go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-25 22:22:17 +02:00
Code Issues Releases Activity

Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule

Browse Source
This commit is contained in:
Grant Murphy
2018-03-09 10:54:34 +10:00
parent f3c8d59863 429ac07bbd
commit 58a48c471c
27 changed files with 289 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
rules/hardcoded_credentials.go
View File

@@ -32,6 +32,10 @@ type credentials struct {
ignoreEntropy bool
}
func (r *credentials) ID() string {
return r.MetaData.ID
}
func truncate(s string, n int) string {
if n > len(s) {
return s
@@ -94,7 +98,7 @@ func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gas.Context)
// NewHardcodedCredentials attempts to find high entropy string constants being
// assigned to variables that appear to be related to credentials.
func NewHardcodedCredentials(conf gas.Config) (gas.Rule, []ast.Node) {
func NewHardcodedCredentials(id string, conf gas.Config) (gas.Rule, []ast.Node) {
pattern := `(?i)passwd|pass|password|pwd|secret|token`
entropyThreshold := 80.0
perCharThreshold := 3.0
@@ -134,6 +138,7 @@ func NewHardcodedCredentials(conf gas.Config) (gas.Rule, []ast.Node) {
ignoreEntropy: ignoreEntropy,
truncate: truncateString,
MetaData: gas.MetaData{
ID: id,
What: "Potential hardcoded credentials",
Confidence: gas.Low,
Severity: gas.High,