ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6418/go/rule.adoc

52 lines
777 B
Plaintext
Raw Normal View History

Create rule S6418: Hard-coded secrets are security-sensitive (#4661) * Add go to rule S6418 * SONARGO-215: Add description for S6418 for Go * Lower default entropy * Simplify code examples --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
2025-02-17 09:24:39 +01:00
:detections: variables/fields
:defaultsensibility: 3
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
[source,go]
----
var secret = "47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37" // Sensitive
func main() {
callMyService(secret)
}
----
== Compliant Solution
[source,go]
----
import "os"
var secret = os.Getenv("SECRET")
func main() {
callMyService(secret)
}
----
include::../see.adoc[]
* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
include::../parameters.adoc[]
'''
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink