Harcoded credentials in associative array not detected #354
Comments
|
@rubenandre any idea what the 1 suppressed issue was? Could you investigate by running credscan directly? |
|
I run credscan directly (gitleaks) and the output does not show any issue.
|
|
@rubenandre this is going to require some testing. I think scan is looking for a minimum of 10 characters, where as your password is only 9 characters. https://github.com/ShiftLeftSecurity/sast-scan/blob/master/tools_config/credscan-config.toml#L177 Could you override the config and let me know how it looks? I'm happy to accept a PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The credscan component does not detect hardcoded credentials in a php associative array (also, potentially in multidimensional associative array).
Example Code:
Command output
scan-full-report.json output
{ "tool": { "driver": { "name": "PHP Security Audit", "version": "1.0.0-scan", "fullName": "PHP Security Audit" } }, "conversion": { "tool": { "driver": { "name": "@ShiftLeft/sast-scan" } }, "invocation": { "arguments": [ "psalm", "--report-show-info=false", "--show-snippet=true", "--find-dead-code=always", "--find-unused-code=always", "-m", "--no-progress", "--no-file-cache", "--no-suggestions", "--no-cache", "--root=/app", "--report=/app/reports/audit-php-report.json" ], "executionSuccessful": true, "commandLine": "psalm --report-show-info=false --show-snippet=true --find-dead-code=always --find-unused-code=always -m --no-progress --no-file-cache --no-suggestions --no-cache --root=/app --report=/app/reports/audit-php-report.json", "endTimeUtc": "2021-11-03T20:04:52Z", "workingDirectory": { "uri": "file:///Users/rubensilva/Documents/test" } } }, "invocations": [ { "executionSuccessful": true, "endTimeUtc": "2021-11-03T20:04:52Z", "workingDirectory": { "uri": "file:///Users/rubensilva/Documents/test" } } ], "properties": { "metrics": { "total": 0, "critical": 0, "high": 0, "medium": 0, "low": 0 } }, "results": [], "automationDetails": { "description": { "text": "Static Analysis Security Test results using @ShiftLeft/sast-scan" }, "guid": "ea768dc9-e149-4363-8078-859d1b7b8acf" }, "versionControlProvenance": [ { "branch": "", "repositoryUri": "", "revisionId": "" } ] } { "tool": { "driver": { "name": "PHP Security Analysis", "version": "1.0.0-scan", "fullName": "PHP Security Analysis" } }, "conversion": { "tool": { "driver": { "name": "@ShiftLeft/sast-scan" } }, "invocation": { "arguments": [ "/opt/phpsast/vendor/bin/psalm", "--report-show-info=false", "--show-snippet=true", "--taint-analysis", "-m", "--no-progress", "--no-file-cache", "--no-suggestions", "--no-cache", "--root=/app", "--report=/app/reports/taint-php-report.json" ], "executionSuccessful": true, "commandLine": "/opt/phpsast/vendor/bin/psalm --report-show-info=false --show-snippet=true --taint-analysis -m --no-progress --no-file-cache --no-suggestions --no-cache --root=/app --report=/app/reports/taint-php-report.json", "endTimeUtc": "2021-11-03T20:04:53Z", "workingDirectory": { "uri": "file:///Users/rubensilva/Documents/test" } } }, "invocations": [ { "executionSuccessful": true, "endTimeUtc": "2021-11-03T20:04:53Z", "workingDirectory": { "uri": "file:///Users/rubensilva/Documents/test" } } ], "properties": { "metrics": { "total": 0, "critical": 0, "high": 0, "medium": 0, "low": 0 } }, "results": [], "automationDetails": { "description": { "text": "Static Analysis Security Test results using @ShiftLeft/sast-scan" }, "guid": "82b810db-1793-493a-9427-cb87e7a46be9" }, "versionControlProvenance": [ { "branch": "", "repositoryUri": "", "revisionId": "" } ] }The text was updated successfully, but these errors were encountered: