Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sdk #369

Merged
merged 1 commit into from
May 14, 2024

sdk

89337da
Select commit
Loading
Failed to load commit list.
Merged

sdk #369

sdk
89337da
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded May 14, 2024 in 13s

DryRun Security

Details

Authn/Authz Analyzer Findings: 3 detected

⚠️ Potential Authn/Authz Function Used or Modified sdk/pkg/clickhouse/config.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a Config struct that includes fields for a username and password, which are typically used for authentication purposes in web applications. The LoadConfig function loads the configuration from environment variables, which could include authentication-related variables such as CLICKHOUSE_USERNAME and CLICKHOUSE_PASSWORD.
Filename sdk/pkg/clickhouse/config.go
CodeLink
package clickhouse
import (
"github.com/kelseyhightower/envconfig"
)
type Config struct {
DBAddress string `envconfig:"DB_ADDRESS" default:"localhost"`
DBPort int `envconfig:"DB_PORT" default:"9000"`
Username string `envconfig:"CLICKHOUSE_USERNAME"`
Password string `envconfig:"CLICKHOUSE_PASSWORD"`
}
func LoadConfig() (*Config, error) {
var cfg Config
err := envconfig.Process("", &cfg)
if err != nil {
return nil, err
}
return &cfg, nil
}
⚠️ Potential Authn/Authz Function Used or Modified sdk/pkg/nats/config.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a Config struct that has fields for Address and Token, which are typically used for authentication or authorization in systems like NATS. The LoadConfig function is responsible for loading the configuration from environment variables, which could include sensitive authentication or authorization information.
Filename sdk/pkg/nats/config.go
CodeLink
package nats
import (
"github.com/kelseyhightower/envconfig"
)
type Config struct {
Address string `envconfig:"NATS_ADDRESS" default:"nats://localhost:4222"`
Token string `envconfig:"NATS_TOKEN"`
}
func LoadConfig() (*Config, error) {
var cfg Config
err := envconfig.Process("", &cfg)
if err != nil {
return nil, err
}
return &cfg, nil
}
⚠️ Potential Authn/Authz Function Used or Modified sdk/pkg/nats/config.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a Config struct with fields Address and Token, which are likely used for authentication or authorization purposes in the NATS messaging system. The Token field in particular suggests that the code may be handling some form of authentication or access control mechanism.
Filename sdk/pkg/nats/config.go
CodeLink
package nats
import (
"github.com/kelseyhightower/envconfig"
)
type Config struct {
Address string `envconfig:"NATS_ADDRESS" default:"nats://localhost:4222"`
Token string `envconfig:"NATS_TOKEN"`
}
func LoadConfig() (*Config, error) {
var cfg Config
err := envconfig.Process("", &cfg)
if err != nil {
return nil, err
}
return &cfg, nil
}