mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Handle inbalanced declaration of constants
The following code would create a panic condition: const foo, bar = "some thing" Fixes #84
This commit is contained in:
parent
a3fcd96f57
commit
5012c34d48
2 changed files with 23 additions and 0 deletions
|
@ -59,6 +59,10 @@ func (r *Credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Is
|
|||
if valueSpec, ok := spec.(*ast.ValueSpec); ok {
|
||||
for index, ident := range valueSpec.Names {
|
||||
if r.pattern.MatchString(ident.Name) {
|
||||
// const foo, bar = "same value"
|
||||
if len(valueSpec.Values) <= index {
|
||||
index = len(valueSpec.Values) - 1
|
||||
}
|
||||
if _, ok := valueSpec.Values[index].(*ast.BasicLit); ok {
|
||||
return gas.NewIssue(ctx, decl, r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
|
|
|
@ -79,3 +79,22 @@ func TestHardcodedConstant(t *testing.T) {
|
|||
|
||||
checkTestResults(t, issues, 1, "Potential hardcoded credentials")
|
||||
}
|
||||
|
||||
func TestHardcodedConstantMulti(t *testing.T) {
|
||||
config := map[string]interface{}{"ignoreNosec": false}
|
||||
analyzer := gas.NewAnalyzer(config, nil)
|
||||
analyzer.AddRule(NewHardcodedCredentials(config))
|
||||
|
||||
issues := gasTestRunner(`
|
||||
package samples
|
||||
|
||||
import "fmt"
|
||||
|
||||
const username, password = "secret"
|
||||
|
||||
func main() {
|
||||
fmt.Println("Doing something with: ", username, password)
|
||||
}`, analyzer)
|
||||
|
||||
checkTestResults(t, issues, 1, "Potential hardcoded credentials")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue