gosec/config_test.go

package gosec_test

import (
	"bytes"
	"strings"

	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"

	"github.com/securego/gosec/v2"
)

var _ = Describe("Configuration", func() {
	var configuration gosec.Config
	BeforeEach(func() {
		configuration = gosec.NewConfig()
	})

	Context("when loading from disk", func() {
		It("should be possible to load configuration from a file", func() {
			json := `{"G101": {}}`
			buffer := bytes.NewBufferString(json)
			nread, err := configuration.ReadFrom(buffer)
			Expect(nread).Should(Equal(int64(len(json))))
			Expect(err).ShouldNot(HaveOccurred())
		})

		It("should return an error if configuration file is invalid", func() {
			var err error
			invalidBuffer := bytes.NewBuffer([]byte{0xc0, 0xff, 0xee})
			_, err = configuration.ReadFrom(invalidBuffer)
			Expect(err).Should(HaveOccurred())

			emptyBuffer := bytes.NewBuffer([]byte{})
			_, err = configuration.ReadFrom(emptyBuffer)
			Expect(err).Should(HaveOccurred())
		})
	})

	Context("when saving to disk", func() {
		It("should be possible to save an empty configuration to file", func() {
			expected := `{"global":{}}`
			buffer := bytes.NewBuffer([]byte{})
			nbytes, err := configuration.WriteTo(buffer)
			Expect(int(nbytes)).Should(Equal(len(expected)))
			Expect(err).ShouldNot(HaveOccurred())
			Expect(buffer.String()).Should(Equal(expected))
		})

		It("should be possible to save configuration to file", func() {
			configuration.Set("G101", map[string]string{
				"mode": "strict",
			})

			buffer := bytes.NewBuffer([]byte{})
			nbytes, err := configuration.WriteTo(buffer)
			Expect(int(nbytes)).ShouldNot(BeZero())
			Expect(err).ShouldNot(HaveOccurred())
			Expect(buffer.String()).Should(Equal(`{"G101":{"mode":"strict"},"global":{}}`))
		})
	})

	Context("when configuring rules", func() {
		It("should be possible to get configuration for a rule", func() {
			settings := map[string]string{
				"ciphers": "AES256-GCM",
			}
			configuration.Set("G101", settings)

			retrieved, err := configuration.Get("G101")
			Expect(err).ShouldNot(HaveOccurred())
			Expect(retrieved).Should(HaveKeyWithValue("ciphers", "AES256-GCM"))
			Expect(retrieved).ShouldNot(HaveKey("foobar"))
		})
	})

	Context("when using global configuration options", func() {
		It("should have a default global section", func() {
			settings, err := configuration.Get("global")
			Expect(err).ShouldNot(HaveOccurred())
			expectedType := make(map[gosec.GlobalOption]string)
			Expect(settings).Should(BeAssignableToTypeOf(expectedType))
		})

		It("should save global settings to correct section", func() {
			configuration.SetGlobal(gosec.Nosec, "enabled")
			settings, err := configuration.Get("global")
			Expect(err).ShouldNot(HaveOccurred())
			if globals, ok := settings.(map[gosec.GlobalOption]string); ok {
				Expect(globals["nosec"]).Should(MatchRegexp("enabled"))
			} else {
				Fail("globals are not defined as map")
			}

			setValue, err := configuration.GetGlobal(gosec.Nosec)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(setValue).Should(MatchRegexp("enabled"))
		})

		It("should find global settings which are enabled", func() {
			configuration.SetGlobal(gosec.Nosec, "enabled")
			enabled, err := configuration.IsGlobalEnabled(gosec.Nosec)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(enabled).Should(BeTrue())
		})

		It("should parse the global settings of type string from file", func() {
			config := `
			{
				"global": {
					"nosec": "enabled"
				}
			}`
			cfg := gosec.NewConfig()
			_, err := cfg.ReadFrom(strings.NewReader(config))
			Expect(err).ShouldNot(HaveOccurred())

			value, err := cfg.GetGlobal(gosec.Nosec)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(value).Should(Equal("enabled"))
		})
		It("should parse the global settings of other types from file", func() {
			config := `
			{
				"global": {
					"nosec": true
				}
			}`
			cfg := gosec.NewConfig()
			_, err := cfg.ReadFrom(strings.NewReader(config))
			Expect(err).ShouldNot(HaveOccurred())

			value, err := cfg.GetGlobal(gosec.Nosec)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(value).Should(Equal("true"))
		})
	})
})
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`package gosec_test`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00
			`import (`
			`"bytes"`
Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00			`"strings"`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00
Update to ginkgo v2 (#753) 2022-01-03 17:11:35 +00:00			`. "github.com/onsi/ginkgo/v2"`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`. "github.com/onsi/gomega"`
correct gci linter (#946) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-03-30 08:31:24 +01:00
Handle properly the gosec module version v2 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2020-04-01 21:18:39 +01:00			`"github.com/securego/gosec/v2"`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`)`

