Skip to content

Commit f3c8d59

Browse files
andyleapgcmurphy
andyleap
authored and
gcmurphy
committed
Switch to valuespec instead of gendecl for hardcoded credential rule (#186)
1 parent e76b258 commit f3c8d59

File tree

1 file changed

+13
-21
lines changed

1 file changed

+13
-21
lines changed

rules/hardcoded_credentials.go

Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@ package rules
1616

1717
import (
1818
"go/ast"
19-
"go/token"
2019
"regexp"
2120
"strconv"
2221

@@ -53,8 +52,8 @@ func (r *credentials) Match(n ast.Node, ctx *gas.Context) (*gas.Issue, error) {
5352
switch node := n.(type) {
5453
case *ast.AssignStmt:
5554
return r.matchAssign(node, ctx)
56-
case *ast.GenDecl:
57-
return r.matchGenDecl(node, ctx)
55+
case *ast.ValueSpec:
56+
return r.matchValueSpec(node, ctx)
5857
}
5958
return nil, nil
6059
}
@@ -76,23 +75,16 @@ func (r *credentials) matchAssign(assign *ast.AssignStmt, ctx *gas.Context) (*ga
7675
return nil, nil
7776
}
7877

79-
func (r *credentials) matchGenDecl(decl *ast.GenDecl, ctx *gas.Context) (*gas.Issue, error) {
80-
if decl.Tok != token.CONST && decl.Tok != token.VAR {
81-
return nil, nil
82-
}
83-
for _, spec := range decl.Specs {
84-
if valueSpec, ok := spec.(*ast.ValueSpec); ok {
85-
for index, ident := range valueSpec.Names {
86-
if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
87-
// const foo, bar = "same value"
88-
if len(valueSpec.Values) <= index {
89-
index = len(valueSpec.Values) - 1
90-
}
91-
if val, err := gas.GetString(valueSpec.Values[index]); err == nil {
92-
if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
93-
return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil
94-
}
95-
}
78+
func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gas.Context) (*gas.Issue, error) {
79+
for index, ident := range valueSpec.Names {
80+
if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
81+
// const foo, bar = "same value"
82+
if len(valueSpec.Values) <= index {
83+
index = len(valueSpec.Values) - 1
84+
}
85+
if val, err := gas.GetString(valueSpec.Values[index]); err == nil {
86+
if r.ignoreEntropy || (!r.ignoreEntropy && r.isHighEntropyString(val)) {
87+
return gas.NewIssue(ctx, valueSpec, r.What, r.Severity, r.Confidence), nil
9688
}
9789
}
9890
}
@@ -146,5 +138,5 @@ func NewHardcodedCredentials(conf gas.Config) (gas.Rule, []ast.Node) {
146138
Confidence: gas.Low,
147139
Severity: gas.High,
148140
},
149-
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.GenDecl)(nil)}
141+
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ValueSpec)(nil)}
150142
}

0 commit comments

Comments
 (0)