mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
feat: adding new keyword for hardcoded credentials (#666)
This commit is contained in:
parent
a484c77736
commit
2a4064d45d
2 changed files with 77 additions and 1 deletions
|
@ -117,7 +117,7 @@ func (r *credentials) matchEqualityCheck(binaryExpr *ast.BinaryExpr, ctx *gosec.
|
||||||
// NewHardcodedCredentials attempts to find high entropy string constants being
|
// NewHardcodedCredentials attempts to find high entropy string constants being
|
||||||
// assigned to variables that appear to be related to credentials.
|
// assigned to variables that appear to be related to credentials.
|
||||||
func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
pattern := `(?i)passwd|pass|password|pwd|secret|token`
|
pattern := `(?i)passwd|pass|password|pwd|secret|token|pw|apiKey|bearer|cred`
|
||||||
entropyThreshold := 80.0
|
entropyThreshold := 80.0
|
||||||
perCharThreshold := 3.0
|
perCharThreshold := 3.0
|
||||||
ignoreEntropy := false
|
ignoreEntropy := false
|
||||||
|
|
|
@ -105,6 +105,82 @@ func main() {
|
||||||
fmt.Println("password equality")
|
fmt.Println("password equality")
|
||||||
}
|
}
|
||||||
}`}, 0, gosec.NewConfig()},
|
}`}, 0, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
const (
|
||||||
|
pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
fmt.Println(pw)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
var (
|
||||||
|
pw string
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
|
||||||
|
fmt.Println(pw)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
const (
|
||||||
|
cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
fmt.Println(cred)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
var (
|
||||||
|
cred string
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
|
||||||
|
fmt.Println(cred)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
const (
|
||||||
|
apiKey = "KjasdlkjapoIKLlka98098sdf012U"
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
fmt.Println(apiKey)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
var (
|
||||||
|
apiKey string
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
apiKey = "KjasdlkjapoIKLlka98098sdf012U"
|
||||||
|
fmt.Println(apiKey)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
const (
|
||||||
|
bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09"
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
fmt.Println(bearer)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import "fmt"
|
||||||
|
var (
|
||||||
|
bearer string
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09"
|
||||||
|
fmt.Println(bearer)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
|
|
||||||
// SampleCodeG102 code snippets for network binding
|
// SampleCodeG102 code snippets for network binding
|
||||||
|
|
Loading…
Reference in a new issue