actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 11:35:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gosec/testutils/g401_samples.go

70 lines
988 B
Go
Raw Permalink Normal View History

chore: Refactor Sample Code to Separate Files Split the code in `source.go` to individual sample files, one per rule. This will help contributors submit samples for new rules, or improvements to existing rules. The cgo sample was all that was left after refactoring, which resulted in its own sample file. Sample code was also formatted to have some level of consistency. Each sample go "file" attempts to keep the formatting of `gofmt`, and each code sample is in its own section in the sample file. Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2023-11-25 22:51:38 +00:00
package testutils
import "github.com/securego/gosec/v2"
var (
Split the G401 rule into two separate ones Now the G401 rule is split into hashing and encryption algorithms. G401 is responsible for checking the usage of MD5 and SHA1, with corresponding CWE of 328. And G405(New rule) is responsible for checking the usege of DES and RC4, with corresponding CWE of 327.
2024-06-20 12:02:59 +01:00
// SampleCodeG401 - Use of weak crypto hash MD5
chore: Refactor Sample Code to Separate Files Split the code in `source.go` to individual sample files, one per rule. This will help contributors submit samples for new rules, or improvements to existing rules. The cgo sample was all that was left after refactoring, which resulted in its own sample file. Sample code was also formatted to have some level of consistency. Each sample go "file" attempts to keep the formatting of `gofmt`, and each code sample is in its own section in the sample file. Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2023-11-25 22:51:38 +00:00
SampleCodeG401 = []CodeSample{
{[]string{`
package main
import (
"crypto/md5"
"fmt"
"io"
"log"
"os"
)
func main() {
f, err := os.Open("file.txt")
if err != nil {
log.Fatal(err)
}
defer f.Close()
defer func() {
err := f.Close()
if err != nil {
log.Printf("error closing the file: %s", err)
}
}()
h := md5.New()
if _, err := io.Copy(h, f); err != nil {
log.Fatal(err)
}
fmt.Printf("%x", h.Sum(nil))
}
`}, 1, gosec.NewConfig()},
}
Split the G401 rule into two separate ones Now the G401 rule is split into hashing and encryption algorithms. G401 is responsible for checking the usage of MD5 and SHA1, with corresponding CWE of 328. And G405(New rule) is responsible for checking the usege of DES and RC4, with corresponding CWE of 327.
2024-06-20 12:02:59 +01:00
// SampleCodeG401b - Use of weak crypto hash SHA1
chore: Refactor Sample Code to Separate Files Split the code in `source.go` to individual sample files, one per rule. This will help contributors submit samples for new rules, or improvements to existing rules. The cgo sample was all that was left after refactoring, which resulted in its own sample file. Sample code was also formatted to have some level of consistency. Each sample go "file" attempts to keep the formatting of `gofmt`, and each code sample is in its own section in the sample file. Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2023-11-25 22:51:38 +00:00
SampleCodeG401b = []CodeSample{
{[]string{`
package main
import (
"crypto/sha1"
"fmt"
"io"
"log"
"os"
)
func main() {
f, err := os.Open("file.txt")
if err != nil {
log.Fatal(err)
}
defer f.Close()
h := sha1.New()
if _, err := io.Copy(h, f); err != nil {
log.Fatal(err)
}
fmt.Printf("%x", h.Sum(nil))
}
`}, 1, gosec.NewConfig()},
}
)
Reference in a new issue Copy permalink