diff --git a/testutils/cgo_samples.go b/testutils/cgo_samples.go index e310ddc..80af013 100644 --- a/testutils/cgo_samples.go +++ b/testutils/cgo_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeCgo - Cgo file sample - SampleCodeCgo = []CodeSample{ - {[]string{` +// SampleCodeCgo - Cgo file sample +var SampleCodeCgo = []CodeSample{ + {[]string{` package main import ( @@ -48,5 +47,4 @@ func main() { C.printData(cData) } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g102_samples.go b/testutils/g102_samples.go index 035808f..8e83ec3 100644 --- a/testutils/g102_samples.go +++ b/testutils/g102_samples.go @@ -2,11 +2,10 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG102 code snippets for network binding - SampleCodeG102 = []CodeSample{ - // Bind to all networks explicitly - {[]string{` +// SampleCodeG102 code snippets for network binding +var SampleCodeG102 = []CodeSample{ + // Bind to all networks explicitly + {[]string{` package main import ( @@ -22,8 +21,8 @@ func main() { defer l.Close() } `}, 1, gosec.NewConfig()}, - // Bind to all networks implicitly (default if host omitted) - {[]string{` + // Bind to all networks implicitly (default if host omitted) + {[]string{` package main import ( @@ -39,8 +38,8 @@ func main() { defer l.Close() } `}, 1, gosec.NewConfig()}, - // Bind to all networks indirectly through a parsing function - {[]string{` + // Bind to all networks indirectly through a parsing function + {[]string{` package main import ( @@ -61,8 +60,8 @@ func main() { defer l.Close() } `}, 1, gosec.NewConfig()}, - // Bind to all networks indirectly through a parsing function - {[]string{` + // Bind to all networks indirectly through a parsing function + {[]string{` package main import ( @@ -84,7 +83,7 @@ func main() { defer l.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -102,5 +101,4 @@ func main() { defer l.Close() } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g103_samples.go b/testutils/g103_samples.go index ab40a40..feeb6b6 100644 --- a/testutils/g103_samples.go +++ b/testutils/g103_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG103 find instances of unsafe blocks for auditing purposes - SampleCodeG103 = []CodeSample{ - {[]string{` +// SampleCodeG103 find instances of unsafe blocks for auditing purposes +var SampleCodeG103 = []CodeSample{ + {[]string{` package main import ( @@ -29,7 +28,7 @@ func main() { fmt.Printf("\nintPtr=%p, *intPtr=%d.\n\n", intPtr, *intPtr) } `}, 2, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -46,7 +45,7 @@ func main() { fmt.Printf("ptr: %p\n", ptr) } `}, 2, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -63,5 +62,4 @@ func main() { fmt.Printf("ptr: %p\n", ptr) } `}, 2, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g106_samples.go b/testutils/g106_samples.go index 4845fd1..1f8f472 100644 --- a/testutils/g106_samples.go +++ b/testutils/g106_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG106 - ssh InsecureIgnoreHostKey - SampleCodeG106 = []CodeSample{ - {[]string{` +// SampleCodeG106 - ssh InsecureIgnoreHostKey +var SampleCodeG106 = []CodeSample{ + {[]string{` package main import ( @@ -16,5 +15,4 @@ func main() { _ = ssh.InsecureIgnoreHostKey() } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g107_samples.go b/testutils/g107_samples.go index 45ece3e..ec3efad 100644 --- a/testutils/g107_samples.go +++ b/testutils/g107_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG107 - SSRF via http requests with variable url - SampleCodeG107 = []CodeSample{ - {[]string{` +// SampleCodeG107 - SSRF via http requests with variable url +var SampleCodeG107 = []CodeSample{ + {[]string{` // Input from the std in is considered insecure package main import ( @@ -33,7 +32,7 @@ func main() { fmt.Printf("%s", body) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Variable defined a package level can be changed at any time // regardless of the initial value package main @@ -58,7 +57,7 @@ func main() { } fmt.Printf("%s", body) }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Environmental variables are not considered as secure source package main import ( @@ -81,7 +80,7 @@ func main() { fmt.Printf("%s", body) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Constant variables or hard-coded strings are secure package main @@ -98,7 +97,7 @@ func main() { fmt.Println(resp.Status) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // A variable at function scope which is initialized to // a constant string is secure (e.g. cannot be changed concurrently) package main @@ -116,7 +115,7 @@ func main() { fmt.Println(resp.Status) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // A variable at function scope which is initialized to // a constant string is secure (e.g. cannot be changed concurrently) package main @@ -134,7 +133,7 @@ func main() { fmt.Println(resp.Status) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // A variable at function scope which is initialized to // a constant string is secure (e.g. cannot be changed concurrently) package main @@ -154,7 +153,7 @@ func main() { fmt.Println(resp.Status) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // An exported variable declared a packaged scope is not secure // because it can changed at any time package main @@ -174,7 +173,7 @@ func main() { fmt.Println(resp.Status) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // An url provided as a function argument is not secure package main @@ -194,5 +193,4 @@ func main() { get(url) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g108_samples.go b/testutils/g108_samples.go index 78816ef..3702519 100644 --- a/testutils/g108_samples.go +++ b/testutils/g108_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG108 - pprof endpoint automatically exposed - SampleCodeG108 = []CodeSample{ - {[]string{` +// SampleCodeG108 - pprof endpoint automatically exposed +var SampleCodeG108 = []CodeSample{ + {[]string{` package main import ( @@ -22,7 +21,7 @@ func main() { log.Fatal(http.ListenAndServe(":8080", nil)) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -38,5 +37,4 @@ func main() { log.Fatal(http.ListenAndServe(":8080", nil)) } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g109_samples.go b/testutils/g109_samples.go index aa50d42..a374355 100644 --- a/testutils/g109_samples.go +++ b/testutils/g109_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG109 - Potential Integer OverFlow - SampleCodeG109 = []CodeSample{ - {[]string{` +// SampleCodeG109 - Potential Integer OverFlow +var SampleCodeG109 = []CodeSample{ + {[]string{` package main import ( @@ -22,7 +21,7 @@ func main() { fmt.Println(value) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -40,7 +39,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -56,7 +55,7 @@ func main() { fmt.Println(bigValue) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -79,7 +78,7 @@ func test() { fmt.Println(value) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -97,7 +96,7 @@ func main() { fmt.Println(v) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -110,5 +109,4 @@ func main() { fmt.Println(b, err) } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g110_samples.go b/testutils/g110_samples.go index 397e564..e0c61d9 100644 --- a/testutils/g110_samples.go +++ b/testutils/g110_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG110 - potential DoS vulnerability via decompression bomb - SampleCodeG110 = []CodeSample{ - {[]string{` +// SampleCodeG110 - potential DoS vulnerability via decompression bomb +var SampleCodeG110 = []CodeSample{ + {[]string{` package main import ( @@ -31,7 +30,7 @@ func main() { r.Close() }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -58,7 +57,7 @@ func main() { r.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -97,7 +96,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -124,5 +123,4 @@ func main() { } } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g111_samples.go b/testutils/g111_samples.go index e888f03..75007ca 100644 --- a/testutils/g111_samples.go +++ b/testutils/g111_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG111 - potential directory traversal - SampleCodeG111 = []CodeSample{ - {[]string{` +// SampleCodeG111 - potential directory traversal +var SampleCodeG111 = []CodeSample{ + {[]string{` package main import ( @@ -25,5 +24,4 @@ func HelloServer(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:]) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g112_samples.go b/testutils/g112_samples.go index c356c81..4a58f6c 100644 --- a/testutils/g112_samples.go +++ b/testutils/g112_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG112 - potential slowloris attack - SampleCodeG112 = []CodeSample{ - {[]string{` +// SampleCodeG112 - potential slowloris attack +var SampleCodeG112 = []CodeSample{ + {[]string{` package main import ( @@ -25,7 +24,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -48,7 +47,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -71,7 +70,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -103,5 +102,4 @@ func main() { fmt.Print("test") } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g113_samples.go b/testutils/g113_samples.go index 16b613f..e672896 100644 --- a/testutils/g113_samples.go +++ b/testutils/g113_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow - SampleCodeG113 = []CodeSample{ - {[]string{` +// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow +var SampleCodeG113 = []CodeSample{ + {[]string{` package main import ( @@ -20,5 +19,4 @@ func main() { fmt.Println(r) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g114_samples.go b/testutils/g114_samples.go index 44cdcde..19edece 100644 --- a/testutils/g114_samples.go +++ b/testutils/g114_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts - SampleCodeG114 = []CodeSample{ - {[]string{` +// SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts +var SampleCodeG114 = []CodeSample{ + {[]string{` package main import ( @@ -18,7 +17,7 @@ func main() { log.Fatal(err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -31,7 +30,7 @@ func main() { log.Fatal(err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -50,7 +49,7 @@ func main() { log.Fatal(err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -69,5 +68,4 @@ func main() { log.Fatal(err) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g201_samples.go b/testutils/g201_samples.go index 94ad7c0..c005d4b 100644 --- a/testutils/g201_samples.go +++ b/testutils/g201_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG201 - SQL injection via format string - SampleCodeG201 = []CodeSample{ - {[]string{` +// SampleCodeG201 - SQL injection via format string +var SampleCodeG201 = []CodeSample{ + {[]string{` // Format string without proper quoting package main @@ -28,7 +27,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string without proper quoting case insensitive package main @@ -51,7 +50,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string without proper quoting with context package main import ( @@ -74,7 +73,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string without proper quoting with transaction package main import ( @@ -105,7 +104,7 @@ func main(){ } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string false positive, safe string spec. package main @@ -128,7 +127,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string false positive package main @@ -150,7 +149,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string false positive, quoted formatter argument. package main @@ -174,7 +173,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // false positive package main @@ -197,7 +196,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( "fmt" @@ -207,7 +206,7 @@ func main(){ fmt.Sprintln() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string with \n\r package main @@ -230,7 +229,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Format string with \n\r package main @@ -253,7 +252,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // SQLI by db.Query(some).Scan(&other) package main @@ -277,7 +276,7 @@ func main() { } defer db.Close() }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // SQLI by db.Query(some).Scan(&other) package main @@ -300,7 +299,7 @@ func main() { } defer db.Close() }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // SQLI by db.Prepare(some) package main @@ -333,7 +332,7 @@ func main() { defer stmt.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // SQLI by db.PrepareContext(some) package main @@ -367,7 +366,7 @@ func main() { defer stmt.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // false positive package main @@ -399,5 +398,4 @@ func main() { defer stmt.Close() } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g202_samples.go b/testutils/g202_samples.go index c5f55d7..3dc0f8b 100644 --- a/testutils/g202_samples.go +++ b/testutils/g202_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG202 - SQL query string building via string concatenation - SampleCodeG202 = []CodeSample{ - {[]string{` +// SampleCodeG202 - SQL query string building via string concatenation +var SampleCodeG202 = []CodeSample{ + {[]string{` // infixed concatenation package main @@ -28,7 +27,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -48,7 +47,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // case insensitive match package main @@ -69,7 +68,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // context match package main @@ -91,7 +90,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // DB transaction check package main @@ -121,7 +120,7 @@ func main(){ } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // multiple string concatenation package main @@ -142,7 +141,7 @@ func main(){ defer rows.Close() } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // false positive package main @@ -163,7 +162,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -186,7 +185,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main const gender = "M" @@ -213,7 +212,7 @@ func main(){ defer rows.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // ExecContext match package main @@ -235,7 +234,7 @@ func main() { } fmt.Println(result) }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Exec match package main @@ -256,7 +255,7 @@ func main() { } fmt.Println(result) }`}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -280,5 +279,4 @@ func main() { fmt.Println(result) } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g203_samples.go b/testutils/g203_samples.go index 9e689eb..61c12be 100644 --- a/testutils/g203_samples.go +++ b/testutils/g203_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG203 - Template checks - SampleCodeG203 = []CodeSample{ - {[]string{` +// SampleCodeG203 - Template checks +var SampleCodeG203 = []CodeSample{ + {[]string{` // We assume that hardcoded template strings are safe as the programmer would // need to be explicitly shooting themselves in the foot (as below) package main @@ -26,7 +25,7 @@ func main() { t.Execute(os.Stdout, v) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Using a variable to initialize could potentially be dangerous. Under the // current model this will likely produce some false positives. package main @@ -48,7 +47,7 @@ func main() { t.Execute(os.Stdout, v) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -68,7 +67,7 @@ func main() { t.Execute(os.Stdout, v) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -88,5 +87,4 @@ func main() { t.Execute(os.Stdout, v) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g204_samples.go b/testutils/g204_samples.go index a7fb693..746c95c 100644 --- a/testutils/g204_samples.go +++ b/testutils/g204_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG204 - Subprocess auditing - SampleCodeG204 = []CodeSample{ - {[]string{` +// SampleCodeG204 - Subprocess auditing +var SampleCodeG204 = []CodeSample{ + {[]string{` package main import ( @@ -22,7 +21,7 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Calling any function which starts a new process with using // command line arguments as it's arguments is considered dangerous package main @@ -42,7 +41,7 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Initializing a local variable using a environmental // variable is consider as a dangerous user input package main @@ -65,7 +64,7 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // gosec doesn't have enough context to decide that the // command argument of the RunCmd function is hardcoded string // and that's why it's better to warn the user so he can audit it @@ -90,7 +89,7 @@ func main() { RunCmd("sleep") } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -120,7 +119,7 @@ func main() { RunCmd("ll", "ls") } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // syscall.Exec function called with hardcoded arguments // shouldn't be consider as a command injection package main @@ -137,8 +136,8 @@ func main() { } } `}, 0, gosec.NewConfig()}, - { - []string{` + { + []string{` package main import ( @@ -156,8 +155,9 @@ func RunCmd(command string) { func main() { RunCmd("sleep") } -`}, 1, gosec.NewConfig()}, - {[]string{` +`}, 1, gosec.NewConfig(), + }, + {[]string{` package main import ( @@ -176,7 +176,7 @@ func main() { RunCmd("sleep") } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // starting a process with a variable as an argument // even if not constant is not considered as dangerous // because it has hardcoded value @@ -199,7 +199,7 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // exec.Command from supplemental package sys/execabs // using variable arguments package main @@ -219,7 +219,7 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Initializing a local variable using a environmental // variable is consider as a dangerous user input package main @@ -242,5 +242,4 @@ func main() { log.Printf("Command finished with error: %v", err) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g301_samples.go b/testutils/g301_samples.go index 9bce70a..8a7aeaa 100644 --- a/testutils/g301_samples.go +++ b/testutils/g301_samples.go @@ -2,9 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( // SampleCodeG301 - mkdir permission check - SampleCodeG301 = []CodeSample{ - {[]string{` +// SampleCodeG301 - mkdir permission check +var SampleCodeG301 = []CodeSample{ + {[]string{` package main import ( @@ -20,7 +20,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -36,7 +36,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -52,5 +52,4 @@ func main() { } } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g302_samples.go b/testutils/g302_samples.go index 4bef26b..3cc9fde 100644 --- a/testutils/g302_samples.go +++ b/testutils/g302_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG302 - file create / chmod permissions check - SampleCodeG302 = []CodeSample{ - {[]string{` +// SampleCodeG302 - file create / chmod permissions check +var SampleCodeG302 = []CodeSample{ + {[]string{` package main import ( @@ -21,7 +20,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -37,7 +36,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -53,7 +52,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -69,5 +68,4 @@ func main() { } } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g303_samples.go b/testutils/g303_samples.go index 3c941b9..bdc9609 100644 --- a/testutils/g303_samples.go +++ b/testutils/g303_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG303 - bad tempfile permissions & hardcoded shared path - SampleCodeG303 = []CodeSample{ - {[]string{` +// SampleCodeG303 - bad tempfile permissions & hardcoded shared path +var SampleCodeG303 = []CodeSample{ + {[]string{` package samples import ( @@ -57,5 +56,4 @@ func main() { } } `}, 9, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g304_samples.go b/testutils/g304_samples.go index 33de51c..7ef7139 100644 --- a/testutils/g304_samples.go +++ b/testutils/g304_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG304 - potential file inclusion vulnerability - SampleCodeG304 = []CodeSample{ - {[]string{` +// SampleCodeG304 - potential file inclusion vulnerability +var SampleCodeG304 = []CodeSample{ + {[]string{` package main import ( @@ -24,7 +23,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -42,7 +41,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -68,7 +67,7 @@ func main() { log.Fatal(http.ListenAndServe(":3000", nil)) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -94,7 +93,7 @@ func main() { log.Fatal(http.ListenAndServe(":3000", nil)) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -112,7 +111,7 @@ import ( log.Print(body) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -138,7 +137,7 @@ func main() { fmt.Println(string(contents)) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -159,7 +158,7 @@ func main() { log.Print(body) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -176,7 +175,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -196,7 +195,7 @@ func main() { openFile(repoFile) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -219,7 +218,7 @@ func main() { openFile(dir, repoFile) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -239,7 +238,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -271,7 +270,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -303,5 +302,4 @@ package main var THEWD string `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g305_samples.go b/testutils/g305_samples.go index cb98706..784100a 100644 --- a/testutils/g305_samples.go +++ b/testutils/g305_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG305 - File path traversal when extracting zip/tar archives - SampleCodeG305 = []CodeSample{ - {[]string{` +// SampleCodeG305 - File path traversal when extracting zip/tar archives +var SampleCodeG305 = []CodeSample{ + {[]string{` package unzip import ( @@ -52,7 +51,7 @@ func unzip(archive, target string) error { return nil } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package unzip import ( @@ -100,7 +99,7 @@ func unzip(archive, target string) error { return nil } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package zip import ( @@ -140,7 +139,7 @@ func extractFile(f *zip.File, destPath string) error { return os.Chmod(filePath, f.FileInfo().Mode()) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package tz import ( @@ -174,5 +173,4 @@ func extractFile(f *tar.Header, tr *tar.Reader, destPath string) error { return os.Chmod(filePath, f.FileInfo().Mode()) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g306_samples.go b/testutils/g306_samples.go index d1cb34c..f8ab32a 100644 --- a/testutils/g306_samples.go +++ b/testutils/g306_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG306 - Poor permissions for WriteFile - SampleCodeG306 = []CodeSample{ - {[]string{` +// SampleCodeG306 - Poor permissions for WriteFile +var SampleCodeG306 = []CodeSample{ + {[]string{` package main import ( @@ -54,5 +53,4 @@ func main() { } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g307_samples.go b/testutils/g307_samples.go index 1f7cf6d..aa4b8f4 100644 --- a/testutils/g307_samples.go +++ b/testutils/g307_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG307 - Poor permissions for os.Create - SampleCodeG307 = []CodeSample{ - {[]string{` +// SampleCodeG307 - Poor permissions for os.Create +var SampleCodeG307 = []CodeSample{ + {[]string{` package main import ( @@ -25,7 +24,7 @@ func main() { defer f.Close() } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -45,5 +44,4 @@ func main() { defer f.Close() } `}, 1, gosec.Config{"G307": "0o600"}}, - } -) +} diff --git a/testutils/g402_samples.go b/testutils/g402_samples.go index 999b4c2..5673a0b 100644 --- a/testutils/g402_samples.go +++ b/testutils/g402_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG402 - TLS settings - SampleCodeG402 = []CodeSample{ - {[]string{` +// SampleCodeG402 - TLS settings +var SampleCodeG402 = []CodeSample{ + {[]string{` // InsecureSkipVerify package main @@ -27,7 +26,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // InsecureSkipVerify from variable package main @@ -40,7 +39,7 @@ func main() { conf.InsecureSkipVerify = true } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main @@ -61,7 +60,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main @@ -83,7 +82,7 @@ func main() { fmt.Printf("Debug: %v\n", a.MinVersion) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main @@ -103,7 +102,7 @@ func main() { fmt.Printf("Debug: %v\n", a.MinVersion) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main import ( @@ -123,7 +122,7 @@ func main() { fmt.Printf("Debug: %v\n", a.MinVersion) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main @@ -148,7 +147,7 @@ func main() { fmt.Printf("Debug: %v\n", a.MinVersion) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure minimum version package main @@ -171,7 +170,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure max version package main @@ -192,7 +191,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // Insecure ciphersuite selection package main @@ -218,7 +217,7 @@ func main() { } } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` // secure max version when min version is specified package main @@ -242,7 +241,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package p0 import "crypto/tls" @@ -260,7 +259,7 @@ func TlsConfig1() *tls.Config { return &tls.Config{MinVersion: 0x0304} } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -281,7 +280,7 @@ import "crypto/tls" const MinVer = tls.VersionTLS13 `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -294,5 +293,4 @@ func main() { _ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12} } `}, 0, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g403_samples.go b/testutils/g403_samples.go index 2618534..1b2d9d1 100644 --- a/testutils/g403_samples.go +++ b/testutils/g403_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG403 - weak key strength - SampleCodeG403 = []CodeSample{ - {[]string{` +// SampleCodeG403 - weak key strength +var SampleCodeG403 = []CodeSample{ + {[]string{` package main import ( @@ -23,5 +22,4 @@ func main() { fmt.Println(pvk) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g404_samples.go b/testutils/g404_samples.go index 95266c3..cc8c9b8 100644 --- a/testutils/g404_samples.go +++ b/testutils/g404_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG404 - weak random number - SampleCodeG404 = []CodeSample{ - {[]string{` +// SampleCodeG404 - weak random number +var SampleCodeG404 = []CodeSample{ + {[]string{` package main import "crypto/rand" @@ -15,7 +14,7 @@ func main() { println(good) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "math/rand" @@ -25,7 +24,7 @@ func main() { println(bad) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -40,7 +39,7 @@ func main() { println(bad) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -53,7 +52,7 @@ func main() { println(bad) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -65,7 +64,7 @@ func main() { println(bad) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -81,7 +80,7 @@ func main() { println(bad) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import ( @@ -100,5 +99,4 @@ func main() { _ = rand3.Intn(2) // bad } `}, 3, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g501_samples.go b/testutils/g501_samples.go index ca7aa74..238dd52 100644 --- a/testutils/g501_samples.go +++ b/testutils/g501_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG501 - Blocklisted import MD5 - SampleCodeG501 = []CodeSample{ - {[]string{` +// SampleCodeG501 - Blocklisted import MD5 +var SampleCodeG501 = []CodeSample{ + {[]string{` package main import ( @@ -20,5 +19,4 @@ func main() { } } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g502_samples.go b/testutils/g502_samples.go index fa92e58..dfb5b95 100644 --- a/testutils/g502_samples.go +++ b/testutils/g502_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG502 - Blocklisted import DES - SampleCodeG502 = []CodeSample{ - {[]string{` +// SampleCodeG502 - Blocklisted import DES +var SampleCodeG502 = []CodeSample{ + {[]string{` package main import ( @@ -33,5 +32,4 @@ func main() { fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g503_samples.go b/testutils/g503_samples.go index 0732ab7..d5c9c23 100644 --- a/testutils/g503_samples.go +++ b/testutils/g503_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG503 - Blocklisted import RC4 - SampleCodeG503 = []CodeSample{ - {[]string{` +// SampleCodeG503 - Blocklisted import RC4 +var SampleCodeG503 = []CodeSample{ + {[]string{` package main import ( @@ -25,5 +24,4 @@ func main() { fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g504_samples.go b/testutils/g504_samples.go index dd96b6f..520fb00 100644 --- a/testutils/g504_samples.go +++ b/testutils/g504_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG504 - Blocklisted import CGI - SampleCodeG504 = []CodeSample{ - {[]string{` +// SampleCodeG504 - Blocklisted import CGI +var SampleCodeG504 = []CodeSample{ + {[]string{` package main import ( @@ -17,5 +16,4 @@ func main() { cgi.Serve(http.FileServer(http.Dir("/usr/share/doc"))) } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g505_samples.go b/testutils/g505_samples.go index cc2379c..3600dcd 100644 --- a/testutils/g505_samples.go +++ b/testutils/g505_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG505 - Blocklisted import SHA1 - SampleCodeG505 = []CodeSample{ - {[]string{` +// SampleCodeG505 - Blocklisted import SHA1 +var SampleCodeG505 = []CodeSample{ + {[]string{` package main import ( @@ -20,5 +19,4 @@ func main() { } } `}, 1, gosec.NewConfig()}, - } -) +} diff --git a/testutils/g602_samples.go b/testutils/g602_samples.go index 65394b9..a963add 100644 --- a/testutils/g602_samples.go +++ b/testutils/g602_samples.go @@ -2,10 +2,9 @@ package testutils import "github.com/securego/gosec/v2" -var ( - // SampleCodeG602 - Slice access out of bounds - SampleCodeG602 = []CodeSample{ - {[]string{` +// SampleCodeG602 - Slice access out of bounds +var SampleCodeG602 = []CodeSample{ + {[]string{` package main import "fmt" @@ -18,7 +17,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -31,7 +30,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -44,7 +43,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -57,7 +56,7 @@ func main() { } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -70,7 +69,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -83,7 +82,7 @@ func main() { } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -96,7 +95,7 @@ func main() { } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -110,7 +109,7 @@ func main() { } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -124,7 +123,7 @@ func main() { } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -138,7 +137,7 @@ func main() { } `}, 2, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -151,7 +150,7 @@ func main() { fmt.Println(y) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -167,7 +166,7 @@ func doStuff(x []int) { fmt.Println(newSlice) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -190,7 +189,7 @@ func doStuff(x []int) { fmt.Println(newSlice2) } `}, 2, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -205,7 +204,7 @@ func main() { fmt.Println(testMap) } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -217,7 +216,7 @@ func main() { } } `}, 0, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -230,7 +229,7 @@ func main() { fmt.Println(s[0]) } `}, 1, gosec.NewConfig()}, - {[]string{` + {[]string{` package main import "fmt" @@ -251,5 +250,4 @@ func main() { } } `}, 0, gosec.NewConfig()}, - } -) +}