Create rule S6418: Hard-coded secrets are security-sensitive (#4661)

* Add go to rule S6418 * SONARGO-215: Add description for S6418 for Go * Lower default entropy * Simplify code examples --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
2025-02-17 09:24:39 +01:00 · 2025-02-17 09:24:39 +01:00 · 29db082484
commit 29db082484
parent 00213b7c50
2 changed files with 53 additions and 0 deletions
--- a/rules/S6418/go/metadata.json
+++ b/rules/S6418/go/metadata.json
@ -0,0 +1,2 @@
+{
+}
--- a/rules/S6418/go/rule.adoc
+++ b/rules/S6418/go/rule.adoc
@ -0,0 +1,51 @@
+:detections: variables/fields
+:defaultsensibility: 3
+
+include::../description.adoc[]
+
+include::../ask-yourself.adoc[]
+
+include::../recommended.adoc[]
+
+== Sensitive Code Example
+
+[source,go]
+----
+var secret = "47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37" // Sensitive
+
+func main() {
+    callMyService(secret)
+}
+----
+
+== Compliant Solution
+
+[source,go]
+----
+import "os"
+
+var secret = os.Getenv("SECRET")
+
+func main() {
+    callMyService(secret)
+}
+----
+
+
+include::../see.adoc[]
+
+* MSC - https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[MSC03-J - Never hard code sensitive information] 
+
+
+ifdef::env-github,rspecator-view[]
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+
+include::../parameters.adoc[]
+
+'''
+endif::env-github,rspecator-view[]