mirror of https://github.com/securego/gosec.git synced 2025-03-19 21:08:30 +02:00
Cosmin Cojocar ac75d44f56 Fix nosec when applied to a block
Handle properly nosec directive when applied to a block or as a single
line on a multi-line issue.

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-28 12:54:05 +02:00

393 lines
6.1 KiB

package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG101 code snippets for hardcoded credentials
SampleCodeG101 = []CodeSample{
package main
import "fmt"
func main() {
username := "admin"
password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
fmt.Println("Doing something with: ", username, password)
`}, 1, gosec.NewConfig()},
// Entropy check should not report this error by default
package main
import "fmt"
func main() {
username := "admin"
password := "secret"
fmt.Println("Doing something with: ", username, password)
`}, 0, gosec.NewConfig()},
package main
import "fmt"
var password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() {
username := "admin"
fmt.Println("Doing something with: ", username, password)
`}, 1, gosec.NewConfig()},
package main
import "fmt"
const password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() {
username := "admin"
fmt.Println("Doing something with: ", username, password)
`}, 1, gosec.NewConfig()},
package main
import "fmt"
const (
username = "user"
password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() {
fmt.Println("Doing something with: ", username, password)
`}, 1, gosec.NewConfig()},
package main
var password string
func init() {
password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
`}, 1, gosec.NewConfig()},
package main
const (
ATNStateSomethingElse = 1
ATNStateTokenStart = 42
func main() {
`}, 0, gosec.NewConfig()},
package main
const (
ATNStateTokenStart = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
var password string
if password == "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" {
fmt.Println("password equality")
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
var password string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" == password {
fmt.Println("password equality")
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
var password string
if password != "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" {
fmt.Println("password equality")
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
var password string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" != password {
fmt.Println("password equality")
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
var p string
if p != "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" {
fmt.Println("password equality")
`}, 0, gosec.NewConfig()},
package main
import "fmt"
func main() {
var p string
if "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" != p {
fmt.Println("password equality")
`}, 0, gosec.NewConfig()},
package main
import "fmt"
const (
pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
var (
pw string
func main() {
pw = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
`}, 1, gosec.NewConfig()},
package main
import "fmt"
const (
cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
var (
cred string
func main() {
cred = "KjasdlkjapoIKLlka98098sdf012U/rL2sLdBqOHQUlt5Z6kCgKGDyCFA=="
`}, 1, gosec.NewConfig()},
package main
import "fmt"
const (
apiKey = "KjasdlkjapoIKLlka98098sdf012U"
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
var (
apiKey string
func main() {
apiKey = "KjasdlkjapoIKLlka98098sdf012U"
`}, 1, gosec.NewConfig()},
package main
import "fmt"
const (
bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09"
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
var (
bearer string
func main() {
bearer = "Bearer: 2lkjdfoiuwer092834kjdwf09"
`}, 1, gosec.NewConfig()},
package main
import "fmt"
// #nosec G101
const (
ConfigLearnerTokenAuth string = "learner_auth_token_config" // #nosec G101
func main() {
fmt.Printf("%s\n", ConfigLearnerTokenAuth)
`}, 0, gosec.NewConfig()},
package main
import "fmt"
// #nosec G101
const (
ConfigLearnerTokenAuth string = "learner_auth_token_config"
func main() {
fmt.Printf("%s\n", ConfigLearnerTokenAuth)
`}, 0, gosec.NewConfig()},
package main
import "fmt"
const (
ConfigLearnerTokenAuth string = "learner_auth_token_config" // #nosec G101
func main() {
fmt.Printf("%s\n", ConfigLearnerTokenAuth)
`}, 0, gosec.NewConfig()},
// SampleCodeG101Values code snippets for hardcoded credentials
SampleCodeG101Values = []CodeSample{
package main
import "fmt"
func main() {
customerNameEnvKey := "FOO_CUSTOMER_NAME"
`}, 0, gosec.NewConfig()},
package main
import "fmt"
func main() {
txnID := "3637cfcc1eec55a50f78a7c435914583ccbc75a21dec9a0e94dfa077647146d7"
`}, 0, gosec.NewConfig()},
package main
import "fmt"
func main() {
urlSecret := "https://username:abcdef0123456789abcdef0123456789abcdef01@contoso.com/"
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
githubToken := "ghp_iR54dhCYg9Tfmoywi9xLmmKZrrnAw438BYh3"
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
`}, 1, gosec.NewConfig()},
package main
import "fmt"
func main() {
compareGoogleAPI := "test"
if compareGoogleAPI == "AIzajtGS_aJGkoiAmSbXzu9I-1eytAi9Lrlh-vT" {
`}, 1, gosec.NewConfig()},