actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 11:35:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix lint warnings by properly formatting the files

Browse source 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
Cosmin Cojocar 2023-12-08 14:30:54 +01:00 committed by Cosmin Cojocar
parent 0e2a61899a
commit 2aad3f02a5
32 changed files with 259 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
testutils/cgo_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeCgo - Cgo file sample
SampleCodeCgo = []CodeSample{
{[]string{`
// SampleCodeCgo - Cgo file sample
var SampleCodeCgo = []CodeSample{
{[]string{`
package main
import (
@ -48,5 +47,4 @@ func main() {
C.printData(cData)
}
`}, 0, gosec.NewConfig()},
}
)
}

26
testutils/g102_samples.go
View file

@ -2,11 +2,10 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG102 code snippets for network binding
SampleCodeG102 = []CodeSample{
// Bind to all networks explicitly
{[]string{`
// SampleCodeG102 code snippets for network binding
var SampleCodeG102 = []CodeSample{
// Bind to all networks explicitly
{[]string{`
package main
import (
@ -22,8 +21,8 @@ func main() {
defer l.Close()
}
`}, 1, gosec.NewConfig()},
// Bind to all networks implicitly (default if host omitted)
{[]string{`
// Bind to all networks implicitly (default if host omitted)
{[]string{`
package main
import (
@ -39,8 +38,8 @@ func main() {
defer l.Close()
}
`}, 1, gosec.NewConfig()},
// Bind to all networks indirectly through a parsing function
{[]string{`
// Bind to all networks indirectly through a parsing function
{[]string{`
package main
import (
@ -61,8 +60,8 @@ func main() {
defer l.Close()
}
`}, 1, gosec.NewConfig()},
// Bind to all networks indirectly through a parsing function
{[]string{`
// Bind to all networks indirectly through a parsing function
{[]string{`
package main
import (
@ -84,7 +83,7 @@ func main() {
defer l.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -102,5 +101,4 @@ func main() {
defer l.Close()
}
`}, 1, gosec.NewConfig()},
}
)
}

14
testutils/g103_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
SampleCodeG103 = []CodeSample{
{[]string{`
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
var SampleCodeG103 = []CodeSample{
{[]string{`
package main
import (
@ -29,7 +28,7 @@ func main() {
fmt.Printf("\nintPtr=%p, *intPtr=%d.\n\n", intPtr, *intPtr)
}
`}, 2, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -46,7 +45,7 @@ func main() {
fmt.Printf("ptr: %p\n", ptr)
}
`}, 2, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -63,5 +62,4 @@ func main() {
fmt.Printf("ptr: %p\n", ptr)
}
`}, 2, gosec.NewConfig()},
}
)
}

10
testutils/g106_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG106 - ssh InsecureIgnoreHostKey
SampleCodeG106 = []CodeSample{
{[]string{`
// SampleCodeG106 - ssh InsecureIgnoreHostKey
var SampleCodeG106 = []CodeSample{
{[]string{`
package main
import (
@ -16,5 +15,4 @@ func main() {
_ = ssh.InsecureIgnoreHostKey()
}
`}, 1, gosec.NewConfig()},
}
)
}

26
testutils/g107_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG107 - SSRF via http requests with variable url
SampleCodeG107 = []CodeSample{
{[]string{`
// SampleCodeG107 - SSRF via http requests with variable url
var SampleCodeG107 = []CodeSample{
{[]string{`
// Input from the std in is considered insecure
package main
import (
@ -33,7 +32,7 @@ func main() {
fmt.Printf("%s", body)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Variable defined a package level can be changed at any time
// regardless of the initial value
package main
@ -58,7 +57,7 @@ func main() {
}
fmt.Printf("%s", body)
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Environmental variables are not considered as secure source
package main
import (
@ -81,7 +80,7 @@ func main() {
fmt.Printf("%s", body)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Constant variables or hard-coded strings are secure
package main
@ -98,7 +97,7 @@ func main() {
fmt.Println(resp.Status)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// A variable at function scope which is initialized to
// a constant string is secure (e.g. cannot be changed concurrently)
package main
@ -116,7 +115,7 @@ func main() {
fmt.Println(resp.Status)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// A variable at function scope which is initialized to
// a constant string is secure (e.g. cannot be changed concurrently)
package main
@ -134,7 +133,7 @@ func main() {
fmt.Println(resp.Status)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// A variable at function scope which is initialized to
// a constant string is secure (e.g. cannot be changed concurrently)
package main
@ -154,7 +153,7 @@ func main() {
fmt.Println(resp.Status)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// An exported variable declared a packaged scope is not secure
// because it can changed at any time
package main
@ -174,7 +173,7 @@ func main() {
fmt.Println(resp.Status)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// An url provided as a function argument is not secure
package main
@ -194,5 +193,4 @@ func main() {
get(url)
}
`}, 1, gosec.NewConfig()},
}
)
}

12
testutils/g108_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG108 - pprof endpoint automatically exposed
SampleCodeG108 = []CodeSample{
{[]string{`
// SampleCodeG108 - pprof endpoint automatically exposed
var SampleCodeG108 = []CodeSample{
{[]string{`
package main
import (
@ -22,7 +21,7 @@ func main() {
log.Fatal(http.ListenAndServe(":8080", nil))
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -38,5 +37,4 @@ func main() {
log.Fatal(http.ListenAndServe(":8080", nil))
}
`}, 0, gosec.NewConfig()},
}
)
}

20
testutils/g109_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG109 - Potential Integer OverFlow
SampleCodeG109 = []CodeSample{
{[]string{`
// SampleCodeG109 - Potential Integer OverFlow
var SampleCodeG109 = []CodeSample{
{[]string{`
package main
import (
@ -22,7 +21,7 @@ func main() {
fmt.Println(value)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -40,7 +39,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -56,7 +55,7 @@ func main() {
fmt.Println(bigValue)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -79,7 +78,7 @@ func test() {
fmt.Println(value)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -97,7 +96,7 @@ func main() {
fmt.Println(v)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -110,5 +109,4 @@ func main() {
fmt.Println(b, err)
}
`}, 0, gosec.NewConfig()},
}
)
}

16
testutils/g110_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG110 - potential DoS vulnerability via decompression bomb
SampleCodeG110 = []CodeSample{
{[]string{`
// SampleCodeG110 - potential DoS vulnerability via decompression bomb
var SampleCodeG110 = []CodeSample{
{[]string{`
package main
import (
@ -31,7 +30,7 @@ func main() {
r.Close()
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -58,7 +57,7 @@ func main() {
r.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -97,7 +96,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -124,5 +123,4 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
}
)
}

10
testutils/g111_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG111 - potential directory traversal
SampleCodeG111 = []CodeSample{
{[]string{`
// SampleCodeG111 - potential directory traversal
var SampleCodeG111 = []CodeSample{
{[]string{`
package main
import (
@ -25,5 +24,4 @@ func HelloServer(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
}
`}, 1, gosec.NewConfig()},
}
)
}

16
testutils/g112_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG112 - potential slowloris attack
SampleCodeG112 = []CodeSample{
{[]string{`
// SampleCodeG112 - potential slowloris attack
var SampleCodeG112 = []CodeSample{
{[]string{`
package main
import (
@ -25,7 +24,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -48,7 +47,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -71,7 +70,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -103,5 +102,4 @@ func main() {
fmt.Print("test")
}
`}, 0, gosec.NewConfig()},
}
)
}

10
testutils/g113_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow
SampleCodeG113 = []CodeSample{
{[]string{`
// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow
var SampleCodeG113 = []CodeSample{
{[]string{`
package main
import (
@ -20,5 +19,4 @@ func main() {
fmt.Println(r)
}
`}, 1, gosec.NewConfig()},
}
)
}

16
testutils/g114_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts
SampleCodeG114 = []CodeSample{
{[]string{`
// SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts
var SampleCodeG114 = []CodeSample{
{[]string{`
package main
import (
@ -18,7 +17,7 @@ func main() {
log.Fatal(err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -31,7 +30,7 @@ func main() {
log.Fatal(err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -50,7 +49,7 @@ func main() {
log.Fatal(err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -69,5 +68,4 @@ func main() {
log.Fatal(err)
}
`}, 1, gosec.NewConfig()},
}
)
}

40
testutils/g201_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{
{[]string{`
// SampleCodeG201 - SQL injection via format string
var SampleCodeG201 = []CodeSample{
{[]string{`
// Format string without proper quoting
package main
@ -28,7 +27,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string without proper quoting case insensitive
package main
@ -51,7 +50,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string without proper quoting with context
package main
import (
@ -74,7 +73,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string without proper quoting with transaction
package main
import (
@ -105,7 +104,7 @@ func main(){
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string false positive, safe string spec.
package main
@ -128,7 +127,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string false positive
package main
@ -150,7 +149,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string false positive, quoted formatter argument.
package main
@ -174,7 +173,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// false positive
package main
@ -197,7 +196,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
"fmt"
@ -207,7 +206,7 @@ func main(){
fmt.Sprintln()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string with \n\r
package main
@ -230,7 +229,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Format string with \n\r
package main
@ -253,7 +252,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// SQLI by db.Query(some).Scan(&other)
package main
@ -277,7 +276,7 @@ func main() {
}
defer db.Close()
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// SQLI by db.Query(some).Scan(&other)
package main
@ -300,7 +299,7 @@ func main() {
}
defer db.Close()
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// SQLI by db.Prepare(some)
package main
@ -333,7 +332,7 @@ func main() {
defer stmt.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// SQLI by db.PrepareContext(some)
package main
@ -367,7 +366,7 @@ func main() {
defer stmt.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// false positive
package main
@ -399,5 +398,4 @@ func main() {
defer stmt.Close()
}
`}, 0, gosec.NewConfig()},
}
)
}

32
testutils/g202_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG202 - SQL query string building via string concatenation
SampleCodeG202 = []CodeSample{
{[]string{`
// SampleCodeG202 - SQL query string building via string concatenation
var SampleCodeG202 = []CodeSample{
{[]string{`
// infixed concatenation
package main
@ -28,7 +27,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -48,7 +47,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// case insensitive match
package main
@ -69,7 +68,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// context match
package main
@ -91,7 +90,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// DB transaction check
package main
@ -121,7 +120,7 @@ func main(){
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// multiple string concatenation
package main
@ -142,7 +141,7 @@ func main(){
defer rows.Close()
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// false positive
package main
@ -163,7 +162,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -186,7 +185,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
const gender = "M"
@ -213,7 +212,7 @@ func main(){
defer rows.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// ExecContext match
package main
@ -235,7 +234,7 @@ func main() {
}
fmt.Println(result)
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Exec match
package main
@ -256,7 +255,7 @@ func main() {
}
fmt.Println(result)
}`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -280,5 +279,4 @@ func main() {
fmt.Println(result)
}
`}, 0, gosec.NewConfig()},
}
)
}

16
testutils/g203_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG203 - Template checks
SampleCodeG203 = []CodeSample{
{[]string{`
// SampleCodeG203 - Template checks
var SampleCodeG203 = []CodeSample{
{[]string{`
// We assume that hardcoded template strings are safe as the programmer would
// need to be explicitly shooting themselves in the foot (as below)
package main
@ -26,7 +25,7 @@ func main() {
t.Execute(os.Stdout, v)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Using a variable to initialize could potentially be dangerous. Under the
// current model this will likely produce some false positives.
package main
@ -48,7 +47,7 @@ func main() {
t.Execute(os.Stdout, v)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -68,7 +67,7 @@ func main() {
t.Execute(os.Stdout, v)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -88,5 +87,4 @@ func main() {
t.Execute(os.Stdout, v)
}
`}, 1, gosec.NewConfig()},
}
)
}

35
testutils/g204_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG204 - Subprocess auditing
SampleCodeG204 = []CodeSample{
{[]string{`
// SampleCodeG204 - Subprocess auditing
var SampleCodeG204 = []CodeSample{
{[]string{`
package main
import (
@ -22,7 +21,7 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Calling any function which starts a new process with using
// command line arguments as it's arguments is considered dangerous
package main
@ -42,7 +41,7 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Initializing a local variable using a environmental
// variable is consider as a dangerous user input
package main
@ -65,7 +64,7 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// gosec doesn't have enough context to decide that the
// command argument of the RunCmd function is hardcoded string
// and that's why it's better to warn the user so he can audit it
@ -90,7 +89,7 @@ func main() {
RunCmd("sleep")
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -120,7 +119,7 @@ func main() {
RunCmd("ll", "ls")
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// syscall.Exec function called with hardcoded arguments
// shouldn't be consider as a command injection
package main
@ -137,8 +136,8 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{
[]string{`
{
[]string{`
package main
import (
@ -156,8 +155,9 @@ func RunCmd(command string) {
func main() {
RunCmd("sleep")
}
`}, 1, gosec.NewConfig()},
{[]string{`
`}, 1, gosec.NewConfig(),
},
{[]string{`
package main
import (
@ -176,7 +176,7 @@ func main() {
RunCmd("sleep")
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// starting a process with a variable as an argument
// even if not constant is not considered as dangerous
// because it has hardcoded value
@ -199,7 +199,7 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// exec.Command from supplemental package sys/execabs
// using variable arguments
package main
@ -219,7 +219,7 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Initializing a local variable using a environmental
// variable is consider as a dangerous user input
package main
@ -242,5 +242,4 @@ func main() {
log.Printf("Command finished with error: %v", err)
}
`}, 1, gosec.NewConfig()},
}
)
}

13
testutils/g301_samples.go
View file

@ -2,9 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var ( // SampleCodeG301 - mkdir permission check
SampleCodeG301 = []CodeSample{
{[]string{`
// SampleCodeG301 - mkdir permission check
var SampleCodeG301 = []CodeSample{
{[]string{`
package main
import (
@ -20,7 +20,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -36,7 +36,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -52,5 +52,4 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
}
)
}

16
testutils/g302_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG302 - file create / chmod permissions check
SampleCodeG302 = []CodeSample{
{[]string{`
// SampleCodeG302 - file create / chmod permissions check
var SampleCodeG302 = []CodeSample{
{[]string{`
package main
import (
@ -21,7 +20,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -37,7 +36,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -53,7 +52,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -69,5 +68,4 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
}
)
}

10
testutils/g303_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG303 - bad tempfile permissions & hardcoded shared path
SampleCodeG303 = []CodeSample{
{[]string{`
// SampleCodeG303 - bad tempfile permissions & hardcoded shared path
var SampleCodeG303 = []CodeSample{
{[]string{`
package samples
import (
@ -57,5 +56,4 @@ func main() {
}
}
`}, 9, gosec.NewConfig()},
}
)
}

34
testutils/g304_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{
{[]string{`
// SampleCodeG304 - potential file inclusion vulnerability
var SampleCodeG304 = []CodeSample{
{[]string{`
package main
import (
@ -24,7 +23,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -42,7 +41,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -68,7 +67,7 @@ func main() {
log.Fatal(http.ListenAndServe(":3000", nil))
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -94,7 +93,7 @@ func main() {
log.Fatal(http.ListenAndServe(":3000", nil))
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -112,7 +111,7 @@ import (
log.Print(body)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -138,7 +137,7 @@ func main() {
fmt.Println(string(contents))
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -159,7 +158,7 @@ func main() {
log.Print(body)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -176,7 +175,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -196,7 +195,7 @@ func main() {
openFile(repoFile)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -219,7 +218,7 @@ func main() {
openFile(dir, repoFile)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -239,7 +238,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -271,7 +270,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -303,5 +302,4 @@ package main
var THEWD string
`}, 0, gosec.NewConfig()},
}
)
}

