Feature: G101 match variable values and names

[morgenm]

I updated the HardcodedCredentials code to apply regex against the actual values themselves in assignment statements, valuespecs, and equalities. The intention is to search for secrets, such as API keys, by looking for the values. For example if we have:

key = "3490b39bc66f7e7730e8fa68041da2e4f7c0a6a8cb119466c3ddc5245bda1781"

this would previously not be caught by gosec, because gosec only looks at the variable names.

Now, with these changes, the code matches values too using a new regex pattern that will look for secrets such as this. I added a new config variable called "patternValue," with a default regex which searches for VirusTotal API keys (or other keys with the same format).

[ccojocar]

Thanks for this contribution. It looks good. Is this already covered by existing rule tests? If not, please could you add some test cases? Thanks again

[ccojocar]

There are some lint issues. Please could you fix them?

[audunmo]

I have some quick thoughts on the code here. As an aside, you could also install Talisman to solve this issue for yourself today.

Also, would probably be good to have a test case in this PR

[audunmo]

Don't mean to butt in here, just really excited about gosec 😄

[morgenm]

Don't mean to butt in here, just really excited about gosec smile

Thanks for the suggestions on my code changes. Please me know if there are any further suggestions or anything.

There are some lint issues. Please could you fix them?

I think I fixed them, I do not see any more issues on when running golangci-lint locally. I have no further changes unless anything else comes up.

[ccojocar]

@morgenm Thanks for addressing all review comments. The change looks good now.