			`var _ = Describe("Configuration", func() {`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`var configuration gosec.Config`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`BeforeEach(func() {`
Replace gas with gosec everywhere in the project 2018-07-19 17:42:25 +01:00			`configuration = gosec.NewConfig()`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`})`

			`Context("when loading from disk", func() {`
			`It("should be possible to load configuration from a file", func() {`
			json := `{"G101": {}}`
			`buffer := bytes.NewBufferString(json)`
			`nread, err := configuration.ReadFrom(buffer)`
			`Expect(nread).Should(Equal(int64(len(json))))`
			`Expect(err).ShouldNot(HaveOccurred())`
			`})`

			`It("should return an error if configuration file is invalid", func() {`
			`var err error`
			`invalidBuffer := bytes.NewBuffer([]byte{0xc0, 0xff, 0xee})`
			`_, err = configuration.ReadFrom(invalidBuffer)`
			`Expect(err).Should(HaveOccurred())`

			`emptyBuffer := bytes.NewBuffer([]byte{})`
			`_, err = configuration.ReadFrom(emptyBuffer)`
			`Expect(err).Should(HaveOccurred())`
			`})`
			`})`

			`Context("when saving to disk", func() {`
			`It("should be possible to save an empty configuration to file", func() {`
			expected := `{"global":{}}`
			`buffer := bytes.NewBuffer([]byte{})`
			`nbytes, err := configuration.WriteTo(buffer)`
			`Expect(int(nbytes)).Should(Equal(len(expected)))`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(buffer.String()).Should(Equal(expected))`
			`})`

			`It("should be possible to save configuration to file", func() {`
			`configuration.Set("G101", map[string]string{`
			`"mode": "strict",`
			`})`

			`buffer := bytes.NewBuffer([]byte{})`
			`nbytes, err := configuration.WriteTo(buffer)`
			`Expect(int(nbytes)).ShouldNot(BeZero())`
			`Expect(err).ShouldNot(HaveOccurred())`
			Expect(buffer.String()).Should(Equal(`{"G101":{"mode":"strict"},"global":{}}`))
			`})`
			`})`

			`Context("when configuring rules", func() {`
			`It("should be possible to get configuration for a rule", func() {`
			`settings := map[string]string{`
			`"ciphers": "AES256-GCM",`
			`}`
			`configuration.Set("G101", settings)`

			`retrieved, err := configuration.Get("G101")`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(retrieved).Should(HaveKeyWithValue("ciphers", "AES256-GCM"))`
			`Expect(retrieved).ShouldNot(HaveKey("foobar"))`
			`})`
			`})`

			`Context("when using global configuration options", func() {`
			`It("should have a default global section", func() {`
			`settings, err := configuration.Get("global")`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00			`expectedType := make(map[gosec.GlobalOption]string)`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`Expect(settings).Should(BeAssignableToTypeOf(expectedType))`
			`})`

			`It("should save global settings to correct section", func() {`
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00			`configuration.SetGlobal(gosec.Nosec, "enabled")`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`settings, err := configuration.Get("global")`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00			`if globals, ok := settings.(map[gosec.GlobalOption]string); ok {`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`Expect(globals["nosec"]).Should(MatchRegexp("enabled"))`
			`} else {`
			`Fail("globals are not defined as map")`
			`}`

Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00			`setValue, err := configuration.GetGlobal(gosec.Nosec)`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`Expect(setValue).Should(MatchRegexp("enabled"))`
			`})`
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00
			`It("should find global settings which are enabled", func() {`
			`configuration.SetGlobal(gosec.Nosec, "enabled")`
			`enabled, err := configuration.IsGlobalEnabled(gosec.Nosec)`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) * Define more explicit the global options in the configuration * Detect in audit mode the unhandled errors even thought they are explicitly ignored 2019-01-14 11:37:40 +00:00			`Expect(enabled).Should(BeTrue())`
			`})`

Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00			`It("should parse the global settings of type string from file", func() {`
			config := `
			`{`
			`"global": {`
			`"nosec": "enabled"`
			`}`
			}`
			`cfg := gosec.NewConfig()`
			`_, err := cfg.ReadFrom(strings.NewReader(config))`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00
			`value, err := cfg.GetGlobal(gosec.Nosec)`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00			`Expect(value).Should(Equal("enabled"))`
			`})`
			`It("should parse the global settings of other types from file", func() {`
			config := `
			`{`
			`"global": {`
			`"nosec": true`
			`}`
			}`
			`cfg := gosec.NewConfig()`
			`_, err := cfg.ReadFrom(strings.NewReader(config))`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00
			`value, err := cfg.GetGlobal(gosec.Nosec)`
enable ginkgolinter linter (#948) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-04-04 07:52:59 +01:00			`Expect(err).ShouldNot(HaveOccurred())`
Convert the global settings to correct type when reading them from file (#399) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2019-10-08 08:44:17 +01:00			`Expect(value).Should(Equal("true"))`
			`})`
			`})`
Major rework of codebase - Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API 2017-07-19 22:17:00 +01:00			`})`