16
testutils/g305_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG305 - File path traversal when extracting zip/tar archives
SampleCodeG305 = []CodeSample{
{[]string{`
// SampleCodeG305 - File path traversal when extracting zip/tar archives
var SampleCodeG305 = []CodeSample{
{[]string{`
package unzip
import (
@ -52,7 +51,7 @@ func unzip(archive, target string) error {
return nil
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package unzip
import (
@ -100,7 +99,7 @@ func unzip(archive, target string) error {
return nil
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package zip
import (
@ -140,7 +139,7 @@ func extractFile(f *zip.File, destPath string) error {
return os.Chmod(filePath, f.FileInfo().Mode())
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package tz
import (
@ -174,5 +173,4 @@ func extractFile(f *tar.Header, tr *tar.Reader, destPath string) error {
return os.Chmod(filePath, f.FileInfo().Mode())
}
`}, 1, gosec.NewConfig()},
}
)
}

10
testutils/g306_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG306 - Poor permissions for WriteFile
SampleCodeG306 = []CodeSample{
{[]string{`
// SampleCodeG306 - Poor permissions for WriteFile
var SampleCodeG306 = []CodeSample{
{[]string{`
package main
import (
@ -54,5 +53,4 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)
}

12
testutils/g307_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG307 - Poor permissions for os.Create
SampleCodeG307 = []CodeSample{
{[]string{`
// SampleCodeG307 - Poor permissions for os.Create
var SampleCodeG307 = []CodeSample{
{[]string{`
package main
import (
@ -25,7 +24,7 @@ func main() {
defer f.Close()
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -45,5 +44,4 @@ func main() {
defer f.Close()
}
`}, 1, gosec.Config{"G307": "0o600"}},
}
)
}

36
testutils/g402_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG402 - TLS settings
SampleCodeG402 = []CodeSample{
{[]string{`
// SampleCodeG402 - TLS settings
var SampleCodeG402 = []CodeSample{
{[]string{`
// InsecureSkipVerify
package main
@ -27,7 +26,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// InsecureSkipVerify from variable
package main
@ -40,7 +39,7 @@ func main() {
conf.InsecureSkipVerify = true
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
@ -61,7 +60,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
@ -83,7 +82,7 @@ func main() {
fmt.Printf("Debug: %v\n", a.MinVersion)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
@ -103,7 +102,7 @@ func main() {
fmt.Printf("Debug: %v\n", a.MinVersion)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
import (
@ -123,7 +122,7 @@ func main() {
fmt.Printf("Debug: %v\n", a.MinVersion)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
@ -148,7 +147,7 @@ func main() {
fmt.Printf("Debug: %v\n", a.MinVersion)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure minimum version
package main
@ -171,7 +170,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure max version
package main
@ -192,7 +191,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// Insecure ciphersuite selection
package main
@ -218,7 +217,7 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
// secure max version when min version is specified
package main
@ -242,7 +241,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package p0
import "crypto/tls"
@ -260,7 +259,7 @@ func TlsConfig1() *tls.Config {
return &tls.Config{MinVersion: 0x0304}
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -281,7 +280,7 @@ import "crypto/tls"
const MinVer = tls.VersionTLS13
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -294,5 +293,4 @@ func main() {
_ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12}
}
`}, 0, gosec.NewConfig()},
}
)
}

10
testutils/g403_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG403 - weak key strength
SampleCodeG403 = []CodeSample{
{[]string{`
// SampleCodeG403 - weak key strength
var SampleCodeG403 = []CodeSample{
{[]string{`
package main
import (
@ -23,5 +22,4 @@ func main() {
fmt.Println(pvk)
}
`}, 1, gosec.NewConfig()},
}
)
}

22
testutils/g404_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG404 - weak random number
SampleCodeG404 = []CodeSample{
{[]string{`
// SampleCodeG404 - weak random number
var SampleCodeG404 = []CodeSample{
{[]string{`
package main
import "crypto/rand"
@ -15,7 +14,7 @@ func main() {
println(good)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "math/rand"
@ -25,7 +24,7 @@ func main() {
println(bad)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -40,7 +39,7 @@ func main() {
println(bad)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -53,7 +52,7 @@ func main() {
println(bad)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -65,7 +64,7 @@ func main() {
println(bad)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -81,7 +80,7 @@ func main() {
println(bad)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import (
@ -100,5 +99,4 @@ func main() {
_ = rand3.Intn(2) // bad
}
`}, 3, gosec.NewConfig()},
}
)
}

10
testutils/g501_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG501 - Blocklisted import MD5
SampleCodeG501 = []CodeSample{
{[]string{`
// SampleCodeG501 - Blocklisted import MD5
var SampleCodeG501 = []CodeSample{
{[]string{`
package main
import (
@ -20,5 +19,4 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
}
)
}

10
testutils/g502_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG502 - Blocklisted import DES
SampleCodeG502 = []CodeSample{
{[]string{`
// SampleCodeG502 - Blocklisted import DES
var SampleCodeG502 = []CodeSample{
{[]string{`
package main
import (
@ -33,5 +32,4 @@ func main() {
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}
`}, 1, gosec.NewConfig()},
}
)
}

10
testutils/g503_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG503 - Blocklisted import RC4
SampleCodeG503 = []CodeSample{
{[]string{`
// SampleCodeG503 - Blocklisted import RC4
var SampleCodeG503 = []CodeSample{
{[]string{`
package main
import (
@ -25,5 +24,4 @@ func main() {
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}
`}, 1, gosec.NewConfig()},
}
)
}

10
testutils/g504_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG504 - Blocklisted import CGI
SampleCodeG504 = []CodeSample{
{[]string{`
// SampleCodeG504 - Blocklisted import CGI
var SampleCodeG504 = []CodeSample{
{[]string{`
package main
import (
@ -17,5 +16,4 @@ func main() {
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
}
`}, 1, gosec.NewConfig()},
}
)
}

10
testutils/g505_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG505 - Blocklisted import SHA1
SampleCodeG505 = []CodeSample{
{[]string{`
// SampleCodeG505 - Blocklisted import SHA1
var SampleCodeG505 = []CodeSample{
{[]string{`
package main
import (
@ -20,5 +19,4 @@ func main() {
}
}
`}, 1, gosec.NewConfig()},
}
)
}

42
testutils/g602_samples.go
View file

@ -2,10 +2,9 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG602 - Slice access out of bounds
SampleCodeG602 = []CodeSample{
{[]string{`
// SampleCodeG602 - Slice access out of bounds
var SampleCodeG602 = []CodeSample{
{[]string{`
package main
import "fmt"
@ -18,7 +17,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -31,7 +30,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -44,7 +43,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -57,7 +56,7 @@ func main() {
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -70,7 +69,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -83,7 +82,7 @@ func main() {
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -96,7 +95,7 @@ func main() {
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -110,7 +109,7 @@ func main() {
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -124,7 +123,7 @@ func main() {
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -138,7 +137,7 @@ func main() {
}
`}, 2, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -151,7 +150,7 @@ func main() {
fmt.Println(y)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -167,7 +166,7 @@ func doStuff(x []int) {
fmt.Println(newSlice)
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -190,7 +189,7 @@ func doStuff(x []int) {
fmt.Println(newSlice2)
}
`}, 2, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -205,7 +204,7 @@ func main() {
fmt.Println(testMap)
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -217,7 +216,7 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -230,7 +229,7 @@ func main() {
fmt.Println(s[0])
}
`}, 1, gosec.NewConfig()},
{[]string{`
{[]string{`
package main
import "fmt"
@ -251,5 +250,4 @@ func main() {
}
}
`}, 0, gosec.NewConfig()},
}
)
}