Class: Rails::Guarddog::Checkers::SecretsChecker

Inherits:

BaseChecker

Object
BaseChecker
Rails::Guarddog::Checkers::SecretsChecker

show all

Defined in:: lib/rails/guarddog/checkers/secrets_checker.rb

Constant Summary collapse

PATTERNS =

[
  /api[_-]?key\s*[=:]\s*['"][^'"]+['"]/i,
  /secret[_-]?key\s*[=:]\s*['"][^'"]+['"]/i,
  /password\s*[=:]\s*['"][^'"]+['"]/i,
  /token\s*[=:]\s*['"][^'"]+['"]/i
]

Instance Attribute Summary

Attributes inherited from BaseChecker

#findings

Instance Method Summary collapse

#run ⇒ Object

Methods inherited from BaseChecker

#initialize

Constructor Details

This class inherits a constructor from Rails::Guarddog::Checkers::BaseChecker

Instance Method Details

#run ⇒ `Object`

# File 'lib/rails/guarddog/checkers/secrets_checker.rb', line 12

def run
  %w[*.rb *.yml .env .env.local].each do |pattern|
    glob_files("**/{#{pattern}}").each do |file|
      next if file.include?('node_modules') || file.include?('vendor')
      content = File.read(file) rescue next
      content.each_line.with_index do |line, idx|
        PATTERNS.each do |pattern|
          if line.match?(pattern) && !line.strip.start_with?('#')
            add_finding(
              severity: :critical,
              message: "Hardcoded secret detected",
              file: file,
              line: idx + 1,
              remediation: "Use ENV variables or Rails credentials"
            )
          end
        end
      end
    end
  end
  findings
end

Class: Rails::Guarddog::Checkers::SecretsChecker

Constant Summary collapse

Instance Attribute Summary

Attributes inherited from BaseChecker

Instance Method Summary collapse

Methods inherited from BaseChecker

Constructor Details

Instance Method Details

#run ⇒ Object

#run ⇒ `Object`