public override void VisitVariableAccessSyntax(VariableAccessSyntax syntax) { // Look for references of secure parameters, e.g.: // // @secure() // param secureParam string // output badResult string = 'this is the value ${secureParam}' Symbol?symbol = model.GetSymbolInfo(syntax); if (symbol is ParameterSymbol param) { if (param.IsSecure()) { string foundMessage = string.Format(CoreResources.OutputsShouldNotContainSecretsSecureParam, syntax.Name.IdentifierName); this.diagnostics.Add(parent.CreateDiagnosticForSpan(syntax.Name.Span, foundMessage)); } } base.VisitVariableAccessSyntax(syntax); }
public override void VisitOutputDeclarationSyntax(OutputDeclarationSyntax syntax) { // Does the output name contain 'password' (suggesting it contains an actual password)? if (syntax.Name.IdentifierName.Contains("password", StringComparison.OrdinalIgnoreCase)) { string foundMessage = string.Format(CoreResources.OutputsShouldNotContainSecretsOutputName, syntax.Name.IdentifierName); this.diagnostics.Add(parent.CreateDiagnosticForSpan(syntax.Span, foundMessage)); } var visitor = new OutputValueVisitor(this.parent, diagnostics, model); visitor.Visit(syntax); // Note: No need to navigate deeper, don't call base }