mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
commit
235308f853
17 changed files with 154 additions and 53 deletions
|
@ -15,13 +15,11 @@
|
||||||
package core
|
package core
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"go/ast"
|
"go/ast"
|
||||||
"go/importer"
|
"go/importer"
|
||||||
"go/parser"
|
"go/parser"
|
||||||
"go/token"
|
"go/token"
|
||||||
"go/types"
|
"go/types"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
@ -59,27 +57,19 @@ type Analyzer struct {
|
||||||
Stats Metrics `json:"metrics"`
|
Stats Metrics `json:"metrics"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAnalyzer(ignoreNosec bool, conf *string, logger *log.Logger) Analyzer {
|
func NewAnalyzer(conf map[string]interface{}, logger *log.Logger) Analyzer {
|
||||||
if logger == nil {
|
if logger == nil {
|
||||||
logger = log.New(os.Stdout, "[gas]", 0)
|
logger = log.New(os.Stdout, "[gas]", 0)
|
||||||
}
|
}
|
||||||
a := Analyzer{
|
a := Analyzer{
|
||||||
ignoreNosec: ignoreNosec,
|
ignoreNosec: conf["ignoreNosec"].(bool),
|
||||||
ruleset: make(RuleSet),
|
ruleset: make(RuleSet),
|
||||||
Issues: make([]Issue, 0),
|
Issues: make([]Issue, 0),
|
||||||
context: Context{token.NewFileSet(), nil, nil, nil, nil, nil},
|
context: Context{token.NewFileSet(), nil, nil, nil, nil, nil},
|
||||||
logger: logger,
|
logger: logger,
|
||||||
}
|
}
|
||||||
|
|
||||||
if conf != nil && *conf != "" { // if we have a config
|
// TODO(tkelsey): use the inc/exc lists
|
||||||
if data, err := ioutil.ReadFile(*conf); err == nil {
|
|
||||||
if err := json.Unmarshal(data, &(a.context.Config)); err != nil {
|
|
||||||
logger.Fatal("Could not parse JSON config: ", *conf, ": ", err)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
logger.Fatal("Could not read config file: ", *conf)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return a
|
return a
|
||||||
}
|
}
|
||||||
|
|
61
main.go
61
main.go
|
@ -15,8 +15,10 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
@ -57,6 +59,51 @@ USAGE:
|
||||||
|
|
||||||
`
|
`
|
||||||
|
|
||||||
|
var logger *log.Logger
|
||||||
|
|
||||||
|
func extendConfList(conf map[string]interface{}, name string, input []string) {
|
||||||
|
if val, ok := conf[name]; ok {
|
||||||
|
if data, ok := val.(*[]string); ok {
|
||||||
|
conf[name] = append(*data, input...)
|
||||||
|
} else {
|
||||||
|
logger.Fatal("Config item must be a string list: ", name)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
conf[name] = []string{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func buildConfig(incRules string, excRules string) map[string]interface{} {
|
||||||
|
config := make(map[string]interface{})
|
||||||
|
if flagConfig != nil && *flagConfig != "" { // parse config if we have one
|
||||||
|
if data, err := ioutil.ReadFile(*flagConfig); err == nil {
|
||||||
|
if err := json.Unmarshal(data, &(config)); err != nil {
|
||||||
|
logger.Fatal("Could not parse JSON config: ", *flagConfig, ": ", err)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
logger.Fatal("Could not read config file: ", *flagConfig)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// add in CLI include and exclude data
|
||||||
|
extendConfList(config, "include", strings.Split(incRules, ","))
|
||||||
|
extendConfList(config, "exclude", strings.Split(excRules, ","))
|
||||||
|
|
||||||
|
// override ignoreNosec if given on CLI
|
||||||
|
if flagIgnoreNoSec != nil {
|
||||||
|
config["ignoreNosec"] = *flagIgnoreNoSec
|
||||||
|
} else {
|
||||||
|
val, ok := config["ignoreNosec"]
|
||||||
|
if !ok {
|
||||||
|
config["ignoreNosec"] = false
|
||||||
|
} else if _, ok := val.(bool); !ok {
|
||||||
|
logger.Fatal("Config value must be a bool: 'ignoreNosec'")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return config
|
||||||
|
}
|
||||||
|
|
||||||
func usage() {
|
func usage() {
|
||||||
fmt.Fprintln(os.Stderr, usageText)
|
fmt.Fprintln(os.Stderr, usageText)
|
||||||
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
||||||
|
@ -70,12 +117,18 @@ func main() {
|
||||||
|
|
||||||
// Exclude files
|
// Exclude files
|
||||||
var excluded filelist = []string{"*_test.go"}
|
var excluded filelist = []string{"*_test.go"}
|
||||||
flag.Var(&excluded, "exclude", "File pattern to exclude from scan")
|
flag.Var(&excluded, "skip", "File pattern to exclude from scan")
|
||||||
|
|
||||||
// Rule configuration
|
// Rule configuration
|
||||||
rules := newRulelist()
|
rules := newRulelist()
|
||||||
flag.Var(&rules, "rule", "GAS rules enabled when performing a scan")
|
flag.Var(&rules, "rule", "GAS rules enabled when performing a scan")
|
||||||
|
|
||||||
|
incRules := ""
|
||||||
|
flag.StringVar(&incRules, "include", "", "comma sperated list of rules to include")
|
||||||
|
|
||||||
|
excRules := ""
|
||||||
|
flag.StringVar(&excRules, "exclude", "", "comma sperated list of rules to exclude")
|
||||||
|
|
||||||
// Custom commands / utilities to run instead of default analyzer
|
// Custom commands / utilities to run instead of default analyzer
|
||||||
tools := newUtils()
|
tools := newUtils()
|
||||||
flag.Var(tools, "tool", "GAS utilities to assist with rule development")
|
flag.Var(tools, "tool", "GAS utilities to assist with rule development")
|
||||||
|
@ -84,7 +137,7 @@ func main() {
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
// Setup logging
|
// Setup logging
|
||||||
logger := log.New(os.Stderr, "[gas]", log.LstdFlags)
|
logger = log.New(os.Stderr, "[gas]", log.LstdFlags)
|
||||||
|
|
||||||
// Ensure at least one file was specified
|
// Ensure at least one file was specified
|
||||||
if flag.NArg() == 0 {
|
if flag.NArg() == 0 {
|
||||||
|
@ -101,7 +154,9 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup analyzer
|
// Setup analyzer
|
||||||
analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, flagConfig, logger)
|
config := buildConfig(incRules, excRules)
|
||||||
|
|
||||||
|
analyzer := gas.NewAnalyzer(config, logger)
|
||||||
if !rules.overwritten {
|
if !rules.overwritten {
|
||||||
rules.useDefaults()
|
rules.useDefaults()
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestBind0000(t *testing.T) {
|
func TestBind0000(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -42,7 +43,8 @@ func TestBind0000(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBindEmptyHost(t *testing.T) {
|
func TestBindEmptyHost(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestErrorsMulti(t *testing.T) {
|
func TestErrorsMulti(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -43,7 +44,8 @@ func TestErrorsMulti(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestErrorsSingle(t *testing.T) {
|
func TestErrorsSingle(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -65,7 +67,8 @@ func TestErrorsSingle(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestErrorsGood(t *testing.T) {
|
func TestErrorsGood(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestChmod(t *testing.T) {
|
func TestChmod(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewChmodPerms())
|
analyzer.AddRule(NewChmodPerms())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -36,7 +37,8 @@ func TestChmod(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestMkdir(t *testing.T) {
|
func TestMkdir(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewMkdirPerms())
|
analyzer.AddRule(NewMkdirPerms())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestHardcoded(t *testing.T) {
|
func TestHardcoded(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewHardcodedCredentials())
|
analyzer.AddRule(NewHardcodedCredentials())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestHttpoxy(t *testing.T) {
|
func TestHttpoxy(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestNosec(t *testing.T) {
|
func TestNosec(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -39,7 +40,8 @@ func TestNosec(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNosecBlock(t *testing.T) {
|
func TestNosecBlock(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -58,3 +60,22 @@ func TestNosecBlock(t *testing.T) {
|
||||||
|
|
||||||
checkTestResults(t, issues, 0, "None")
|
checkTestResults(t, issues, 0, "None")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNosecIgnore(t *testing.T) {
|
||||||
|
config := map[string]interface{}{"ignoreNosec": true}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
|
issues := gasTestRunner(
|
||||||
|
`package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
cmd := exec.Command("sh", "-c", config.Command) // #nosec
|
||||||
|
}`, analyzer)
|
||||||
|
|
||||||
|
checkTestResults(t, issues, 1, "Subprocess launching with variable.")
|
||||||
|
}
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRandOk(t *testing.T) {
|
func TestRandOk(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakRandCheck())
|
analyzer.AddRule(NewWeakRandCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -38,7 +39,8 @@ func TestRandOk(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRandBad(t *testing.T) {
|
func TestRandBad(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakRandCheck())
|
analyzer.AddRule(NewWeakRandCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRSAKeys(t *testing.T) {
|
func TestRSAKeys(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakKeyStrength())
|
analyzer.AddRule(NewWeakKeyStrength())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSQLInjectionViaConcatenation(t *testing.T) {
|
func TestSQLInjectionViaConcatenation(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -48,7 +49,8 @@ func TestSQLInjectionViaConcatenation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionViaIntepolation(t *testing.T) {
|
func TestSQLInjectionViaIntepolation(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -77,7 +79,8 @@ func TestSQLInjectionViaIntepolation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -112,7 +115,8 @@ func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -147,7 +151,8 @@ func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -182,7 +187,8 @@ func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveD(t *testing.T) {
|
func TestSQLInjectionFalsePositiveD(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSubprocess(t *testing.T) {
|
func TestSubprocess(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -48,7 +49,8 @@ func TestSubprocess(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessVar(t *testing.T) {
|
func TestSubprocessVar(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -75,7 +77,8 @@ func TestSubprocessVar(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessPath(t *testing.T) {
|
func TestSubprocessPath(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -101,7 +104,8 @@ func TestSubprocessPath(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessSyscall(t *testing.T) {
|
func TestSubprocessSyscall(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTempfiles(t *testing.T) {
|
func TestTempfiles(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBadTempFile())
|
analyzer.AddRule(NewBadTempFile())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTemplateCheckSafe(t *testing.T) {
|
func TestTemplateCheckSafe(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -48,7 +49,8 @@ func TestTemplateCheckSafe(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadHTML(t *testing.T) {
|
func TestTemplateCheckBadHTML(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -76,7 +78,8 @@ func TestTemplateCheckBadHTML(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadJS(t *testing.T) {
|
func TestTemplateCheckBadJS(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -104,7 +107,8 @@ func TestTemplateCheckBadJS(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadURL(t *testing.T) {
|
func TestTemplateCheckBadURL(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestInsecureSkipVerify(t *testing.T) {
|
func TestInsecureSkipVerify(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -49,7 +50,8 @@ func TestInsecureSkipVerify(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureMinVersion(t *testing.T) {
|
func TestInsecureMinVersion(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -77,7 +79,8 @@ func TestInsecureMinVersion(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureMaxVersion(t *testing.T) {
|
func TestInsecureMaxVersion(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -105,7 +108,8 @@ func TestInsecureMaxVersion(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureCipherSuite(t *testing.T) {
|
func TestInsecureCipherSuite(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestUnsafe(t *testing.T) {
|
func TestUnsafe(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewUsingUnsafe())
|
analyzer.AddRule(NewUsingUnsafe())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestMD5(t *testing.T) {
|
func TestMD5(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
@ -42,7 +43,8 @@ func TestMD5(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDES(t *testing.T) {
|
func TestDES(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
@ -81,7 +83,8 @@ func TestDES(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRC4(t *testing.T) {
|
func TestRC4(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue