function selectSecondaryFilterAssignedType(
90 more matches not shown…
Fake / Example Data59 hits · 70 pts
SeverityFileLineSnippet
LOWcore/src/test/resources/sdjwt/s3.3-holder-claims.json8 "street_address": "123 Main St",
LOWcore/src/test/resources/sdjwt/s6.1-holder-claims.json9 "street_address": "123 Main St",
LOW…src/test/java/org/keycloak/sdjwt/JsonClaimsetTest.java55 String expected_street_address_claim = "123 Main St";
LOWjs/libs/keycloak-admin-client/README.md59 email: 'user@example.com',
LOWjs/libs/keycloak-admin-client/test/realms.spec.ts430 user.email = "test@test.com";
LOWjs/apps/admin-ui/test/clients/initial-access.spec.ts75 await searchItem(page, placeHolder, "John Doe");
LOWjs/apps/admin-ui/test/clients/main.spec.ts113 await searchItem(page, placeHolder, "John Doe");
LOW…pps/admin-ui/test/client-scope/oid4vci-mappers.spec.ts146 "user@example.com",
LOWjs/apps/admin-ui/src/clients/ssf/tabs/SubjectsTab.tsx266 ? "user@example.com"
LOWjs/apps/admin-ui/src/clients/ssf/tabs/EmitEventsTab.tsx120 // from "user@example.com" to "user-uuid" / "username" / "org-alias"
LOWjs/apps/admin-ui/src/clients/ssf/tabs/EmitEventsTab.tsx351 ? "user@example.com"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json5 "description": "Lorem ipsum dolor sit amet",
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json5 "description": "Lorem ipsum dolor sit amet",
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json14 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json14 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json19 "description": "Lorem ipsum dolor sit"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json24 "description": "Lorem ipsum dolor sit, consecte"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json29 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json29 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json34 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json34 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json39 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json39 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json44 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json44 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json49 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json49 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json54 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json54 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json59 "description": "Lorem ipsum dolor sit "
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json64 "description": "Lorem ipsum dolor sit amet, consecte occaecat"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json64 "description": "Lorem ipsum dolor sit amet, consecte occaecat"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json69 "description": "Lorem ipsum dolor sit amet, consecte"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json69 "description": "Lorem ipsum dolor sit amet, consecte"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json74 "description": "Lorem ipsum dolor"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json79 "description": "Lorem ipsum dolor sit amet"
LOW…pps/admin-ui/src/realm-roles/__tests__/mock-roles.json79 "description": "Lorem ipsum dolor sit amet"
LOW…s/admin-ui/src/realm-settings/themes/PreviewWindow.tsx41 Lorem ipsum dolor sit amet, consectetur adipiscing elit.
LOW…s/admin-ui/src/realm-settings/themes/PreviewWindow.tsx41 Lorem ipsum dolor sit amet, consectetur adipiscing elit.
LOW…testsuite/broker/KcSamlUsernameTemplateMapperTest.java124 updateAccountInformationPage.updateAccountInformation("valid-username", "user@example.com", "John", "Doe");
LOW…st/java/org/keycloak/testsuite/forms/RegisterTest.java693 registerPage.openWithLoginHint("test@test.com");
LOW…st/java/org/keycloak/testsuite/forms/RegisterTest.java695 assertEquals("test@test.com", registerPage.getEmail());
LOW…st/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java232 Assertions.assertEquals("John Doe", idToken.getName());
LOW…g/keycloak/testsuite/user/profile/UserProfileTest.java2011 attributes.put(UserModel.EMAIL, Arrays.asList("test@test.com"));
LOW…ite/federation/UserStorageGracefulDegradationTest.java89 localUser3.setEmail("admin@example.com");
LOW…/test/java/org/keycloak/testsuite/client/CIBATest.java429 bindingMessage = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt
LOW…/test/java/org/keycloak/testsuite/client/CIBATest.java429 bindingMessage = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt
LOW…eycloak/tests/organization/admin/OrganizationTest.java1044 loginPage.fillLoginWithUsernameOnly("user@example.com");
LOW…va/org/keycloak/tests/oid4vc/OID4VCIssuerTestBase.java619 realm.users(createUser("John Doe", Map.of("did", "did:key:1234"), List.of(), Collections.emptyMap()));
LOW…/src/test/java/org/keycloak/tests/admin/UsersTest.java57 createUser("User", "firstName", "lastName", "user@example.com");
LOW…/src/test/java/org/keycloak/tests/admin/UsersTest.java69 createUser("user", "firstName", "lastName", "user@example.com");
LOW…/src/test/java/org/keycloak/tests/admin/UsersTest.java83 createUser("User", "firstName", "lastName", "user@example.com");
LOW…keycloak/tests/workflow/step/NotificationStepTest.java271 .withConfig("to", "admin@example.com")
LOW…keycloak/tests/workflow/step/NotificationStepTest.java279 managedRealm.admin().users().create(UserBuilder.create().username("userXYZ").email("user@example.com").name("Use
LOW…keycloak/tests/workflow/step/NotificationStepTest.java285 assertEquals("admin@example.com", message.getRecipients(jakarta.mail.Message.RecipientType.TO)[0].toString());
LOW…keycloak/tests/workflow/step/NotificationStepTest.java288 verifyEmailContent(message, "admin@example.com", "Disable", "User", "7", "manual-review");
LOW…/test/java/org/keycloak/tests/model/UserModelTest.java490 List<UserModel> users = currentSession.users().searchForUserStream(realm, Map.of(UserModel.SEARCH, "John Doe
LOW…/test/java/org/keycloak/tests/model/UserModelTest.java510 List<UserModel> users = currentSession.users().searchForUserStream(realm, Map.of(UserModel.SEARCH, "John Doe
LOW…eycloak/ssf/transmitter/admin/SsfEmitEventRequest.java34 * "sub_id": { "format": "email", "email": "user@example.com" },
Verbosity Indicators38 hits · 64 pts
SeverityFileLineSnippet
LOW…/resource/schema/attribute/ComplexAttributeSetter.java49 // for now lists can only be of complex types, so we need to check if the return type is assignable
LOW…est/java/org/keycloak/testsuite/oauth/par/ParTest.java324 // Step 2: PAR request with some custom injected parameters
LOW…est/java/org/keycloak/testsuite/oauth/par/ParTest.java339 // Step 3: Attempt to exchange code for token with the "fake code" from PAR
LOW…RequiredActionUpdateEmailTestWithVerificationTest.java570 // Step 1: Login and change email (triggers verification due to realm verification setting)
LOW…RequiredActionUpdateEmailTestWithVerificationTest.java586 // Step 2: Logout and login again (should show pending verification message)
LOW…RequiredActionUpdateEmailTestWithVerificationTest.java598 // Step 3: Complete verification to ensure cache is cleared
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java484 // Step 1: Request token without authorization_details parameter (no scope needed)
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java513 // Step 2: Request the actual credential using ONLY the identifier (no credential_configuration_id)
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java549 // Step 3: Verify that the issued credential structure is valid
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java567 // Step 1: Get pre-authorized code token
