actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 11:35:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Smarter hard-coded credentials check

Browse source 
Check right-hand side expr for literals when looking for hard-coded
credentials. This is to avoid issuing warnings for cases where a
password, token, etc. is read from a file or a terminal.
This commit is contained in:
Cedric Staub 2016-07-27 22:51:34 -07:00
parent 81b5e98828
commit 3cd0ebee96
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
rules/hardcoded_credentials.go
View file

@ -15,9 +15,10 @@
package rules
import (
gas "github.com/HewlettPackard/gas/core"
"go/ast"
"regexp"
gas "github.com/HewlettPackard/gas/core"
)
type CredsAssign struct {
@ -30,8 +31,11 @@ func (r *CredsAssign) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
for _, i := range node.Lhs {
if ident, ok := i.(*ast.Ident); ok {
if r.pattern.MatchString(ident.Name) {
gi = gas.NewIssue(c, n, r.What, r.Severity, r.Confidence)
break
for _, e := range node.Rhs {
if _, ok := e.(*ast.BasicLit); ok {
return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil
}
}
}
}
}