Fix additional crash condition

A var GenDecl may not have a value assigned. This error case must be
handled.

Author: gcmurphy

rules/hardcoded_credentials.go

@@ -58,7 +58,7 @@ func (r *Credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Is
 	for _, spec := range decl.Specs {
 		if valueSpec, ok := spec.(*ast.ValueSpec); ok {
 			for index, ident := range valueSpec.Names {
-				if r.pattern.MatchString(ident.Name) {
+				if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
 					// const foo, bar = "same value"
 					if len(valueSpec.Values) <= index {
 						index = len(valueSpec.Values) - 1

rules/hardcoded_credentials_test.go

@@ -98,3 +98,16 @@ func TestHardcodedConstantMulti(t *testing.T) {
 
 	checkTestResults(t, issues, 1, "Potential hardcoded credentials")
 }
+
+func TestHardecodedVarsNotAssigned(t *testing.T) {
+	config := map[string]interface{}{"ignoreNosec": false}
+	analyzer := gas.NewAnalyzer(config, nil)
+	analyzer.AddRule(NewHardcodedCredentials(config))
+	issues := gasTestRunner(`
+		package main 
+		var password string
+		func init() {
+			password = "this is a secret string"
+		}`, analyzer)
+	checkTestResults(t, issues, 1, "Potential hardcoded credentials")
+}