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java584 // Step 2: Verify token works at credential endpoint (should succeed)
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java597 // Step 3: Verify token is rejected at Account REST API endpoint (uses BearerTokenAuthenticator)
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java611 // Step 4: Verify token is rejected at Admin REST API endpoint (uses BearerTokenAuthenticator)
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java649 // Step 1: Request token without authorization_details parameter
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java718 // Step 1: Request token with authorization details containing specific claims
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java765 // Step 2: Request the actual credential using the identifier and config id
LOW…uth/OID4VCAuthorizationDetailsFlowPreAuthTestBase.java802 // Step 3: Verify that the issued credential contains the requested claims AND may contain additional claims
LOW…d4vc/issuance/OID4VCAuthorizationCodeFlowTestBase.java170 // Step 1: First login with OID4VCI (should return authorization_details)
LOW…d4vc/issuance/OID4VCAuthorizationCodeFlowTestBase.java175 // Step 2: Logout and clear cookies to isolate sessions strictly
LOW…d4vc/issuance/OID4VCAuthorizationCodeFlowTestBase.java182 // Step 3: Second login - Regular SSO (should NOT return authorization_details)
LOW…d4vc/issuance/OID4VCAuthorizationCodeFlowTestBase.java194 // Step 4: Second token must NOT have authorization_details
LOW…d4vc/issuance/OID4VCAuthorizationCodeFlowTestBase.java198 // Step 5: Credential request with second token must fail
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java81 // Step 1: Create PAR request with authorization_details
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java111 // Step 2: Perform authorization with PAR
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java119 // Step 3: Exchange authorization code for tokens (WITHOUT authorization_details in token request)
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java127 // Step 4: Verify authorization_details is present in token response
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java151 // Step 5: Request the actual credential using the identifier
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java167 // Step 1: Create PAR request with INVALID authorization_details
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java189 // Step 2: Perform authorization with PAR
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java205 // Step 1: Create PAR request WITHOUT authorization_details
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java217 // Step 2: Perform authorization with PAR
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java225 // Step 3: Exchange authorization code for tokens
LOW…ce/signing/OID4VCAuthorizationCodeFlowWithPARTest.java232 // Step 4: Verify authorization_details are derived from requested OID4VC scope
LOW…eycloak/tests/account/AccountRestServiceRolesTest.java186 // Step 1: GET login page, capture cookies from response
LOW…eycloak/tests/account/AccountRestServiceRolesTest.java191 // Step 2: Extract action URL and POST credentials with cookies
LOW…eycloak/tests/account/AccountRestServiceRolesTest.java211 // Step 3: Fetch account console HTML with session cookies
LOW…va/org/keycloak/tests/login/LoginErrorMessageTest.java77 // Step 1: enter valid username on the username-only page
LOW…va/org/keycloak/tests/login/LoginErrorMessageTest.java83 // Step 2: UsernamePasswordForm renders with username hidden (user was pre-set).
Over-Commented Block54 hits · 54 pts
SeverityFileLineSnippet
LOWquarkus/set-quarkus-version.sh1#!/usr/bin/env bash
LOWjs/util/gh-dependabot-failure-stats.sh1#!/usr/bin/env bash
LOWjs/apps/account-ui/src/i18n-type.ts1// This type is aliased to any, so that we can find all the places where we use it.
LOW…ycloak/client/registration/cli/commands/UpdateCmd.java121 }
LOW…ycloak/client/registration/cli/commands/UpdateCmd.java141 //
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java141 *
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java181 // ----- Token Request -----
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java241 // - [2] attach dpop_jkt to Req Obj: YES (RSA)
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java261 // ----- PAR -----
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java321 // - [3] attach dpop_jkt to Form Param: YES (RSA)
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java361 public void testSuccess_Proof_ReqObj_QueryParam() throws Exception {
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java401 assertEquals(200, res.getStatusCode());
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java521 assertEquals("DPoP Proof public key thumbprint does not match dpop_jkt.", pResp.getErrorDescription());
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java561 assertEquals(200, res.getStatusCode());
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java601 dpopProofEncoded = generateSignedDPoPProof(UUID.randomUUID().toString(), HttpMethod.POST, oauth.getEndpoints().g
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java641
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java701 // Authz Endpoint:
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java741 // - [2] attach dpop_jkt to Req Obj: YES (RSA)
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java781 // PAR Endpoint:
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java821 // - [1] attach DPoP Proof: NO
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java861 // - [2] attach dpop_jkt to Req Obj: No
LOW…/org/keycloak/testsuite/oauth/par/ParWithDPoPTest.java901 // Authz Endpoint:
LOW…eycloak/testsuite/forms/AuthenticatorSubflowsTest.java301// String loginFormUrl = oauth.getLoginFormUrl();
LOW…t/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java101
LOW…loak/testsuite/federation/storage/RoleStorageTest.java141// public void testDailyEviction() {
LOW…loak/testsuite/federation/storage/RoleStorageTest.java161//
LOW…loak/testsuite/federation/storage/RoleStorageTest.java181// testIsCached();
LOW…loak/testsuite/federation/storage/RoleStorageTest.java201// });
LOW…loak/testsuite/federation/storage/RoleStorageTest.java221// RoleModel hardcoded = realm.getRole("hardcoded-role");
LOW…loak/testsuite/federation/storage/RoleStorageTest.java241// RealmModel realm = session.realms().getRealmByName("test");
LOW…loak/testsuite/federation/storage/RoleStorageTest.java261// model.setCachePolicy(CacheableStorageProviderModel.CachePolicy.DEFAULT);
LOW…oak/testsuite/federation/storage/GroupStorageTest.java141// model.setEvictionHour(eviction.get(HOUR_OF_DAY));
LOW…oak/testsuite/federation/storage/GroupStorageTest.java161// RoleStorageProviderModel model = realm.getRoleStorageProviders().get(0);
LOW…oak/testsuite/federation/storage/GroupStorageTest.java181//
LOW…oak/testsuite/federation/storage/GroupStorageTest.java201// testNotCached();
LOW…oak/testsuite/federation/storage/GroupStorageTest.java221// testingClient.server().run(session -> {
LOW…oak/testsuite/federation/storage/GroupStorageTest.java241//
LOW…/java/org/keycloak/testsuite/auth/page/AuthServer.java41 }
LOW…/java/org/keycloak/testsuite/model/parameters/Jpa.java141 ;
LOW…ests/client/policies/ClientIdMetadataDocumentTest.java701 // The client_secret and client_secret_expires_at properties MUST NOT be used.
LOW…/transmitter/DefaultSsfTransmitterProviderFactory.java281 if (deliveredRetentionStr != null) {
LOW…ransmitter/stream/StreamConfigInputRepresentation.java41 // Per SSF §8.1.1.1 these are transmitter-supplied — a spec-compliant
LOW…org/keycloak/ssf/transmitter/stream/StreamService.java161 replaceReceiverFields(input, streamConfig);
LOW…org/keycloak/ssf/transmitter/stream/StreamService.java761
LOW…org/keycloak/ssf/transmitter/stream/StreamService.java1321 realm.getName(), client.getClientId(), streamId,
LOW…ansmitter/stream/storage/client/ClientStreamStore.java561 // fallback: the stream creation stamps the transmitter default
LOW…f/transmitter/SsfTransmitterStreamManagementTests.java161 .forEach(this::bestEffortDeleteStream);
LOW…f/transmitter/SsfTransmitterStreamManagementTests.java1221 Assertions.assertEquals(201, response.getStatus(),
LOW…oak/tests/ssf/subject/SsfSubjectRemovalGraceTests.java441 config.log().categoryLevel("org.keycloak.ssf", "DEBUG");
