actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)

Browse source 
* Update hardcoded_credentials.go

adaper equal expr which const value at left.
```
if "Tr0ub4dour_UPL&&LOlo" == pwd
```

* Update hardcoded_credentials.go

check ident not equal nil

* adapter const == key hardcoded, add testcases
This commit is contained in:
bean.zhang 2023-01-31 16:52:37 +08:00 committed by GitHub
parent 9432e676a8
commit a624254e39
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
rules/hardcoded_credentials.go
View file

@ -101,16 +101,23 @@ func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gosec.Contex
func (r *credentials) matchEqualityCheck(binaryExpr *ast.BinaryExpr, ctx *gosec.Context) (*gosec.Issue, error) {
if binaryExpr.Op == token.EQL || binaryExpr.Op == token.NEQ {
if ident, ok := binaryExpr.X.(*ast.Ident); ok {
if r.pattern.MatchString(ident.Name) {
if val, err := gosec.GetString(binaryExpr.Y); err == nil {
ident, ok := binaryExpr.X.(*ast.Ident)
if !ok {
ident, _ = binaryExpr.Y.(*ast.Ident)
}
if ident != nil && r.pattern.MatchString(ident.Name) {
valueNode := binaryExpr.Y
if !ok {
valueNode = binaryExpr.X
}
if val, err := gosec.GetString(valueNode); err == nil {
if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
return gosec.NewIssue(ctx, binaryExpr, r.ID(), r.What, r.Severity, r.Confidence), nil
}
}
}
}
}
return nil, nil
}

33
testutils/source.go
View file

@ -113,6 +113,17 @@ package main
import "fmt"
func main() {
var password string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" == password {
fmt.Println("password equality")
}
}`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
var password string
if password != "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" {
@ -124,6 +135,17 @@ package main
import "fmt"
func main() {
var password string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" != password {
fmt.Println("password equality")
}
}`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
var p string
if p != "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" {
@ -135,6 +157,17 @@ package main
import "fmt"
func main() {
var p string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" != p {
fmt.Println("password equality")
}
}`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
const (
pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
)