actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix lint warnings by properly formatting the files

Browse source 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
Cosmin Cojocar 2023-12-08 14:30:54 +01:00 committed by Cosmin Cojocar
parent 0e2a61899a
commit 2aad3f02a5
32 changed files with 259 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
testutils/cgo_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeCgo - Cgo file sample
SampleCodeCgo = []CodeSample{
var SampleCodeCgo = []CodeSample{
{[]string{`
package main
@ -49,4 +48,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g102_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG102 code snippets for network binding
SampleCodeG102 = []CodeSample{
var SampleCodeG102 = []CodeSample{
// Bind to all networks explicitly
{[]string{`
package main
@ -103,4 +102,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g103_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
SampleCodeG103 = []CodeSample{
var SampleCodeG103 = []CodeSample{
{[]string{`
package main
@ -64,4 +63,3 @@ func main() {
}
`}, 2, gosec.NewConfig()},
}
)

4
testutils/g106_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG106 - ssh InsecureIgnoreHostKey
SampleCodeG106 = []CodeSample{
var SampleCodeG106 = []CodeSample{
{[]string{`
package main
@ -17,4 +16,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g107_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG107 - SSRF via http requests with variable url
SampleCodeG107 = []CodeSample{
var SampleCodeG107 = []CodeSample{
{[]string{`
// Input from the std in is considered insecure
package main
@ -195,4 +194,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g108_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG108 - pprof endpoint automatically exposed
SampleCodeG108 = []CodeSample{
var SampleCodeG108 = []CodeSample{
{[]string{`
package main
@ -39,4 +38,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g109_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG109 - Potential Integer OverFlow
SampleCodeG109 = []CodeSample{
var SampleCodeG109 = []CodeSample{
{[]string{`
package main
@ -111,4 +110,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g110_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG110 - potential DoS vulnerability via decompression bomb
SampleCodeG110 = []CodeSample{
var SampleCodeG110 = []CodeSample{
{[]string{`
package main
@ -125,4 +124,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g111_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG111 - potential directory traversal
SampleCodeG111 = []CodeSample{
var SampleCodeG111 = []CodeSample{
{[]string{`
package main
@ -26,4 +25,3 @@ func HelloServer(w http.ResponseWriter, r *http.Request) {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g112_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG112 - potential slowloris attack
SampleCodeG112 = []CodeSample{
var SampleCodeG112 = []CodeSample{
{[]string{`
package main
@ -104,4 +103,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g113_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow
SampleCodeG113 = []CodeSample{
var SampleCodeG113 = []CodeSample{
{[]string{`
package main
@ -21,4 +20,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g114_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts
SampleCodeG114 = []CodeSample{
var SampleCodeG114 = []CodeSample{
{[]string{`
package main
@ -70,4 +69,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g201_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{
var SampleCodeG201 = []CodeSample{
{[]string{`
// Format string without proper quoting
package main
@ -400,4 +399,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g202_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG202 - SQL query string building via string concatenation
SampleCodeG202 = []CodeSample{
var SampleCodeG202 = []CodeSample{
{[]string{`
// infixed concatenation
package main
@ -281,4 +280,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g203_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG203 - Template checks
SampleCodeG203 = []CodeSample{
var SampleCodeG203 = []CodeSample{
{[]string{`
// We assume that hardcoded template strings are safe as the programmer would
// need to be explicitly shooting themselves in the foot (as below)
@ -89,4 +88,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

7
testutils/g204_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG204 - Subprocess auditing
SampleCodeG204 = []CodeSample{
var SampleCodeG204 = []CodeSample{
{[]string{`
package main
@ -156,7 +155,8 @@ func RunCmd(command string) {
func main() {
RunCmd("sleep")
}
`}, 1, gosec.NewConfig()},
`}, 1, gosec.NewConfig(),
},
{[]string{`
package main
@ -243,4 +243,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

