mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Merge pull request #150 from GoASTScanner/experimental
Use explicit packages in call lists
This commit is contained in:
commit
085e0f65af
7 changed files with 19 additions and 15 deletions
16
call_list.go
16
call_list.go
|
@ -61,14 +61,18 @@ func (c CallList) ContainsCallExpr(n ast.Node, ctx *Context) *ast.CallExpr {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Try direct resolution
|
||||
if c.Contains(selector, ident) {
|
||||
return n.(*ast.CallExpr)
|
||||
}
|
||||
|
||||
// Also support explicit path
|
||||
// Use only explicit path to reduce conflicts
|
||||
if path, ok := GetImportPath(selector, ctx); ok && c.Contains(path, ident) {
|
||||
return n.(*ast.CallExpr)
|
||||
}
|
||||
|
||||
/*
|
||||
// Try direct resolution
|
||||
if c.Contains(selector, ident) {
|
||||
log.Printf("c.Contains == true, %s, %s.", selector, ident)
|
||||
return n.(*ast.CallExpr)
|
||||
}
|
||||
*/
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@ var _ = Describe("call list", func() {
|
|||
ctx := pkg.CreateContext("md5.go")
|
||||
|
||||
// Search for md5.New()
|
||||
calls.Add("md5", "New")
|
||||
calls.Add("crypto/md5", "New")
|
||||
|
||||
// Stub out visitor and count number of matched call expr
|
||||
matched := 0
|
||||
|
|
|
@ -46,7 +46,7 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gas.Context) (*gas.Is
|
|||
func NewBindsToAllNetworkInterfaces(conf gas.Config) (gas.Rule, []ast.Node) {
|
||||
calls := gas.NewCallList()
|
||||
calls.Add("net", "Listen")
|
||||
calls.Add("tls", "Listen")
|
||||
calls.Add("crypto/tls", "Listen")
|
||||
return &bindsToAllNetworkInterfaces{
|
||||
calls: calls,
|
||||
pattern: regexp.MustCompile(`^(0.0.0.0|:).*$`),
|
||||
|
|
|
@ -39,7 +39,7 @@ func (w *weakKeyStrength) Match(n ast.Node, c *gas.Context) (*gas.Issue, error)
|
|||
// NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
|
||||
func NewWeakKeyStrength(conf gas.Config) (gas.Rule, []ast.Node) {
|
||||
calls := gas.NewCallList()
|
||||
calls.Add("rsa", "GenerateKey")
|
||||
calls.Add("crypto/rsa", "GenerateKey")
|
||||
bits := 2048
|
||||
return &weakKeyStrength{
|
||||
calls: calls,
|
||||
|
|
|
@ -52,7 +52,7 @@ func (r *subprocess) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) {
|
|||
// NewSubproc detects cases where we are forking out to an external process
|
||||
func NewSubproc(conf gas.Config) (gas.Rule, []ast.Node) {
|
||||
rule := &subprocess{gas.NewCallList()}
|
||||
rule.Add("exec", "Command")
|
||||
rule.Add("os/exec", "Command")
|
||||
rule.Add("syscall", "Exec")
|
||||
return rule, []ast.Node{(*ast.CallExpr)(nil)}
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ func (t *badTempFile) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
|
|||
// NewBadTempFile detects direct writes to predictable path in temporary directory
|
||||
func NewBadTempFile(conf gas.Config) (gas.Rule, []ast.Node) {
|
||||
calls := gas.NewCallList()
|
||||
calls.Add("ioutil", "WriteFile")
|
||||
calls.Add("io/ioutil", "WriteFile")
|
||||
calls.Add("os", "Create")
|
||||
return &badTempFile{
|
||||
calls: calls,
|
||||
|
|
|
@ -41,10 +41,10 @@ func (t *templateCheck) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) {
|
|||
func NewTemplateCheck(conf gas.Config) (gas.Rule, []ast.Node) {
|
||||
|
||||
calls := gas.NewCallList()
|
||||
calls.Add("template", "HTML")
|
||||
calls.Add("template", "HTMLAttr")
|
||||
calls.Add("template", "JS")
|
||||
calls.Add("template", "URL")
|
||||
calls.Add("html/template", "HTML")
|
||||
calls.Add("html/template", "HTMLAttr")
|
||||
calls.Add("html/template", "JS")
|
||||
calls.Add("html/template", "URL")
|
||||
return &templateCheck{
|
||||
calls: calls,
|
||||
MetaData: gas.MetaData{
|
||||
|
|
Loading…
Reference in a new issue