gitlab.bandit.B105

rules:
  - id: bandit.B105
    patterns:
      - pattern-either:
          - pattern: $MASK == "..."
          - pattern: $MASK = "..."
      - metavariable-regex:
          metavariable: $MASK
          regex: "[^\\[]*([Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|pass|passwd|pwd|secret|token|s\
            ecrete)[^\\]]*"
    message: |
      Possible hardcoded password
    metadata:
      cwe: "CWE-259: Use of Hard-coded Password"
      owasp: "A3: Broken Authentication and Session Management"
      primary_identifier: bandit.B105
      secondary_identifiers:
        - name: Bandit Test ID B105
          type: bandit_test_id
          value: B105
      license: MIT
    severity: INFO
    languages:
      - python