Skip to content

Commit f5d9fe6

Browse files
atorralbaatorralba
authored
Merge pull request github#15615 from atorralba/atorralba/go/hardcoded-credentials-test-fix
Go: Use less confusing name for hardcoded credentials tests
2 parents 99ac640 + 1202b5b commit f5d9fe6

File tree

2 files changed

+24
-24
lines changed

2 files changed

+24
-24
lines changed

go/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,14 @@
1212
| jwt.go:114:16:114:24 | sharedKey | Hard-coded credential. | jwt.go:113:22:113:27 | "key9" | password |
1313
| jwt.go:120:16:120:30 | sharedKeyglobal | Hard-coded credential. | jwt.go:117:30:117:36 | "key10" | password |
1414
| jwt.go:126:20:126:34 | type conversion | Hard-coded credential. | jwt.go:126:27:126:33 | "key11" | password |
15-
| jwt.go:143:39:143:46 | safeName | Hard-coded credential. | jwt.go:141:21:141:27 | "key12" | password |
16-
| jwt.go:152:11:152:18 | safeName | Hard-coded credential. | jwt.go:148:21:148:27 | "key13" | password |
17-
| jwt.go:160:34:160:41 | safeName | Hard-coded credential. | jwt.go:159:21:159:27 | "key14" | password |
18-
| jwt.go:166:32:166:39 | safeName | Hard-coded credential. | jwt.go:165:21:165:27 | "key15" | password |
19-
| jwt.go:172:41:172:48 | safeName | Hard-coded credential. | jwt.go:171:21:171:27 | "key16" | password |
20-
| jwt.go:178:51:178:58 | safeName | Hard-coded credential. | jwt.go:177:21:177:27 | "key17" | password |
21-
| jwt.go:184:42:184:49 | safeName | Hard-coded credential. | jwt.go:183:21:183:27 | "key18" | password |
22-
| jwt.go:192:33:192:40 | safeName | Hard-coded credential. | jwt.go:189:21:189:27 | "key19" | password |
15+
| jwt.go:143:39:143:41 | key | Hard-coded credential. | jwt.go:141:16:141:22 | "key12" | password |
16+
| jwt.go:152:11:152:13 | key | Hard-coded credential. | jwt.go:148:16:148:22 | "key13" | password |
17+
| jwt.go:160:34:160:36 | key | Hard-coded credential. | jwt.go:159:16:159:22 | "key14" | password |
18+
| jwt.go:166:32:166:34 | key | Hard-coded credential. | jwt.go:165:16:165:22 | "key15" | password |
19+
| jwt.go:172:41:172:43 | key | Hard-coded credential. | jwt.go:171:16:171:22 | "key16" | password |
20+
| jwt.go:178:51:178:53 | key | Hard-coded credential. | jwt.go:177:16:177:22 | "key17" | password |
21+
| jwt.go:184:42:184:44 | key | Hard-coded credential. | jwt.go:183:16:183:22 | "key18" | password |
22+
| jwt.go:192:33:192:35 | key | Hard-coded credential. | jwt.go:189:16:189:22 | "key19" | password |
2323
| main.go:6:14:6:23 | "p4ssw0rd" | Hard-coded $@. | main.go:6:14:6:23 | "p4ssw0rd" | password |
2424
| main.go:12:1:26:30 | `-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC/tzdtXKXcX6F3v3hR6+uYyZpIeXhhLflJkY2eILLQfAnwKlT5\nxIHW5QZcHQV9sCyZ8qSdPGif7PwgMbButMbByiZhCSugUFb6vjVqoktmslYF4LKH\niDgvmlwuJW0TvynxBLzDCwrRP+gpRT8wuAortWAx/03POTw7Mzi2cIPNsQIDAQAB\nAoGAMHCrqY9CPTdQhgAz94cDpTwzJmLCvtMt7J/BR5X9eF4O6MbZZ652HAUMIVQX\n4hUUf+VmIHB2AwqO/ddwO9ijaz04BslOSy/iYevHGlH65q4587NSlFWjvILMIQCM\nGBjfzJIxlLHVhjc2cFnyAE5YWjF/OMnJN0OhP9pxmCP/iM0CQQDxmQndQLdnV7+6\n8SvBHE8bg1LE8/BzTt68U3aWwiBjrHMFgzr//7Za4VF7h4ilFgmbh0F3sYz+C8iO\n0JrBRPeLAkEAyyTwnv/pgqTS/wuxIHUxRBpbdk3YvILAthNrGQg5uzA7eSeFu7Mv\nGtEkXsaqCDbdehgarFfNN8PB6OMRIbsXMwJBAOjhH8UJ0L/osYO9XPO0GfznRS1c\nBnbfm4vk1/bSAO6TF/xEVubU0i4f6q8sIecfqvskEVMS7lkjeptPMR0DIakCQE+7\nuQH/Wizf+r0GXshplyOu4LVHisk63N7aMlAJ7XbuUHmWLKRmiReSfR8CBNzig/2X\nFmkMsUyw9hwte5zsrQcCQQCrOkZvzUj9j1HKG+32EJ2E4kisJZmAgF9GI+z6oxpi\nExped5tp8EWytCjRwKhOcc0068SgaqhKvyyUWpbx32VQ\n-----END RSA PRIVATE KEY-----` | Hard-coded private key. | main.go:12:1:26:30 | `-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC/tzdtXKXcX6F3v3hR6+uYyZpIeXhhLflJkY2eILLQfAnwKlT5\nxIHW5QZcHQV9sCyZ8qSdPGif7PwgMbButMbByiZhCSugUFb6vjVqoktmslYF4LKH\niDgvmlwuJW0TvynxBLzDCwrRP+gpRT8wuAortWAx/03POTw7Mzi2cIPNsQIDAQAB\nAoGAMHCrqY9CPTdQhgAz94cDpTwzJmLCvtMt7J/BR5X9eF4O6MbZZ652HAUMIVQX\n4hUUf+VmIHB2AwqO/ddwO9ijaz04BslOSy/iYevHGlH65q4587NSlFWjvILMIQCM\nGBjfzJIxlLHVhjc2cFnyAE5YWjF/OMnJN0OhP9pxmCP/iM0CQQDxmQndQLdnV7+6\n8SvBHE8bg1LE8/BzTt68U3aWwiBjrHMFgzr//7Za4VF7h4ilFgmbh0F3sYz+C8iO\n0JrBRPeLAkEAyyTwnv/pgqTS/wuxIHUxRBpbdk3YvILAthNrGQg5uzA7eSeFu7Mv\nGtEkXsaqCDbdehgarFfNN8PB6OMRIbsXMwJBAOjhH8UJ0L/osYO9XPO0GfznRS1c\nBnbfm4vk1/bSAO6TF/xEVubU0i4f6q8sIecfqvskEVMS7lkjeptPMR0DIakCQE+7\nuQH/Wizf+r0GXshplyOu4LVHisk63N7aMlAJ7XbuUHmWLKRmiReSfR8CBNzig/2X\nFmkMsUyw9hwte5zsrQcCQQCrOkZvzUj9j1HKG+32EJ2E4kisJZmAgF9GI+z6oxpi\nExped5tp8EWytCjRwKhOcc0068SgaqhKvyyUWpbx32VQ\n-----END RSA PRIVATE KEY-----` | certificate |
2525
| main.go:44:14:44:19 | "p4ss" | Hard-coded $@. | main.go:44:14:44:19 | "p4ss" | password |

go/ql/test/query-tests/Security/CWE-798/jwt.go

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -138,56 +138,56 @@ func gogfjwt() interface{} {
138138
}
139139

140140
func irisjwt() interface{} {
141-
safeName := []byte("key12")
141+
key := []byte("key12")
142142
token := iris.NewTokenWithClaims(nil, nil)
143-
tokenString, _ := token.SignedString(safeName) // BAD
143+
tokenString, _ := token.SignedString(key) // BAD
144144
return tokenString
145145
}
146146

147147
func iris12jwt2() interface{} {
148-
safeName := []byte("key13")
148+
key := []byte("key13")
149149

150150
s := &iris12.Signer{
151151
Alg: nil,
152-
Key: safeName, // BAD
152+
Key: key, // BAD
153153
MaxAge: 3 * time.Second,
154154
}
155155
return s
156156
}
157157

158158
func irisjwt3() interface{} {
159-
safeName := []byte("key14")
160-
signer := iris12.NewSigner(nil, safeName, 3*time.Second) // BAD
159+
key := []byte("key14")
160+
signer := iris12.NewSigner(nil, key, 3*time.Second) // BAD
161161
return signer
162162
}
163163

164164
func katarasJwt() interface{} {
165-
safeName := []byte("key15")
166-
token, _ := kataras.Sign(nil, safeName, nil, nil) // BAD
165+
key := []byte("key15")
166+
token, _ := kataras.Sign(nil, key, nil, nil) // BAD
167167
return token
168168
}
169169

170170
func katarasJwt2() interface{} {
171-
safeName := []byte("key16")
172-
token, _ := kataras.SignEncrypted(nil, safeName, nil, nil) // BAD
171+
key := []byte("key16")
172+
token, _ := kataras.SignEncrypted(nil, key, nil, nil) // BAD
173173
return token
174174
}
175175

176176
func katarasJwt3() interface{} {
177-
safeName := []byte("key17")
178-
token, _ := kataras.SignEncryptedWithHeader(nil, safeName, nil, nil, nil) // BAD
177+
key := []byte("key17")
178+
token, _ := kataras.SignEncryptedWithHeader(nil, key, nil, nil, nil) // BAD
179179
return token
180180
}
181181

182182
func katarasJwt4() interface{} {
183-
safeName := []byte("key18")
184-
token, _ := kataras.SignWithHeader(nil, safeName, nil, nil) // BAD
183+
key := []byte("key18")
184+
token, _ := kataras.SignWithHeader(nil, key, nil, nil) // BAD
185185
return token
186186
}
187187

188188
func katarasJwt5() {
189-
safeName := []byte("key19")
189+
key := []byte("key19")
190190
var keys kataras.Keys
191191
var alg kataras.Alg
192-
keys.Register(alg, "api", nil, safeName) // BAD
192+
keys.Register(alg, "api", nil, key) // BAD
193193
}

0 commit comments

Comments
 (0)