gosec/rules/blacklist_test.go

// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package rules

import (
	gas "github.com/GoASTScanner/gas/core"
	"testing"
)

const initOnlyImportSrc = `
package main
import (
	_ "crypto/md5"
	"fmt"
	"os"
)
func main() {
	for _, arg := range os.Args {
		fmt.Println(arg)
	}
}`

func TestInitOnlyImport(t *testing.T) {
	config := map[string]interface{}{"ignoreNosec": false}
	analyzer := gas.NewAnalyzer(config, nil)
	analyzer.AddRule(NewBlacklist_crypto_md5(config))
	issues := gasTestRunner(initOnlyImportSrc, analyzer)
	checkTestResults(t, issues, 0, "")
}
Ensure initialization only imports are ignored Blacklisted imports should not report failures when a module is imported for side-effects only using the blank identifier. Closes #59 2016-11-07 17:27:29 +00:00			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package rules`

			`import (`
			`gas "github.com/GoASTScanner/gas/core"`
			`"testing"`
			`)`

			const initOnlyImportSrc = `
			`package main`
			`import (`
			`_ "crypto/md5"`
			`"fmt"`
Correct bad test cases and intermitent failure The filelist test was non-deterministic and causing intermittent failures due to ordering. This change will ensure that the file list returns an ordered list of files in the String() method now. Additionally there were a number of test cases that the sample code was incorrect, or would not compile. These have also been corrected. 2017-03-15 15:47:40 +00:00			`"os"`
Ensure initialization only imports are ignored Blacklisted imports should not report failures when a module is imported for side-effects only using the blank identifier. Closes #59 2016-11-07 17:27:29 +00:00			`)`
			`func main() {`
			`for _, arg := range os.Args {`
			`fmt.Println(arg)`
			`}`
			}`

			`func TestInitOnlyImport(t *testing.T) {`
			`config := map[string]interface{}{"ignoreNosec": false}`
			`analyzer := gas.NewAnalyzer(config, nil)`
			`analyzer.AddRule(NewBlacklist_crypto_md5(config))`
			`issues := gasTestRunner(initOnlyImportSrc, analyzer)`
			`checkTestResults(t, issues, 0, "")`
			`}`