clear-api-token
Ast Rule: function call
clear-api-token
function visit(node, filename, code) {
// If filename starts or ends with test_ or _test, do not do anything
if(filename.includes("_test.py") || filename.startsWith("test_")) {
return;
}
// If the analyzer did not get the arguments or if there is no argument, exit
if(!node.arguments || !node.context || !node.arguments.values || node.arguments.values.length === 0) {
return;
}
if(node.moduleOrObject){
return;
}
if(!node.functionName || node.functionName.value !== "Config"){
return;
}
// Get the list of argument
const arguments = node.arguments.values;
const nbArguments = node.arguments.values.length;
node.context.imports.forEach(i => {
if (i.pkg) {
}
});
// Do we use the package we are looking for?
const useConfigImport = node.context.imports.filter(i => i.pkg && i.pkg.value === "ldclient.config" && i.elements && i.elements.map(e => e.name.value).includes("Config")).length > 0;
if (!useConfigImport){
return;
}
const argumentsValues = node.arguments.values.map(a => a.value && a.value);
if(argumentsValues && argumentsValues.length > 0){
const firstArgument = argumentsValues[0];
if (!firstArgument) {
return;
}
if(firstArgument.value.startsWith("\"") || firstArgument.value.startsWith("f\"")) {
// build the error
const error = buildError(firstArgument.start.line, firstArgument.start.col,
firstArgument.end.line, firstArgument.end.col,
"hardcoded credential", "CRITICAL", "SECURITY");
// report an error with a fix
addError(error);
}
}
}
hardcoded-credentials.py
Expected test result: has error