mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Fix additional crash condition
A var GenDecl may not have a value assigned. This error case must be handled.
This commit is contained in:
parent
5012c34d48
commit
c7bb2dd3b7
2 changed files with 14 additions and 1 deletions
|
@ -58,7 +58,7 @@ func (r *Credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Is
|
|||
for _, spec := range decl.Specs {
|
||||
if valueSpec, ok := spec.(*ast.ValueSpec); ok {
|
||||
for index, ident := range valueSpec.Names {
|
||||
if r.pattern.MatchString(ident.Name) {
|
||||
if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
|
||||
// const foo, bar = "same value"
|
||||
if len(valueSpec.Values) <= index {
|
||||
index = len(valueSpec.Values) - 1
|
||||
|
|
|
@ -98,3 +98,16 @@ func TestHardcodedConstantMulti(t *testing.T) {
|
|||
|
||||
checkTestResults(t, issues, 1, "Potential hardcoded credentials")
|
||||
}
|
||||
|
||||
func TestHardecodedVarsNotAssigned(t *testing.T) {
|
||||
config := map[string]interface{}{"ignoreNosec": false}
|
||||
analyzer := gas.NewAnalyzer(config, nil)
|
||||
analyzer.AddRule(NewHardcodedCredentials(config))
|
||||
issues := gasTestRunner(`
|
||||
package main
|
||||
var password string
|
||||
func init() {
|
||||
password = "this is a secret string"
|
||||
}`, analyzer)
|
||||
checkTestResults(t, issues, 1, "Potential hardcoded credentials")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue