mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
Add an option for Go build tags (#201)
* Add an option for Go build tags * Update README with a section for Go build tags
This commit is contained in:
parent
7790709b81
commit
4ae8c95b40
6 changed files with 60 additions and 20 deletions
|
@ -103,6 +103,14 @@ can do the following:
|
|||
```
|
||||
$ gas -nosec=true ./...
|
||||
```
|
||||
#### Build tags
|
||||
|
||||
Gas is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
|
||||
They can be provided as a comma separated list as follows:
|
||||
|
||||
```
|
||||
$ gas -tag debug,ignore ./...
|
||||
```
|
||||
|
||||
### Output formats
|
||||
|
||||
|
|
|
@ -97,9 +97,11 @@ func (gas *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
|
|||
}
|
||||
|
||||
// Process kicks off the analysis process for a given package
|
||||
func (gas *Analyzer) Process(packagePaths ...string) error {
|
||||
func (gas *Analyzer) Process(buildTags []string, packagePaths ...string) error {
|
||||
ctx := build.Default
|
||||
ctx.BuildTags = append(ctx.BuildTags, buildTags...)
|
||||
packageConfig := loader.Config{
|
||||
Build: &build.Default,
|
||||
Build: &ctx,
|
||||
ParserMode: parser.ParseComments,
|
||||
AllowErrors: true,
|
||||
}
|
||||
|
|
|
@ -17,8 +17,9 @@ import (
|
|||
var _ = Describe("Analyzer", func() {
|
||||
|
||||
var (
|
||||
analyzer *gas.Analyzer
|
||||
logger *log.Logger
|
||||
analyzer *gas.Analyzer
|
||||
logger *log.Logger
|
||||
buildTags []string
|
||||
)
|
||||
BeforeEach(func() {
|
||||
logger, _ = testutils.NewLogger()
|
||||
|
@ -32,7 +33,7 @@ var _ = Describe("Analyzer", func() {
|
|||
dir, err := ioutil.TempDir("", "empty")
|
||||
defer os.RemoveAll(dir)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
err = analyzer.Process(dir)
|
||||
err = analyzer.Process(buildTags, dir)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
Expect(err.Error()).Should(MatchRegexp("no buildable Go source files"))
|
||||
})
|
||||
|
@ -44,7 +45,7 @@ var _ = Describe("Analyzer", func() {
|
|||
pkg.AddFile("wonky.go", `func main(){ println("forgot the package")}`)
|
||||
pkg.Build()
|
||||
|
||||
err := analyzer.Process(pkg.Path)
|
||||
err := analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
Expect(err.Error()).Should(MatchRegexp(`expected 'package'`))
|
||||
|
||||
|
@ -65,7 +66,7 @@ var _ = Describe("Analyzer", func() {
|
|||
println("package has two files!")
|
||||
}`)
|
||||
pkg.Build()
|
||||
err := analyzer.Process(pkg.Path)
|
||||
err := analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
_, metrics := analyzer.Report()
|
||||
Expect(metrics.NumFiles).To(Equal(2))
|
||||
|
@ -87,7 +88,7 @@ var _ = Describe("Analyzer", func() {
|
|||
}`)
|
||||
pkg1.Build()
|
||||
pkg2.Build()
|
||||
err := analyzer.Process(pkg1.Path, pkg2.Path)
|
||||
err := analyzer.Process(buildTags, pkg1.Path, pkg2.Path)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
_, metrics := analyzer.Report()
|
||||
Expect(metrics.NumFiles).To(Equal(2))
|
||||
|
@ -104,7 +105,7 @@ var _ = Describe("Analyzer", func() {
|
|||
defer controlPackage.Close()
|
||||
controlPackage.AddFile("md5.go", source)
|
||||
controlPackage.Build()
|
||||
analyzer.Process(controlPackage.Path)
|
||||
analyzer.Process(buildTags, controlPackage.Path)
|
||||
controlIssues, _ := analyzer.Report()
|
||||
Expect(controlIssues).Should(HaveLen(sample.Errors))
|
||||
|
||||
|
@ -122,7 +123,7 @@ var _ = Describe("Analyzer", func() {
|
|||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
nosecPackage.Build()
|
||||
|
||||
analyzer.Process(nosecPackage.Path)
|
||||
analyzer.Process(buildTags, nosecPackage.Path)
|
||||
nosecIssues, _ := analyzer.Report()
|
||||
Expect(nosecIssues).Should(BeEmpty())
|
||||
})
|
||||
|
@ -139,7 +140,7 @@ var _ = Describe("Analyzer", func() {
|
|||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
nosecPackage.Build()
|
||||
|
||||
analyzer.Process(nosecPackage.Path)
|
||||
analyzer.Process(buildTags, nosecPackage.Path)
|
||||
nosecIssues, _ := analyzer.Report()
|
||||
Expect(nosecIssues).Should(BeEmpty())
|
||||
})
|
||||
|
@ -156,7 +157,7 @@ var _ = Describe("Analyzer", func() {
|
|||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
nosecPackage.Build()
|
||||
|
||||
analyzer.Process(nosecPackage.Path)
|
||||
analyzer.Process(buildTags, nosecPackage.Path)
|
||||
nosecIssues, _ := analyzer.Report()
|
||||
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
||||
})
|
||||
|
@ -173,10 +174,23 @@ var _ = Describe("Analyzer", func() {
|
|||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
nosecPackage.Build()
|
||||
|
||||
analyzer.Process(nosecPackage.Path)
|
||||
analyzer.Process(buildTags, nosecPackage.Path)
|
||||
nosecIssues, _ := analyzer.Report()
|
||||
Expect(nosecIssues).Should(BeEmpty())
|
||||
})
|
||||
|
||||
It("should pass the build tags", func() {
|
||||
sample := testutils.SampleCode601[0]
|
||||
source := sample.Code
|
||||
analyzer.LoadRules(rules.Generate().Builders())
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("tags.go", source)
|
||||
|
||||
buildTags = append(buildTags, "test")
|
||||
err := analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
})
|
||||
})
|
||||
|
||||
It("should be possible to overwrite nosec comments, and report issues", func() {
|
||||
|
@ -197,7 +211,7 @@ var _ = Describe("Analyzer", func() {
|
|||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
nosecPackage.Build()
|
||||
|
||||
customAnalyzer.Process(nosecPackage.Path)
|
||||
customAnalyzer.Process(buildTags, nosecPackage.Path)
|
||||
nosecIssues, _ := customAnalyzer.Report()
|
||||
Expect(nosecIssues).Should(HaveLen(sample.Errors))
|
||||
|
||||
|
|
|
@ -90,6 +90,9 @@ var (
|
|||
// sort the issues by severity
|
||||
flagSortIssues = flag.Bool("sort", true, "Sort issues by severity")
|
||||
|
||||
// go build tags
|
||||
flagBuildTags = flag.String("tags", "", "Comma separated list of build tags")
|
||||
|
||||
logger *log.Logger
|
||||
)
|
||||
|
||||
|
@ -313,7 +316,11 @@ func main() {
|
|||
packages = append(packages, resolvePackage(pkg, gopaths))
|
||||
}
|
||||
|
||||
if err := analyzer.Process(packages...); err != nil {
|
||||
var buildTags []string
|
||||
if *flagBuildTags != "" {
|
||||
buildTags = strings.Split(*flagBuildTags, ",")
|
||||
}
|
||||
if err := analyzer.Process(buildTags, packages...); err != nil {
|
||||
logger.Fatal(err)
|
||||
}
|
||||
|
||||
|
|
|
@ -15,10 +15,11 @@ import (
|
|||
var _ = Describe("gas rules", func() {
|
||||
|
||||
var (
|
||||
logger *log.Logger
|
||||
config gas.Config
|
||||
analyzer *gas.Analyzer
|
||||
runner func(string, []testutils.CodeSample)
|
||||
logger *log.Logger
|
||||
config gas.Config
|
||||
analyzer *gas.Analyzer
|
||||
runner func(string, []testutils.CodeSample)
|
||||
buildTags []string
|
||||
)
|
||||
|
||||
BeforeEach(func() {
|
||||
|
@ -34,7 +35,7 @@ var _ = Describe("gas rules", func() {
|
|||
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
||||
err := pkg.Build()
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
err = analyzer.Process(pkg.Path)
|
||||
err = analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
issues, _ := analyzer.Report()
|
||||
if len(issues) != sample.Errors {
|
||||
|
|
|
@ -720,5 +720,13 @@ import (
|
|||
)
|
||||
func main() {
|
||||
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
|
||||
}`, 1}}
|
||||
// SampleCode601 - Go build tags
|
||||
SampleCode601 = []CodeSample{{`
|
||||
// +build test
|
||||
|
||||
package main
|
||||
func main() {
|
||||
fmt.Println("no package imported error")
|
||||
}`, 1}}
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue