actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-12-25 20:15:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Go 1.5 does not support width precision specifier

Browse source
This commit is contained in:
Grant Murphy 2017-01-14 14:39:22 -08:00
parent 4b70300e15
commit 4099783722
1 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
rules/hardcoded_credentials.go
View file

@ -15,7 +15,6 @@
package rules package rules
import ( import (
"fmt"
gas "github.com/GoASTScanner/gas/core" gas "github.com/GoASTScanner/gas/core"
"go/ast" "go/ast"
"go/token" "go/token"
@ -30,12 +29,19 @@ type Credentials struct {
pattern *regexp.Regexp pattern *regexp.Regexp
entropyThreshold float64 entropyThreshold float64
perCharThreshold float64 perCharThreshold float64
truncate int64 truncate int
ignoreEntropy bool ignoreEntropy bool
} }
func truncate(s string, n int) string {
if n > len(s) {
return s
}
return s[:n]
}
func (r *Credentials) isHighEntropyString(str string) bool { func (r *Credentials) isHighEntropyString(str string) bool {
s := fmt.Sprintf("%.*s", r.truncate, str) s := truncate(str, r.truncate)
info := zxcvbn.PasswordStrength(s, []string{}) info := zxcvbn.PasswordStrength(s, []string{})
entropyPerChar := info.Entropy / float64(len(s)) entropyPerChar := info.Entropy / float64(len(s))
return (info.Entropy >= r.entropyThreshold || return (info.Entropy >= r.entropyThreshold ||
@ -82,13 +88,15 @@ func (r *Credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Is
if len(valueSpec.Values) <= index { if len(valueSpec.Values) <= index {
index = len(valueSpec.Values) - 1 index = len(valueSpec.Values) - 1
} }
if rhs, ok := valueSpec.Values[index].(*ast.BasicLit); ok && rhs.Kind == token.STRING { if val, err := gas.GetString(valueSpec.Values[index]); err == nil {
if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil
} }
} }
} }
} }
} }
}
return nil, nil return nil, nil
} }
@ -97,7 +105,7 @@ func NewHardcodedCredentials(conf map[string]interface{}) (gas.Rule, []ast.Node)
entropyThreshold := 80.0 entropyThreshold := 80.0
perCharThreshold := 3.0 perCharThreshold := 3.0
ignoreEntropy := false ignoreEntropy := false
var truncateString int64 = 16 var truncateString int = 16
if val, ok := conf["G101"]; ok { if val, ok := conf["G101"]; ok {
conf := val.(map[string]string) conf := val.(map[string]string)
if configPattern, ok := conf["pattern"]; ok { if configPattern, ok := conf["pattern"]; ok {
@ -119,7 +127,7 @@ func NewHardcodedCredentials(conf map[string]interface{}) (gas.Rule, []ast.Node)
} }
} }
if configTruncate, ok := conf["truncate"]; ok { if configTruncate, ok := conf["truncate"]; ok {
if parsedInt, err := strconv.ParseInt(configTruncate, 10, 64); err == nil { if parsedInt, err := strconv.Atoi(configTruncate); err == nil {
truncateString = parsedInt truncateString = parsedInt
} }
} }