Merge pull request #41 from HewlettPackard/usage

Fix usage information
This commit is contained in:
Tim Kelsey 2016-08-11 16:54:36 +01:00 committed by GitHub
commit 37205e9afa
2 changed files with 25 additions and 22 deletions

View file

@ -56,7 +56,10 @@ USAGE:
$ gas -fmt=json -out=results.json ./...
# Run a specific set of rules (by default all rules will be run):
$ gas -rule=sql -rule=sql ./...
$ gas -include=G101,G203,G401 ./...
# Run all rules except the provided
$ gas -exclude=G101 ./...
`
@ -140,10 +143,10 @@ func main() {
flag.Var(&excluded, "skip", "File pattern to exclude from scan")
incRules := ""
flag.StringVar(&incRules, "include", "", "comma sperated list of rules IDs to include, see rule list")
flag.StringVar(&incRules, "include", "", "Comma separated list of rules IDs to include. (see rule list)")
excRules := ""
flag.StringVar(&excRules, "exclude", "", "comma sperated list of rules IDs to exclude, see rule list")
flag.StringVar(&excRules, "exclude", "", "Comma separated list of rules IDs to exclude. (see rule list)")
// Custom commands / utilities to run instead of default analyzer
tools := newUtils()

View file

@ -31,33 +31,33 @@ type RuleInfo struct {
func GetFullRuleList() map[string]RuleInfo {
return map[string]RuleInfo{
// misc
"G101": RuleInfo{"hardcoded credentials", rules.NewHardcodedCredentials},
"G102": RuleInfo{"bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
"G103": RuleInfo{"use of unsafe block", rules.NewUsingUnsafe},
"G104": RuleInfo{"errors not checked", rules.NewTemplateCheck},
"G101": RuleInfo{"Look for hardcoded credentials", rules.NewHardcodedCredentials},
"G102": RuleInfo{"Bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
"G103": RuleInfo{"Audit the use of unsafe block", rules.NewUsingUnsafe},
"G104": RuleInfo{"Audit errors not checked", rules.NewTemplateCheck},
// injection
"G201": RuleInfo{"sql string format", rules.NewSqlStrFormat},
"G202": RuleInfo{"sql string concat", rules.NewSqlStrConcat},
"G203": RuleInfo{"unescaped templates", rules.NewTemplateCheck},
"G204": RuleInfo{"use of exec", rules.NewSubproc},
"G201": RuleInfo{"SQL query construction using format string", rules.NewSqlStrFormat},
"G202": RuleInfo{"SQL query construction using string concatenation", rules.NewSqlStrConcat},
"G203": RuleInfo{"Use of unescaped data in HTML templates", rules.NewTemplateCheck},
"G204": RuleInfo{"Audit use of command execution", rules.NewSubproc},
// filesystem
"G301": RuleInfo{"poor mkdir permissions", rules.NewMkdirPerms},
"G302": RuleInfo{"poor chmod permisions", rules.NewChmodPerms},
"G303": RuleInfo{"predicatable tempfile", rules.NewBadTempFile},
"G301": RuleInfo{"Poor file permissions used when creating a directory", rules.NewMkdirPerms},
"G302": RuleInfo{"Poor file permisions used with chmod", rules.NewChmodPerms},
"G303": RuleInfo{"Creating tempfile using a predictable path", rules.NewBadTempFile},
// crypto
"G401": RuleInfo{"weak crypto", rules.NewUsesWeakCryptography},
"G402": RuleInfo{"bad TLS options", rules.NewIntermediateTlsCheck},
"G403": RuleInfo{"bad RSA key length", rules.NewWeakKeyStrength},
"G404": RuleInfo{"poor random source (rand)", rules.NewWeakRandCheck},
"G401": RuleInfo{"Detect the usage of DES, RC4, or MD5", rules.NewUsesWeakCryptography},
"G402": RuleInfo{"Look for bad TLS connection settings", rules.NewIntermediateTlsCheck},
"G403": RuleInfo{"Ensure minimum RSA key length of 2048 bits", rules.NewWeakKeyStrength},
"G404": RuleInfo{"Insecure random number source (rand)", rules.NewWeakRandCheck},
// blacklist
"G501": RuleInfo{"blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
"G502": RuleInfo{"blacklist: crypto/des", rules.NewBlacklist_crypto_des},
"G503": RuleInfo{"blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
"G504": RuleInfo{"blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
"G501": RuleInfo{"Import blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
"G502": RuleInfo{"Import blacklist: crypto/des", rules.NewBlacklist_crypto_des},
"G503": RuleInfo{"Import blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
"G504": RuleInfo{"Import blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
}
}