mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Fix lint warnings by properly formatting the files
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
0e2a61899a
commit
2aad3f02a5
32 changed files with 259 additions and 321 deletions
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeCgo - Cgo file sample
|
||||
SampleCodeCgo = []CodeSample{
|
||||
var SampleCodeCgo = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -49,4 +48,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG102 code snippets for network binding
|
||||
SampleCodeG102 = []CodeSample{
|
||||
var SampleCodeG102 = []CodeSample{
|
||||
// Bind to all networks explicitly
|
||||
{[]string{`
|
||||
package main
|
||||
|
@ -103,4 +102,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
|
||||
SampleCodeG103 = []CodeSample{
|
||||
var SampleCodeG103 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -64,4 +63,3 @@ func main() {
|
|||
}
|
||||
`}, 2, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG106 - ssh InsecureIgnoreHostKey
|
||||
SampleCodeG106 = []CodeSample{
|
||||
var SampleCodeG106 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -17,4 +16,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG107 - SSRF via http requests with variable url
|
||||
SampleCodeG107 = []CodeSample{
|
||||
var SampleCodeG107 = []CodeSample{
|
||||
{[]string{`
|
||||
// Input from the std in is considered insecure
|
||||
package main
|
||||
|
@ -195,4 +194,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG108 - pprof endpoint automatically exposed
|
||||
SampleCodeG108 = []CodeSample{
|
||||
var SampleCodeG108 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -39,4 +38,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG109 - Potential Integer OverFlow
|
||||
SampleCodeG109 = []CodeSample{
|
||||
var SampleCodeG109 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -111,4 +110,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG110 - potential DoS vulnerability via decompression bomb
|
||||
SampleCodeG110 = []CodeSample{
|
||||
var SampleCodeG110 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -125,4 +124,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG111 - potential directory traversal
|
||||
SampleCodeG111 = []CodeSample{
|
||||
var SampleCodeG111 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -26,4 +25,3 @@ func HelloServer(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG112 - potential slowloris attack
|
||||
SampleCodeG112 = []CodeSample{
|
||||
var SampleCodeG112 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -104,4 +103,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow
|
||||
SampleCodeG113 = []CodeSample{
|
||||
var SampleCodeG113 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -21,4 +20,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts
|
||||
SampleCodeG114 = []CodeSample{
|
||||
var SampleCodeG114 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -70,4 +69,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG201 - SQL injection via format string
|
||||
SampleCodeG201 = []CodeSample{
|
||||
var SampleCodeG201 = []CodeSample{
|
||||
{[]string{`
|
||||
// Format string without proper quoting
|
||||
package main
|
||||
|
@ -400,4 +399,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG202 - SQL query string building via string concatenation
|
||||
SampleCodeG202 = []CodeSample{
|
||||
var SampleCodeG202 = []CodeSample{
|
||||
{[]string{`
|
||||
// infixed concatenation
|
||||
package main
|
||||
|
@ -281,4 +280,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG203 - Template checks
|
||||
SampleCodeG203 = []CodeSample{
|
||||
var SampleCodeG203 = []CodeSample{
|
||||
{[]string{`
|
||||
// We assume that hardcoded template strings are safe as the programmer would
|
||||
// need to be explicitly shooting themselves in the foot (as below)
|
||||
|
@ -89,4 +88,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG204 - Subprocess auditing
|
||||
SampleCodeG204 = []CodeSample{
|
||||
var SampleCodeG204 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -156,7 +155,8 @@ func RunCmd(command string) {
|
|||
func main() {
|
||||
RunCmd("sleep")
|
||||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
`}, 1, gosec.NewConfig(),
|
||||
},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -243,4 +243,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,8 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var ( // SampleCodeG301 - mkdir permission check
|
||||
SampleCodeG301 = []CodeSample{
|
||||
// SampleCodeG301 - mkdir permission check
|
||||
var SampleCodeG301 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -53,4 +53,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG302 - file create / chmod permissions check
|
||||
SampleCodeG302 = []CodeSample{
|
||||
var SampleCodeG302 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -70,4 +69,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG303 - bad tempfile permissions & hardcoded shared path
|
||||
SampleCodeG303 = []CodeSample{
|
||||
var SampleCodeG303 = []CodeSample{
|
||||
{[]string{`
|
||||
package samples
|
||||
|
||||
|
@ -58,4 +57,3 @@ func main() {
|
|||
}
|
||||
`}, 9, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG304 - potential file inclusion vulnerability
|
||||
SampleCodeG304 = []CodeSample{
|
||||
var SampleCodeG304 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -304,4 +303,3 @@ package main
|
|||
var THEWD string
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG305 - File path traversal when extracting zip/tar archives
|
||||
SampleCodeG305 = []CodeSample{
|
||||
var SampleCodeG305 = []CodeSample{
|
||||
{[]string{`
|
||||
package unzip
|
||||
|
||||
|
@ -175,4 +174,3 @@ func extractFile(f *tar.Header, tr *tar.Reader, destPath string) error {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG306 - Poor permissions for WriteFile
|
||||
SampleCodeG306 = []CodeSample{
|
||||
var SampleCodeG306 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -55,4 +54,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG307 - Poor permissions for os.Create
|
||||
SampleCodeG307 = []CodeSample{
|
||||
var SampleCodeG307 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -46,4 +45,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.Config{"G307": "0o600"}},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG402 - TLS settings
|
||||
SampleCodeG402 = []CodeSample{
|
||||
var SampleCodeG402 = []CodeSample{
|
||||
{[]string{`
|
||||
// InsecureSkipVerify
|
||||
package main
|
||||
|
@ -295,4 +294,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG403 - weak key strength
|
||||
SampleCodeG403 = []CodeSample{
|
||||
var SampleCodeG403 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -24,4 +23,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG404 - weak random number
|
||||
SampleCodeG404 = []CodeSample{
|
||||
var SampleCodeG404 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -101,4 +100,3 @@ func main() {
|
|||
}
|
||||
`}, 3, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG501 - Blocklisted import MD5
|
||||
SampleCodeG501 = []CodeSample{
|
||||
var SampleCodeG501 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -21,4 +20,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG502 - Blocklisted import DES
|
||||
SampleCodeG502 = []CodeSample{
|
||||
var SampleCodeG502 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -34,4 +33,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG503 - Blocklisted import RC4
|
||||
SampleCodeG503 = []CodeSample{
|
||||
var SampleCodeG503 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -26,4 +25,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG504 - Blocklisted import CGI
|
||||
SampleCodeG504 = []CodeSample{
|
||||
var SampleCodeG504 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -18,4 +17,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG505 - Blocklisted import SHA1
|
||||
SampleCodeG505 = []CodeSample{
|
||||
var SampleCodeG505 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -21,4 +20,3 @@ func main() {
|
|||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
|
@ -2,9 +2,8 @@ package testutils
|
|||
|
||||
import "github.com/securego/gosec/v2"
|
||||
|
||||
var (
|
||||
// SampleCodeG602 - Slice access out of bounds
|
||||
SampleCodeG602 = []CodeSample{
|
||||
var SampleCodeG602 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
|
@ -252,4 +251,3 @@ func main() {
|
|||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue