mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Add an option for Go build tags (#201)
* Add an option for Go build tags * Update README with a section for Go build tags
This commit is contained in:
parent
7790709b81
commit
4ae8c95b40
6 changed files with 60 additions and 20 deletions
|
@ -103,6 +103,14 @@ can do the following:
|
||||||
```
|
```
|
||||||
$ gas -nosec=true ./...
|
$ gas -nosec=true ./...
|
||||||
```
|
```
|
||||||
|
#### Build tags
|
||||||
|
|
||||||
|
Gas is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
||||||
|
They can be provided as a comma separated list as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ gas -tag debug,ignore ./...
|
||||||
|
```
|
||||||
|
|
||||||
### Output formats
|
### Output formats
|
||||||
|
|
||||||
|
|
|
@ -97,9 +97,11 @@ func (gas *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process kicks off the analysis process for a given package
|
// Process kicks off the analysis process for a given package
|
||||||
func (gas *Analyzer) Process(packagePaths ...string) error {
|
func (gas *Analyzer) Process(buildTags []string, packagePaths ...string) error {
|
||||||
|
ctx := build.Default
|
||||||
|
ctx.BuildTags = append(ctx.BuildTags, buildTags...)
|
||||||
packageConfig := loader.Config{
|
packageConfig := loader.Config{
|
||||||
Build: &build.Default,
|
Build: &ctx,
|
||||||
ParserMode: parser.ParseComments,
|
ParserMode: parser.ParseComments,
|
||||||
AllowErrors: true,
|
AllowErrors: true,
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
var (
|
var (
|
||||||
analyzer *gas.Analyzer
|
analyzer *gas.Analyzer
|
||||||
logger *log.Logger
|
logger *log.Logger
|
||||||
|
buildTags []string
|
||||||
)
|
)
|
||||||
BeforeEach(func() {
|
BeforeEach(func() {
|
||||||
logger, _ = testutils.NewLogger()
|
logger, _ = testutils.NewLogger()
|
||||||
|
@ -32,7 +33,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
dir, err := ioutil.TempDir("", "empty")
|
dir, err := ioutil.TempDir("", "empty")
|
||||||
defer os.RemoveAll(dir)
|
defer os.RemoveAll(dir)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
err = analyzer.Process(dir)
|
err = analyzer.Process(buildTags, dir)
|
||||||
Expect(err).Should(HaveOccurred())
|
Expect(err).Should(HaveOccurred())
|
||||||
Expect(err.Error()).Should(MatchRegexp("no buildable Go source files"))
|
Expect(err.Error()).Should(MatchRegexp("no buildable Go source files"))
|
||||||
})
|
})
|
||||||
|
@ -44,7 +45,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
pkg.AddFile("wonky.go", `func main(){ println("forgot the package")}`)
|
pkg.AddFile("wonky.go", `func main(){ println("forgot the package")}`)
|
||||||
pkg.Build()
|
pkg.Build()
|
||||||
|
|
||||||
err := analyzer.Process(pkg.Path)
|
err := analyzer.Process(buildTags, pkg.Path)
|
||||||
Expect(err).Should(HaveOccurred())
|
Expect(err).Should(HaveOccurred())
|
||||||
Expect(err.Error()).Should(MatchRegexp(`expected 'package'`))
|
Expect(err.Error()).Should(MatchRegexp(`expected 'package'`))
|
||||||
|
|
||||||
|
@ -65,7 +66,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
println("package has two files!")
|
println("package has two files!")
|
||||||
}`)
|
}`)
|
||||||
pkg.Build()
|
pkg.Build()
|
||||||
err := analyzer.Process(pkg.Path)
|
err := analyzer.Process(buildTags, pkg.Path)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
_, metrics := analyzer.Report()
|
_, metrics := analyzer.Report()
|
||||||
Expect(metrics.NumFiles).To(Equal(2))
|
Expect(metrics.NumFiles).To(Equal(2))
|
||||||
|
@ -87,7 +88,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
}`)
|
}`)
|
||||||
pkg1.Build()
|
pkg1.Build()
|
||||||
pkg2.Build()
|
pkg2.Build()
|
||||||
err := analyzer.Process(pkg1.Path, pkg2.Path)
|
err := analyzer.Process(buildTags, pkg1.Path, pkg2.Path)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
_, metrics := analyzer.Report()
|
_, metrics := analyzer.Report()
|
||||||
Expect(metrics.NumFiles).To(Equal(2))
|
Expect(metrics.NumFiles).To(Equal(2))
|
||||||
|
@ -104,7 +105,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
defer controlPackage.Close()
|
defer controlPackage.Close()
|
||||||
controlPackage.AddFile("md5.go", source)
|
controlPackage.AddFile("md5.go", source)
|
||||||
controlPackage.Build()
|
controlPackage.Build()
|
||||||
analyzer.Process(controlPackage.Path)
|
analyzer.Process(buildTags, controlPackage.Path)
|
||||||
controlIssues, _ := analyzer.Report()
|
controlIssues, _ := analyzer.Report()
|
||||||
Expect(controlIssues).Should(HaveLen(sample.Errors))
|
Expect(controlIssues).Should(HaveLen(sample.Errors))
|
||||||
|
|
||||||
|
@ -122,7 +123,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
nosecPackage.Build()
|
nosecPackage.Build()
|
||||||
|
|
||||||
analyzer.Process(nosecPackage.Path)
|
analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
nosecIssues, _ := analyzer.Report()
|
nosecIssues, _ := analyzer.Report()
|
||||||
