mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Fix typos in comments and rulelist (#256)
This commit is contained in:
parent
e0a150bfa3
commit
3116b07de4
12 changed files with 18 additions and 18 deletions
|
@ -33,7 +33,7 @@ import (
|
||||||
|
|
||||||
// The Context is populated with data parsed from the source code as it is scanned.
|
// The Context is populated with data parsed from the source code as it is scanned.
|
||||||
// It is passed through to all rule functions as they are called. Rules may use
|
// It is passed through to all rule functions as they are called. Rules may use
|
||||||
// this data in conjunction withe the encoutered AST node.
|
// this data in conjunction withe the encountered AST node.
|
||||||
type Context struct {
|
type Context struct {
|
||||||
FileSet *token.FileSet
|
FileSet *token.FileSet
|
||||||
Comments ast.CommentMap
|
Comments ast.CommentMap
|
||||||
|
@ -66,7 +66,7 @@ type Analyzer struct {
|
||||||
stats *Metrics
|
stats *Metrics
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewAnalyzer builds a new anaylzer.
|
// NewAnalyzer builds a new analyzer.
|
||||||
func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
|
func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
|
||||||
ignoreNoSec := false
|
ignoreNoSec := false
|
||||||
if setting, err := conf.GetGlobal("nosec"); err == nil {
|
if setting, err := conf.GetGlobal("nosec"); err == nil {
|
||||||
|
|
|
@ -51,7 +51,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
It("should be able to analyze mulitple Go files", func() {
|
It("should be able to analyze multiple Go files", func() {
|
||||||
analyzer.LoadRules(rules.Generate().Builders())
|
analyzer.LoadRules(rules.Generate().Builders())
|
||||||
pkg := testutils.NewTestPackage()
|
pkg := testutils.NewTestPackage()
|
||||||
defer pkg.Close()
|
defer pkg.Close()
|
||||||
|
@ -72,7 +72,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
Expect(metrics.NumFiles).To(Equal(2))
|
Expect(metrics.NumFiles).To(Equal(2))
|
||||||
})
|
})
|
||||||
|
|
||||||
It("should be able to analyze mulitple Go packages", func() {
|
It("should be able to analyze multiple Go packages", func() {
|
||||||
analyzer.LoadRules(rules.Generate().Builders())
|
analyzer.LoadRules(rules.Generate().Builders())
|
||||||
pkg1 := testutils.NewTestPackage()
|
pkg1 := testutils.NewTestPackage()
|
||||||
pkg2 := testutils.NewTestPackage()
|
pkg2 := testutils.NewTestPackage()
|
||||||
|
|
|
@ -345,7 +345,7 @@ func main() {
|
||||||
logger.Fatal(err)
|
logger.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Finialize logging
|
// Finalize logging
|
||||||
logWriter.Close() // #nosec
|
logWriter.Close() // #nosec
|
||||||
|
|
||||||
// Do we have an issue? If so exit 1
|
// Do we have an issue? If so exit 1
|
||||||
|
|
|
@ -78,7 +78,7 @@ func (c Config) GetGlobal(option string) (string, error) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetGlobal associates a value with a global configuration ooption
|
// SetGlobal associates a value with a global configuration option
|
||||||
func (c Config) SetGlobal(option, value string) {
|
func (c Config) SetGlobal(option, value string) {
|
||||||
if globals, ok := c[Globals]; ok {
|
if globals, ok := c[Globals]; ok {
|
||||||
if settings, ok := globals.(map[string]string); ok {
|
if settings, ok := globals.(map[string]string); ok {
|
||||||
|
|
|
@ -166,7 +166,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetImportedName returns the name used for the package within the
|
// GetImportedName returns the name used for the package within the
|
||||||
// code. It will resolve aliases and ignores initalization only imports.
|
// code. It will resolve aliases and ignores initialization only imports.
|
||||||
func GetImportedName(path string, ctx *Context) (string, bool) {
|
func GetImportedName(path string, ctx *Context) (string, bool) {
|
||||||
importName, imported := ctx.Imports.Imported[path]
|
importName, imported := ctx.Imports.Imported[path]
|
||||||
if !imported {
|
if !imported {
|
||||||
|
@ -183,7 +183,7 @@ func GetImportedName(path string, ctx *Context) (string, bool) {
|
||||||
return importName, true
|
return importName, true
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetImportPath resolves the full import path of an identifer based on
|
// GetImportPath resolves the full import path of an identifier based on
|
||||||
// the imports in the current context.
|
// the imports in the current context.
|
||||||
func GetImportPath(name string, ctx *Context) (string, bool) {
|
func GetImportPath(name string, ctx *Context) (string, bool) {
|
||||||
for path := range ctx.Imports.Imported {
|
for path := range ctx.Imports.Imported {
|
||||||
|
@ -257,7 +257,7 @@ func GetPkgAbsPath(pkgPath string) (string, error) {
|
||||||
return absPath, nil
|
return absPath, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConcatString recusively concatenates strings from a binary expression
|
// ConcatString recursively concatenates strings from a binary expression
|
||||||
func ConcatString(n *ast.BinaryExpr) (string, bool) {
|
func ConcatString(n *ast.BinaryExpr) (string, bool) {
|
||||||
var s string
|
var s string
|
||||||
// sub expressions are found in X object, Y object is always last BasicLit
|
// sub expressions are found in X object, Y object is always last BasicLit
|
||||||
|
|
4
issue.go
4
issue.go
|
@ -34,7 +34,7 @@ const (
|
||||||
High
|
High
|
||||||
)
|
)
|
||||||
|
|
||||||
// Issue is returnd by a gosec rule if it discovers an issue with the scanned code.
|
// Issue is returned by a gosec rule if it discovers an issue with the scanned code.
|
||||||
type Issue struct {
|
type Issue struct {
|
||||||
Severity Score `json:"severity"` // issue severity (how problematic it is)
|
Severity Score `json:"severity"` // issue severity (how problematic it is)
|
||||||
Confidence Score `json:"confidence"` // issue confidence (how sure we are we found it)
|
Confidence Score `json:"confidence"` // issue confidence (how sure we are we found it)
|
||||||
|
@ -46,7 +46,7 @@ type Issue struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// MetaData is embedded in all gosec rules. The Severity, Confidence and What message
|
// MetaData is embedded in all gosec rules. The Severity, Confidence and What message
|
||||||
// will be passed tbhrough to reported issues.
|
// will be passed through to reported issues.
|
||||||
type MetaData struct {
|
type MetaData struct {
|
||||||
ID string
|
ID string
|
||||||
Severity Score
|
Severity Score
|
||||||
|
|
|
@ -26,7 +26,7 @@ import (
|
||||||
"gopkg.in/yaml.v2"
|
"gopkg.in/yaml.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ReportFormat enumrates the output format for reported issues
|
// ReportFormat enumerates the output format for reported issues
|
||||||
type ReportFormat int
|
type ReportFormat int
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
2
rule.go
2
rule.go
|
@ -27,7 +27,7 @@ type Rule interface {
|
||||||
type RuleBuilder func(id string, c Config) (Rule, []ast.Node)
|
type RuleBuilder func(id string, c Config) (Rule, []ast.Node)
|
||||||
|
|
||||||
// A RuleSet maps lists of rules to the type of AST node they should be run on.
|
// A RuleSet maps lists of rules to the type of AST node they should be run on.
|
||||||
// The anaylzer will only invoke rules contained in the list associated with the
|
// The analyzer will only invoke rules contained in the list associated with the
|
||||||
// type of AST node it is currently visiting.
|
// type of AST node it is currently visiting.
|
||||||
type RuleSet map[reflect.Type][]Rule
|
type RuleSet map[reflect.Type][]Rule
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ func (r *readfile) isJoinFunc(n ast.Node, c *gosec.Context) bool {
|
||||||
for _, arg := range call.Args {
|
for _, arg := range call.Args {
|
||||||
// edge case: check if one of the args is a BinaryExpr
|
// edge case: check if one of the args is a BinaryExpr
|
||||||
if binExp, ok := arg.(*ast.BinaryExpr); ok {
|
if binExp, ok := arg.(*ast.BinaryExpr); ok {
|
||||||
// iterate and resolve all found identites from the BinaryExpr
|
// iterate and resolve all found identities from the BinaryExpr
|
||||||
if _, ok := gosec.FindVarIdentities(binExp, c); ok {
|
if _, ok := gosec.FindVarIdentities(binExp, c); ok {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -69,7 +69,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
||||||
}
|
}
|
||||||
// handles binary string concatenation eg. ioutil.Readfile("/tmp/" + file + "/blob")
|
// handles binary string concatenation eg. ioutil.Readfile("/tmp/" + file + "/blob")
|
||||||
if binExp, ok := arg.(*ast.BinaryExpr); ok {
|
if binExp, ok := arg.(*ast.BinaryExpr); ok {
|
||||||
// resolve all found identites from the BinaryExpr
|
// resolve all found identities from the BinaryExpr
|
||||||
if _, ok := gosec.FindVarIdentities(binExp, c); ok {
|
if _, ok := gosec.FindVarIdentities(binExp, c); ok {
|
||||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,7 +75,7 @@ func Generate(filters ...RuleFilter) RuleList {
|
||||||
|
|
||||||
// filesystem
|
// filesystem
|
||||||
{"G301", "Poor file permissions used when creating a directory", NewMkdirPerms},
|
{"G301", "Poor file permissions used when creating a directory", NewMkdirPerms},
|
||||||
{"G302", "Poor file permisions used when creation file or using chmod", NewFilePerms},
|
{"G302", "Poor file permissions used when creation file or using chmod", NewFilePerms},
|
||||||
{"G303", "Creating tempfile using a predictable path", NewBadTempFile},
|
{"G303", "Creating tempfile using a predictable path", NewBadTempFile},
|
||||||
{"G304", "File path provided as taint input", NewReadFile},
|
{"G304", "File path provided as taint input", NewReadFile},
|
||||||
{"G305", "File path traversal when extracting zip archive", NewArchive},
|
{"G305", "File path traversal when extracting zip archive", NewArchive},
|
||||||
|
|
|
@ -41,7 +41,7 @@ func (t *templateCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewTemplateCheck constructs the template check rule. This rule is used to
|
// NewTemplateCheck constructs the template check rule. This rule is used to
|
||||||
// find use of tempaltes where HTML/JS escaping is not being used
|
// find use of templates where HTML/JS escaping is not being used
|
||||||
func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
|
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
|
|
|
@ -29,7 +29,7 @@ type TestPackage struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewTestPackage will create a new and empty package. Must call Close() to cleanup
|
// NewTestPackage will create a new and empty package. Must call Close() to cleanup
|
||||||
// auxilary files
|
// auxiliary files
|
||||||
func NewTestPackage() *TestPackage {
|
func NewTestPackage() *TestPackage {
|
||||||
// Files must exist in $GOPATH
|
// Files must exist in $GOPATH
|
||||||
sourceDir := path.Join(os.Getenv("GOPATH"), "src")
|
sourceDir := path.Join(os.Getenv("GOPATH"), "src")
|
||||||
|
|
Loading…
Reference in a new issue