Check for hardcoded secret patterns in code

thesp0nge / dawnscanner

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

MIT License

737 stars 86 forks source link

Check for hardcoded secret patterns in code #231

Closed gaurabb closed 6 years ago

gaurabb commented 6 years ago

Issue: Hardcoded secrets in code still result in information disclosure issues on a regular basis. Dawnscanner does not flag these right now.

Resolution:

The scanner should run a pattern check for commonly used secret formats in code.
The patterns should be updatable to make the checks extensible.

gaurabb commented 6 years ago

Closing this. After re-reading the contributing doc realized that this should go in to my forked repo as I will not be able to assign this to myself here :)