go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-27 22:28:20 +02:00
Code Issues Releases Activity

Switch to valuespec instead of gendecl for hardcoded credential rule (#186)

Browse Source
This commit is contained in:
andyleap
2018-03-08 15:49:49 -08:00
committed by Grant Murphy
parent e76b258456
commit f3c8d59863
1 changed files with 13 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
rules/hardcoded_credentials.go
View File

@@ -16,7 +16,6 @@ package rules
import ( import (
"go/ast" "go/ast"
"go/token"
"regexp" "regexp"
"strconv" "strconv"
@@ -53,8 +52,8 @@ func (r *credentials) Match(n ast.Node, ctx *gas.Context) (*gas.Issue, error) {
switch node := n.(type) { switch node := n.(type) {
case *ast.AssignStmt: case *ast.AssignStmt:
return r.matchAssign(node, ctx) return r.matchAssign(node, ctx)
case *ast.GenDecl: case *ast.ValueSpec:
return r.matchGenDecl(node, ctx) return r.matchValueSpec(node, ctx)
} }
return nil, nil return nil, nil
} }
@@ -76,23 +75,16 @@ func (r *credentials) matchAssign(assign *ast.AssignStmt, ctx *gas.Context) (*ga
return nil, nil return nil, nil
} }
func (r *credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Issue, error) { func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gas.Context) (*gas.Issue, error) {
if decl.Tok != token.CONST && decl.Tok != token.VAR { for index, ident := range valueSpec.Names {
return nil, nil if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
} // const foo, bar = "same value"
for _, spec := range decl.Specs { if len(valueSpec.Values) <= index {
if valueSpec, ok := spec.(*ast.ValueSpec); ok { index = len(valueSpec.Values) - 1
for index, ident := range valueSpec.Names { }
if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil { if val, err := gas.GetString(valueSpec.Values[index]); err == nil {
// const foo, bar = "same value" if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
if len(valueSpec.Values) <= index { return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil
index = len(valueSpec.Values) - 1
}
if val, err := gas.GetString(valueSpec.Values[index]); err == nil {
if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil
}
}
} }
} }
} }
@@ -146,5 +138,5 @@ func NewHardcodedCredentials(conf gas.Config) (gas.Rule, []ast.Node) {
Confidence: gas.Low, Confidence: gas.Low,
Severity: gas.High, Severity: gas.High,
}, },
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.GenDecl)(nil)} }, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ValueSpec)(nil)}
} }