feat: add secrets serialization G117 (#1451)

* Rule to detect secrets serialization * Add G117 to rules_test.go * Fix false positives * Map to CWE 499, update README
2026-01-15 01:33:41 +08:00 · 2026-01-04 16:21:22 +01:00
parent 717706e815
commit 0f6f21cb3f
8 changed files with 333 additions and 1 deletions
--- a/cwe/data.go
+++ b/cwe/data.go
@@ -118,6 +118,11 @@ var idWeaknesses = map[string]*Weakness{
 		Description: "The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.",
 		Name:        "Improper Handling of Highly Compressed Data (Data Amplification)",
 	},
+	"499": {
+		ID:          "499",
+		Description: "The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.",
+		Name:        "Serializable Class Containing Sensitive Data",
+	},
 	"676": {
 		ID:          "676",
 		Description: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.",