gosec/issue/issue_test.go

141 lines
3.7 KiB
Go
Raw Permalink Normal View History

2023-02-15 19:44:13 +00:00
package issue_test
import (
2017-09-16 01:12:27 +01:00
"go/ast"
2022-01-03 17:11:35 +00:00
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/securego/gosec/v2"
2023-02-15 19:44:13 +00:00
"github.com/securego/gosec/v2/issue"
"github.com/securego/gosec/v2/rules"
"github.com/securego/gosec/v2/testutils"
)
var _ = Describe("Issue", func() {
Context("when creating a new issue", func() {
2017-09-16 01:12:27 +01:00
It("should create a code snippet from the specified ast.Node", func() {
var target *ast.BasicLit
source := `package main
const foo = "bar"
func main(){
println(foo)
}
`
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
2017-09-16 01:12:27 +01:00
if node, ok := n.(*ast.BasicLit); ok {
target = node
return false
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
2023-02-15 19:44:13 +00:00
fobj := ctx.GetFileAtNodePos(target)
issue := issue.New(fobj, target, "TEST", "", issue.High, issue.High)
2017-09-16 01:12:27 +01:00
Expect(issue).ShouldNot(BeNil())
Expect(issue.Code).Should(MatchRegexp(`"bar"`))
2017-10-01 01:31:39 +01:00
Expect(issue.Line).Should(Equal("2"))
Expect(issue.Col).Should(Equal("16"))
Expect(issue.Cwe).Should(BeNil())
})
It("should return an error if specific context is not able to be obtained", func() {
Skip("Not implemented")
})
It("should construct file path based on line and file information", func() {
var target *ast.AssignStmt
source := `package main
import "fmt"
func main() {
username := "admin"
password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
fmt.Println("Doing something with: ", username, password)
}`
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if node, ok := n.(*ast.AssignStmt); ok {
if id, ok := node.Lhs[0].(*ast.Ident); ok && id.Name == "password" {
target = node
}
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
// Use hardcodeded rule to check assignment
cfg := gosec.NewConfig()
rule, _ := rules.NewHardcodedCredentials("TEST", cfg)
2023-02-15 19:44:13 +00:00
foundIssue, err := rule.Match(target, ctx)
Expect(err).ShouldNot(HaveOccurred())
2023-02-15 19:44:13 +00:00
Expect(foundIssue).ShouldNot(BeNil())
Expect(foundIssue.FileLocation()).Should(MatchRegexp("foo.go:5"))
})
It("should provide accurate line and file information", func() {
Skip("Not implemented")
})
2017-09-16 01:12:27 +01:00
It("should provide accurate line and file information for multi-line statements", func() {
var target *ast.CallExpr
source := `
package main
import (
"net"
)
func main() {
_, _ := net.Listen("tcp",
"0.0.0.0:2000")
}
`
2017-09-16 01:12:27 +01:00
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if node, ok := n.(*ast.CallExpr); ok {
2017-09-16 01:12:27 +01:00
target = node
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
cfg := gosec.NewConfig()
rule, _ := rules.NewBindsToAllNetworkInterfaces("TEST", cfg)
2017-09-16 01:12:27 +01:00
issue, err := rule.Match(target, ctx)
Expect(err).ShouldNot(HaveOccurred())
Expect(issue).ShouldNot(BeNil())
Expect(issue.File).Should(MatchRegexp("foo.go"))
Expect(issue.Line).Should(MatchRegexp("7-8"))
Expect(issue.Col).Should(Equal("10"))
2017-09-16 01:12:27 +01:00
})
It("should maintain the provided severity score", func() {
Skip("Not implemented")
})
It("should maintain the provided confidence score", func() {
Skip("Not implemented")
})
})
})