actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Smarter hard-coded credentials check

Browse source 
Check right-hand side expr for literals when looking for hard-coded
credentials. This is to avoid issuing warnings for cases where a
password, token, etc. is read from a file or a terminal.
This commit is contained in:
Cedric Staub 2016-07-27 22:51:34 -07:00
parent 81b5e98828
commit 3cd0ebee96
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
rules/hardcoded_credentials.go
View file

@ -15,9 +15,10 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"go/ast" "go/ast"
"regexp" "regexp"
gas "github.com/HewlettPackard/gas/core"
) )
type CredsAssign struct { type CredsAssign struct {
@ -30,8 +31,11 @@ func (r *CredsAssign) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
for _, i := range node.Lhs { for _, i := range node.Lhs {
if ident, ok := i.(*ast.Ident); ok { if ident, ok := i.(*ast.Ident); ok {
if r.pattern.MatchString(ident.Name) { if r.pattern.MatchString(ident.Name) {
gi = gas.NewIssue(c, n, r.What, r.Severity, r.Confidence) for _, e := range node.Rhs {
break if _, ok := e.(*ast.BasicLit); ok {
return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil
}
}
} }
} }
} }