lib/contrast/agent/assess/rule/provider/hardcoded_key.rb in contrast-agent-6.1.0 vs lib/contrast/agent/assess/rule/provider/hardcoded_key.rb in contrast-agent-6.1.1
- old
+ new
@@ -10,32 +10,31 @@
# of the application. A constant is a cryptographic key if:
# 1) the name contains a KEY_FIELD_NAME value
# 2) the value is a non-empty array of only Fixnums
class HardcodedKey
include Contrast::Agent::Assess::Rule::Provider::HardcodedValueRule
-
+ REDACTED_MARKER = ' = [**REDACTED**]'
NAME = 'hardcoded-key'
- def rule_id
- NAME
- end
-
# These are names, determined by the security team (Matt & Ar), that
# indicate a field is likely to be a password or secret token of some
# sort.
KEY_FIELD_NAMES = %w[KEY AES DES IV SECRET].cs__freeze
-
# These are markers whose presence indicates that a field is more
# likely to be a descriptor or requirement than an actual key.
# We should ignore fields that contain them.
NON_KEY_PARTIAL_NAMES = %w[CONTENT_CODES RESPONSE_CODES ERROR_CODES].cs__freeze
+ BYTE_HOLDERS = %i[ARRAY LIST].cs__freeze
+ def rule_id
+ NAME
+ end
+
def name_passes? constant_string
KEY_FIELD_NAMES.any? { |name| constant_string.index(name) } &&
NON_KEY_PARTIAL_NAMES.none? { |name| constant_string.index(name) }
end
- BYTE_HOLDERS = %i[ARRAY LIST].cs__freeze
# Determine if the given value node violates the hardcode key rule
# @param value_node [RubyVM::AbstractSyntaxTree::Node] the node to
# evaluate
# @return [Boolean]
def value_node_passes? value_node
@@ -64,10 +63,9 @@
end
true
end
- REDACTED_MARKER = ' = [**REDACTED**]'
def redacted_marker
REDACTED_MARKER
end
# A node is a bytes_call if it's the Node for String#bytes. We care