actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gosec/rules/weakcrypto_test.go

115 lines
3.5 KiB
Go
Raw Normal View History

Initial public release
2016-07-20 11:02:01 +01:00
// (c) Copyright 2016 Hewlett Packard Enterprise Development LP
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package rules
import (
"testing"
Adding a config block to the analyzer, parsed from JSON A CLI option can now be given to tell GAS it should parse data from a JSON file. Fatal errors are given if the file is not readable or is not valid JSON.
2016-07-29 11:19:50 +01:00
gas "github.com/HewlettPackard/gas/core"
Initial public release
2016-07-20 11:02:01 +01:00
)
func TestMD5(t *testing.T) {
Configuration This re-works the way that CLI options are passed through to the analyzer so that they can act as overrides for config options. If not given on the CLI, options will come from a config file. If no file is used then a default value is chosen. Two lists are also populated with tests to include or exclude. These lists are not used for now but will eventually replace the way we select test to run in a future patch to follow.
2016-08-05 14:27:21 +01:00
config := map[string]interface{}{"ignoreNosec": false}
analyzer := gas.NewAnalyzer(config, nil)
Creating blacklist import rules Creating a new generic blacklist rule and removing the older specific ones. This will need configuration integration when we have some. The new test is immune to import aliasing but not shadowing
2016-08-05 12:58:27 +01:00
analyzer.AddRule(NewBlacklistImports())
Initial public release
2016-07-20 11:02:01 +01:00
analyzer.AddRule(NewUsesWeakCryptography())
issues := gasTestRunner(`
package main
import (
"crypto/md5"
"fmt"
"os"
)
func main() {
for _, arg := range os.Args {
fmt.Printf("%x - %s\n", md5.Sum([]byte(arg)), arg)
}
}
`, analyzer)
checkTestResults(t, issues, 2, "weak cryptographic")
}
func TestDES(t *testing.T) {
Configuration This re-works the way that CLI options are passed through to the analyzer so that they can act as overrides for config options. If not given on the CLI, options will come from a config file. If no file is used then a default value is chosen. Two lists are also populated with tests to include or exclude. These lists are not used for now but will eventually replace the way we select test to run in a future patch to follow.
2016-08-05 14:27:21 +01:00
config := map[string]interface{}{"ignoreNosec": false}
analyzer := gas.NewAnalyzer(config, nil)
Creating blacklist import rules Creating a new generic blacklist rule and removing the older specific ones. This will need configuration integration when we have some. The new test is immune to import aliasing but not shadowing
2016-08-05 12:58:27 +01:00
analyzer.AddRule(NewBlacklistImports())
Initial public release
2016-07-20 11:02:01 +01:00
analyzer.AddRule(NewUsesWeakCryptography())
issues := gasTestRunner(`
package main
import (
"crypto/cipher"
"crypto/des"
"crypto/rand"
"encoding/hex"
"fmt"
"io"
)
func main() {
block, err := des.NewCipher([]byte("sekritz"))
if err != nil {
panic(err)
}
plaintext := []byte("I CAN HAZ SEKRIT MSG PLZ")
ciphertext := make([]byte, des.BlockSize+len(plaintext))
iv := ciphertext[:des.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[des.BlockSize:], plaintext)
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}
`, analyzer)
checkTestResults(t, issues, 2, "weak cryptographic")
}
func TestRC4(t *testing.T) {
Configuration This re-works the way that CLI options are passed through to the analyzer so that they can act as overrides for config options. If not given on the CLI, options will come from a config file. If no file is used then a default value is chosen. Two lists are also populated with tests to include or exclude. These lists are not used for now but will eventually replace the way we select test to run in a future patch to follow.
2016-08-05 14:27:21 +01:00
config := map[string]interface{}{"ignoreNosec": false}
analyzer := gas.NewAnalyzer(config, nil)
Creating blacklist import rules Creating a new generic blacklist rule and removing the older specific ones. This will need configuration integration when we have some. The new test is immune to import aliasing but not shadowing
2016-08-05 12:58:27 +01:00
analyzer.AddRule(NewBlacklistImports())
Initial public release
2016-07-20 11:02:01 +01:00
analyzer.AddRule(NewUsesWeakCryptography())
issues := gasTestRunner(`
package main
import (
"crypto/rc4"
"encoding/hex"
"fmt"
)
func main() {
cipher, err := rc4.NewCipher([]byte("sekritz"))
if err != nil {
panic(err)
}
plaintext := []byte("I CAN HAZ SEKRIT MSG PLZ")
ciphertext := make([]byte, len(plaintext))
cipher.XORKeyStream(ciphertext, plaintext)
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}
`, analyzer)
checkTestResults(t, issues, 2, "weak cryptographic")
}
Reference in a new issue Copy permalink