Expect(nosecIssues).Should(BeEmpty())
|
Expect(nosecIssues).Should(BeEmpty())
|
||||||
})
|
})
|
||||||
|
@ -139,7 +140,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
nosecPackage.Build()
|
nosecPackage.Build()
|
||||||
|
|
||||||
analyzer.Process(nosecPackage.Path)
|
analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
nosecIssues, _ := analyzer.Report()
|
nosecIssues, _ := analyzer.Report()
|
||||||
Expect(nosecIssues).Should(BeEmpty())
|
Expect(nosecIssues).Should(BeEmpty())
|
||||||
})
|
})
|
||||||
|
@ -156,7 +157,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
nosecPackage.Build()
|
nosecPackage.Build()
|
||||||
|
|
||||||
analyzer.Process(nosecPackage.Path)
|
analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
nosecIssues, _ := analyzer.Report()
|
nosecIssues, _ := analyzer.Report()
|
||||||
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
||||||
})
|
})
|
||||||
|
@ -173,10 +174,23 @@ var _ = Describe("Analyzer", func() {
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
nosecPackage.Build()
|
nosecPackage.Build()
|
||||||
|
|
||||||
analyzer.Process(nosecPackage.Path)
|
analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
nosecIssues, _ := analyzer.Report()
|
nosecIssues, _ := analyzer.Report()
|
||||||
Expect(nosecIssues).Should(BeEmpty())
|
Expect(nosecIssues).Should(BeEmpty())
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("should pass the build tags", func() {
|
||||||
|
sample := testutils.SampleCode601[0]
|
||||||
|
source := sample.Code
|
||||||
|
analyzer.LoadRules(rules.Generate().Builders())
|
||||||
|
pkg := testutils.NewTestPackage()
|
||||||
|
defer pkg.Close()
|
||||||
|
pkg.AddFile("tags.go", source)
|
||||||
|
|
||||||
|
buildTags = append(buildTags, "test")
|
||||||
|
err := analyzer.Process(buildTags, pkg.Path)
|
||||||
|
Expect(err).Should(HaveOccurred())
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
It("should be possible to overwrite nosec comments, and report issues", func() {
|
It("should be possible to overwrite nosec comments, and report issues", func() {
|
||||||
|
@ -197,7 +211,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
nosecPackage.Build()
|
nosecPackage.Build()
|
||||||
|
|
||||||
customAnalyzer.Process(nosecPackage.Path)
|
customAnalyzer.Process(buildTags, nosecPackage.Path)
|
||||||
nosecIssues, _ := customAnalyzer.Report()
|
nosecIssues, _ := customAnalyzer.Report()
|
||||||
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
||||||
|
|
||||||
|
|
|
@ -90,6 +90,9 @@ var (
|
||||||
// sort the issues by severity
|
// sort the issues by severity
|
||||||
flagSortIssues = flag.Bool("sort", true, "Sort issues by severity")
|
flagSortIssues = flag.Bool("sort", true, "Sort issues by severity")
|
||||||
|
|
||||||
|
// go build tags
|
||||||
|
flagBuildTags = flag.String("tags", "", "Comma separated list of build tags")
|
||||||
|
|
||||||
logger *log.Logger
|
logger *log.Logger
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -313,7 +316,11 @@ func main() {
|
||||||
packages = append(packages, resolvePackage(pkg, gopaths))
|
packages = append(packages, resolvePackage(pkg, gopaths))
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := analyzer.Process(packages...); err != nil {
|
var buildTags []string
|
||||||
|
if *flagBuildTags != "" {
|
||||||
|
buildTags = strings.Split(*flagBuildTags, ",")
|
||||||
|
}
|
||||||
|
if err := analyzer.Process(buildTags, packages...); err != nil {
|
||||||
logger.Fatal(err)
|
logger.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@ var _ = Describe("gas rules", func() {
|
||||||
config gas.Config
|
config gas.Config
|
||||||
analyzer *gas.Analyzer
|
analyzer *gas.Analyzer
|
||||||
runner func(string, []testutils.CodeSample)
|
runner func(string, []testutils.CodeSample)
|
||||||
|
buildTags []string
|
||||||
)
|
)
|
||||||
|
|
||||||
BeforeEach(func() {
|
BeforeEach(func() {
|
||||||
|
@ -34,7 +35,7 @@ var _ = Describe("gas rules", func() {
|
||||||
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
||||||
err := pkg.Build()
|
err := pkg.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
err = analyzer.Process(pkg.Path)
|
err = analyzer.Process(buildTags, pkg.Path)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
issues, _ := analyzer.Report()
|
issues, _ := analyzer.Report()
|
||||||
if len(issues) != sample.Errors {
|
if len(issues) != sample.Errors {
|
||||||
|
|
|
@ -720,5 +720,13 @@ import (
|
||||||
)
|
)
|
||||||
func main() {
|
func main() {
|
||||||
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
|
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
|
||||||
|
}`, 1}}
|
||||||
|
// SampleCode601 - Go build tags
|
||||||
|
SampleCode601 = []CodeSample{{`
|
||||||
|
// +build test
|
||||||
|
|
||||||
|
package main
|
||||||
|
func main() {
|
||||||
|
fmt.Println("no package imported error")
|
||||||
}`, 1}}
|
}`, 1}}
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue