mirror of
https://github.com/securego/gosec.git
synced 2024-12-26 04:25:52 +00:00
Tim Kelsey
GitHub
commit
37205e9afa
2 changed files with 25 additions and 22 deletions
9
main.go
9
main.go
|
|
@ -56,7 +56,10 @@ USAGE:
|
||||||
$ gas -fmt=json -out=results.json ./...
|
$ gas -fmt=json -out=results.json ./...
|
||||||
|
|
||||||
# Run a specific set of rules (by default all rules will be run):
|
# Run a specific set of rules (by default all rules will be run):
|
||||||
$ gas -rule=sql -rule=sql ./...
|
$ gas -include=G101,G203,G401 ./...
|
||||||
|
|
||||||
|
# Run all rules except the provided
|
||||||
|
$ gas -exclude=G101 ./...
|
||||||
|
|
||||||
`
|
`
|
||||||
|
|
||||||
|
|
@ -140,10 +143,10 @@ func main() {
|
||||||
flag.Var(&excluded, "skip", "File pattern to exclude from scan")
|
flag.Var(&excluded, "skip", "File pattern to exclude from scan")
|
||||||
|
|
||||||
incRules := ""
|
incRules := ""
|
||||||
flag.StringVar(&incRules, "include", "", "comma sperated list of rules IDs to include, see rule list")
|
flag.StringVar(&incRules, "include", "", "Comma separated list of rules IDs to include. (see rule list)")
|
||||||
|
|
||||||
excRules := ""
|
excRules := ""
|
||||||
flag.StringVar(&excRules, "exclude", "", "comma sperated list of rules IDs to exclude, see rule list")
|
flag.StringVar(&excRules, "exclude", "", "Comma separated list of rules IDs to exclude. (see rule list)")
|
||||||
|
|
||||||
// Custom commands / utilities to run instead of default analyzer
|
// Custom commands / utilities to run instead of default analyzer
|
||||||
tools := newUtils()
|
tools := newUtils()
|
||||||
|
|
|
||||||
38
rulelist.go
38
rulelist.go
|
|
@ -31,33 +31,33 @@ type RuleInfo struct {
|
||||||
func GetFullRuleList() map[string]RuleInfo {
|
func GetFullRuleList() map[string]RuleInfo {
|
||||||
return map[string]RuleInfo{
|
return map[string]RuleInfo{
|
||||||
// misc
|
// misc
|
||||||
"G101": RuleInfo{"hardcoded credentials", rules.NewHardcodedCredentials},
|
"G101": RuleInfo{"Look for hardcoded credentials", rules.NewHardcodedCredentials},
|
||||||
"G102": RuleInfo{"bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
|
"G102": RuleInfo{"Bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
|
||||||
"G103": RuleInfo{"use of unsafe block", rules.NewUsingUnsafe},
|
"G103": RuleInfo{"Audit the use of unsafe block", rules.NewUsingUnsafe},
|
||||||
"G104": RuleInfo{"errors not checked", rules.NewTemplateCheck},
|
"G104": RuleInfo{"Audit errors not checked", rules.NewTemplateCheck},
|
||||||
|
|
||||||
// injection
|
// injection
|
||||||
"G201": RuleInfo{"sql string format", rules.NewSqlStrFormat},
|
"G201": RuleInfo{"SQL query construction using format string", rules.NewSqlStrFormat},
|
||||||
"G202": RuleInfo{"sql string concat", rules.NewSqlStrConcat},
|
"G202": RuleInfo{"SQL query construction using string concatenation", rules.NewSqlStrConcat},
|
||||||
"G203": RuleInfo{"unescaped templates", rules.NewTemplateCheck},
|
"G203": RuleInfo{"Use of unescaped data in HTML templates", rules.NewTemplateCheck},
|
||||||
"G204": RuleInfo{"use of exec", rules.NewSubproc},
|
"G204": RuleInfo{"Audit use of command execution", rules.NewSubproc},
|
||||||
|
|
||||||
// filesystem
|
// filesystem
|
||||||
"G301": RuleInfo{"poor mkdir permissions", rules.NewMkdirPerms},
|
"G301": RuleInfo{"Poor file permissions used when creating a directory", rules.NewMkdirPerms},
|
||||||
"G302": RuleInfo{"poor chmod permisions", rules.NewChmodPerms},
|
"G302": RuleInfo{"Poor file permisions used with chmod", rules.NewChmodPerms},
|
||||||
"G303": RuleInfo{"predicatable tempfile", rules.NewBadTempFile},
|
"G303": RuleInfo{"Creating tempfile using a predictable path", rules.NewBadTempFile},
|
||||||
|
|
||||||
// crypto
|
// crypto
|
||||||
"G401": RuleInfo{"weak crypto", rules.NewUsesWeakCryptography},
|
"G401": RuleInfo{"Detect the usage of DES, RC4, or MD5", rules.NewUsesWeakCryptography},
|
||||||
"G402": RuleInfo{"bad TLS options", rules.NewIntermediateTlsCheck},
|
"G402": RuleInfo{"Look for bad TLS connection settings", rules.NewIntermediateTlsCheck},
|
||||||
"G403": RuleInfo{"bad RSA key length", rules.NewWeakKeyStrength},
|
"G403": RuleInfo{"Ensure minimum RSA key length of 2048 bits", rules.NewWeakKeyStrength},
|
||||||
"G404": RuleInfo{"poor random source (rand)", rules.NewWeakRandCheck},
|
"G404": RuleInfo{"Insecure random number source (rand)", rules.NewWeakRandCheck},
|
||||||
|
|
||||||
// blacklist
|
// blacklist
|
||||||
"G501": RuleInfo{"blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
|
"G501": RuleInfo{"Import blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
|
||||||
"G502": RuleInfo{"blacklist: crypto/des", rules.NewBlacklist_crypto_des},
|
"G502": RuleInfo{"Import blacklist: crypto/des", rules.NewBlacklist_crypto_des},
|
||||||
"G503": RuleInfo{"blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
|
"G503": RuleInfo{"Import blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
|
||||||
"G504": RuleInfo{"blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
|
"G504": RuleInfo{"Import blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue