Fix hardcoded_credentials rule to only match on more specific patterns (#1009)

* Fix hardcoded_credentials rule to only match on more specific patterns Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com> * Fix lint warnings Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com> * Fix double escape in regexps Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com> --------- Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2025-06-14 23:45:03 +02:00 · 2023-09-05 18:00:02 +02:00
parent 325eb19a54
commit 6c93653a29
2 changed files with 198 additions and 93 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -273,45 +273,8 @@ package main
 import "fmt"

 func main() {
-	username := "admin"
-	key := "472bb6c8c1871887cc117742ead362d688707d0442de930f7588db9d5ba091cc"
-	fmt.Println("Logging in with: ", username, key)
-}`}, 1, gosec.NewConfig()},
-		{[]string{`
-package main
-
-import "fmt"
-
-const (
-	b = "Bearer: c0df7a0f9b4a6a336029689b5df0712459a4f396c609ab05fd21a9097b4264f7"
-)
-
-func main() {
-	fmt.Println(b)
-}`}, 1, gosec.NewConfig()},
-		{[]string{`
-package main
-
-import "fmt"
-
-const (
-	tooLongConst = "key: c0df7a0f9b4a6a336029689b5df0712459a4f396c609ab05fd21a9097b4264f71294129"
-)
-
-func main() {
-	fmt.Println(tooLongConst)
-}`}, 0, gosec.NewConfig()},
-		{[]string{`
-package main
-
-import "fmt"
-
-const (
-	tooShortConst = "key: c0df7a0f9b4a6a336029689b5df0712459a4f396c609ab05fd21a9097b4264f71294"
-)
-
-func main() {
-	fmt.Println(tooShortConst)
+  customerNameEnvKey := "FOO_CUSTOMER_NAME"
+  fmt.Println(customerNameEnvKey)
 }`}, 0, gosec.NewConfig()},
 		{[]string{`
 package main
@ -319,10 +282,17 @@ package main
 import "fmt"

 func main() {
-	compareStr := "test"
-	if compareStr == "b7997caa846af0c50c095d63d212be2fbaffd35c22c735a905ddba87d85618fd" {
-		fmt.Println(compareStr)
-	}
+  txnID := "3637cfcc1eec55a50f78a7c435914583ccbc75a21dec9a0e94dfa077647146d7"
+  fmt.Println(txnID)
+}`}, 0, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import "fmt"
+
+func main() {
+	urlSecret := "https://username:abcdef0123456789abcdef0123456789abcdef01@contoso.com/"
+  fmt.Println(urlSecret)
 }`}, 1, gosec.NewConfig()},
 		{[]string{`
 package main
@ -330,22 +300,18 @@ package main
 import "fmt"

 func main() {
-	compareTooShort := "test"
-	if compareTooShort == "b7997caa846af0c50c095d63d212be2fbaffd35c22c735a905ddba87d85618d" {
-		fmt.Println(compareTooShort)
-	}
-}`}, 0, gosec.NewConfig()},
+	githubToken := "ghp_iR54dhCYg9Tfmoywi9xLmmKZrrnAw438BYh3"
+  fmt.Println(githubToken)
+}`}, 1, gosec.NewConfig()},
 		{[]string{`
 package main

 import "fmt"

 func main() {
-	compareTooLong := "test"
-	if compareTooLong == "b7997caa846af0c50c095d63d212be2fbaffd35c22c735a905ddba87d85618fd11" {
-		fmt.Println(compareTooLong)
-	}
-}`}, 0, gosec.NewConfig()},
+	awsAccessKeyID := "AKIAI44QH8DHBEXAMPLE"
+  fmt.Println(awsAccessKeyID)
+}`}, 1, gosec.NewConfig()},
 		{[]string{`
 package main

@ -356,28 +322,6 @@ func main() {
 	if compareGoogleAPI == "AIzajtGS_aJGkoiAmSbXzu9I-1eytAi9Lrlh-vT" {
 		fmt.Println(compareGoogleAPI)
 	}
-}`}, 1, gosec.NewConfig()},
-		{[]string{`
-package main
-
-import "fmt"
-
-const (
-	githubPAT = "key: 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"
-)
-
-func main() {
-	fmt.Println(githubPAT)
-}`}, 1, gosec.NewConfig()},
-		{[]string{`
-package main
-
-import "fmt"
-
-func main() {
-	username := "admin"
-	googOAuthSec := "uibYYslvAUKn2ORRJ7EaZtMs"
-	fmt.Println("Logging in with: ", username, googOAuthSec)
 }`}, 1, gosec.NewConfig()},
 	}