diff --git a/rules/hardcoded_credentials.go b/rules/hardcoded_credentials.go index acdd583..791bb5d 100644 --- a/rules/hardcoded_credentials.go +++ b/rules/hardcoded_credentials.go @@ -117,7 +117,7 @@ func (r *credentials) matchEqualityCheck(binaryExpr *ast.BinaryExpr, ctx *gosec. // NewHardcodedCredentials attempts to find high entropy string constants being // assigned to variables that appear to be related to credentials. func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { - pattern := `(?i)passwd|pass|password|pwd|secret|token` + pattern := `(?i)passwd|pass|password|pwd|secret|token|pw|apiKey|bearer|cred` entropyThreshold := 80.0 perCharThreshold := 3.0 ignoreEntropy := false diff --git a/testutils/source.go b/testutils/source.go index c69e10b..dba9612 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -105,6 +105,82 @@ func main() { fmt.Println("password equality") } }`}, 0, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +const ( + pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA==" +) +func main() { + fmt.Println(pw) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +var ( + pw string +) +func main() { + pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA==" + fmt.Println(pw) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +const ( + cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA==" +) +func main() { + fmt.Println(cred) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +var ( + cred string +) +func main() { + cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA==" + fmt.Println(cred) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +const ( + apiKey = "KjasdlkjapoIKLlka98098sdf012U" +) +func main() { + fmt.Println(apiKey) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +var ( + apiKey string +) +func main() { + apiKey = "KjasdlkjapoIKLlka98098sdf012U" + fmt.Println(apiKey) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +const ( + bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09" +) +func main() { + fmt.Println(bearer) +}`}, 1, gosec.NewConfig()}, + {[]string{` +package main +import "fmt" +var ( + bearer string +) +func main() { + bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09" + fmt.Println(bearer) +}`}, 1, gosec.NewConfig()}, } // SampleCodeG102 code snippets for network binding