5
testutils/g301_samples.go
View file

@ -2,8 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var ( // SampleCodeG301 - mkdir permission check
SampleCodeG301 = []CodeSample{
// SampleCodeG301 - mkdir permission check
var SampleCodeG301 = []CodeSample{
{[]string{`
package main
@ -53,4 +53,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g302_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG302 - file create / chmod permissions check
SampleCodeG302 = []CodeSample{
var SampleCodeG302 = []CodeSample{
{[]string{`
package main
@ -70,4 +69,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g303_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG303 - bad tempfile permissions & hardcoded shared path
SampleCodeG303 = []CodeSample{
var SampleCodeG303 = []CodeSample{
{[]string{`
package samples
@ -58,4 +57,3 @@ func main() {
}
`}, 9, gosec.NewConfig()},
}
)

4
testutils/g304_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{
var SampleCodeG304 = []CodeSample{
{[]string{`
package main
@ -304,4 +303,3 @@ package main
var THEWD string
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g305_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG305 - File path traversal when extracting zip/tar archives
SampleCodeG305 = []CodeSample{
var SampleCodeG305 = []CodeSample{
{[]string{`
package unzip
@ -175,4 +174,3 @@ func extractFile(f *tar.Header, tr *tar.Reader, destPath string) error {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g306_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG306 - Poor permissions for WriteFile
SampleCodeG306 = []CodeSample{
var SampleCodeG306 = []CodeSample{
{[]string{`
package main
@ -55,4 +54,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g307_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG307 - Poor permissions for os.Create
SampleCodeG307 = []CodeSample{
var SampleCodeG307 = []CodeSample{
{[]string{`
package main
@ -46,4 +45,3 @@ func main() {
}
`}, 1, gosec.Config{"G307": "0o600"}},
}
)

4
testutils/g402_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG402 - TLS settings
SampleCodeG402 = []CodeSample{
var SampleCodeG402 = []CodeSample{
{[]string{`
// InsecureSkipVerify
package main
@ -295,4 +294,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)

4
testutils/g403_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG403 - weak key strength
SampleCodeG403 = []CodeSample{
var SampleCodeG403 = []CodeSample{
{[]string{`
package main
@ -24,4 +23,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g404_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG404 - weak random number
SampleCodeG404 = []CodeSample{
var SampleCodeG404 = []CodeSample{
{[]string{`
package main
@ -101,4 +100,3 @@ func main() {
}
`}, 3, gosec.NewConfig()},
}
)

4
testutils/g501_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG501 - Blocklisted import MD5
SampleCodeG501 = []CodeSample{
var SampleCodeG501 = []CodeSample{
{[]string{`
package main
@ -21,4 +20,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g502_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG502 - Blocklisted import DES
SampleCodeG502 = []CodeSample{
var SampleCodeG502 = []CodeSample{
{[]string{`
package main
@ -34,4 +33,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g503_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG503 - Blocklisted import RC4
SampleCodeG503 = []CodeSample{
var SampleCodeG503 = []CodeSample{
{[]string{`
package main
@ -26,4 +25,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g504_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG504 - Blocklisted import CGI
SampleCodeG504 = []CodeSample{
var SampleCodeG504 = []CodeSample{
{[]string{`
package main
@ -18,4 +17,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g505_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG505 - Blocklisted import SHA1
SampleCodeG505 = []CodeSample{
var SampleCodeG505 = []CodeSample{
{[]string{`
package main
@ -21,4 +20,3 @@ func main() {
}
`}, 1, gosec.NewConfig()},
}
)

4
testutils/g602_samples.go
View file

@ -2,9 +2,8 @@ package testutils
import "github.com/securego/gosec/v2"
var (
// SampleCodeG602 - Slice access out of bounds
SampleCodeG602 = []CodeSample{
var SampleCodeG602 = []CodeSample{
{[]string{`
package main
@ -252,4 +251,3 @@ func main() {
}
`}, 0, gosec.NewConfig()},
}
)