LOW…/org/keycloak/ssf/services/admin/SsfAdminResource.java1021 case STREAM_NOT_FOUND:
LOW.github/scripts/parse-webauthn-metadata.py1#!/usr/bin/env python
LOW…/main/java/org/keycloak/events/outbox/OutboxStore.java141 }
LOW…src/main/java/org/keycloak/services/util/DPoPUtil.java421 // Considering a clock skew, there are two cases about it:
LOW…vices/resources/account/AccountCredentialResource.java361// }
Cross-File Repetition7 hits · 35 pts
SeverityFileLineSnippet
HIGH…/quarkus/deployment/PersistenceXmlDatasourcesTest.java0<persistence-unit name="user-store-pu" transaction-type="jta"> <properties> <property name="jakarta.persistence.jtadatas
HIGH…/quarkus/deployment/PersistenceXmlDatasourcesTest.java0<persistence-unit name="user-store-pu" transaction-type="jta"> <properties> <property name="jakarta.persistence.jtadatas
HIGH…/quarkus/deployment/PersistenceXmlDatasourcesTest.java0<persistence-unit name="user-store-pu" transaction-type="jta"> <properties> <property name="jakarta.persistence.jtadatas
HIGH…/quarkus/deployment/PersistenceXmlDatasourcesTest.java0<persistence-unit name="user-store-pu" transaction-type="jta"> <properties> <property name="jakarta.persistence.jtadatas
HIGH…dmin/client/v2/validation/PutClientValidationTest.java0{ "protocol": "%s", "clientid": "%s", "enabled": true }
HIGH…min/client/v2/validation/PostClientValidationTest.java0{ "protocol": "%s", "clientid": "%s", "enabled": true }
HIGH…client/v2/validation/AbstractClientValidationTest.java0{ "protocol": "%s", "clientid": "%s", "enabled": true }
AI Slop Vocabulary8 hits · 24 pts
SeverityFileLineSnippet
MEDIUM…rg/keycloak/quarkus/runtime/cli/NonRunningPicocli.java15// TODO: could utilize CLIResult
MEDIUM…in/java/org/keycloak/testsuite/utils/tls/TLSUtils.java51 // Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
MEDIUM…rg/keycloak/testsuite/forms/MultipleTabsLoginTest.java443 // seamless login in the second tab, user already authenticated
MEDIUM…rg/keycloak/testsuite/forms/MultipleTabsLoginTest.java456 // seamless authentication in the first tab
MEDIUM…/test/java/org/keycloak/tests/admin/AdminRootTest.java48 // This might not be robust enough. If something made KC on a different port, this would fail.
MEDIUM…c/main/java/org/keycloak/common/util/NetworkUtils.java52 // Definitely not an IPv6, return untouched input.
MEDIUM…c/main/java/org/keycloak/common/util/NetworkUtils.java80 // Definitely not an IPv6, return untouched input.
MEDIUM…cators/client/AttestationBasedClientAuthenticator.java492 // [TODO] The authorization server can utilize the jti value for replay attack detection
Self-Referential Comments7 hits · 21 pts
SeverityFileLineSnippet
MEDIUM.github/codeql/codeql-config-javascript.yml2 # This file is invalid on purpose for testing. Exclude it to prevent an "Unexpected token" error in CodeQL being repor
MEDIUM.github/codeql/codeql-config-typescript.yml2 # This file is invalid on purpose for testing. Exclude it to prevent an "Unexpected token" error in CodeQL being repor
MEDIUM.github/scripts/aws/rds/aurora_create.sh20# Create the Aurora VPC
MEDIUM.github/scripts/aws/rds/aurora_create.sh31# Create the Aurora Subnets
MEDIUM.github/scripts/aws/rds/aurora_create.sh68# Create an Aurora VPC Security Group
MEDIUM.github/scripts/aws/rds/aurora_create.sh104# Create the Aurora DB cluster and instance
MEDIUMoperator/scripts/prepare-olm-test.sh28# Create the test-catalog
Slop Phrases3 hits · 4 pts
SeverityFileLineSnippet
LOW…xecutor/SecureRedirectUrisEnforcerExecutorFactory.java140 "Don't forget to use escaping of special characters like dots as otherwise dot is interpreted as any cha
LOW…ervices/resources/admin/RealmLocalizationResource.java203 // this fallback is no longer needed since the fix for #15845, don't forget to remove it from the API
LOW…ervices/resources/admin/RealmLocalizationResource.java203 // this fallback is no longer needed since the fix for #15845, don't forget to remove it from the API
Redundant / Tautological Comments2 hits · 3 pts
SeverityFileLineSnippet
LOW.github/actions/conditional/conditional.sh63 # Check if changed files matches regex
LOW…tions/testsuite-deprecation-check/deprecation-check.sh16 # Check if changed files matches regex