From 6a73248135338113ba53b8923a12598773fb6cbc Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Mon, 20 Mar 2023 10:08:49 +0100 Subject: [PATCH] Fix some linting warnings --- helpers.go | 2 +- import_tracker.go | 4 +-- report/formatter_test.go | 52 ++++++++++++++++++------------------ resolve.go | 2 +- rules/archive.go | 2 +- rules/bind.go | 2 +- rules/blocklist.go | 8 +++--- rules/decompression-bomb.go | 2 +- rules/directory-traversal.go | 4 +-- rules/http_serve.go | 2 +- rules/implicit_aliasing.go | 2 +- rules/integer_overflow.go | 2 +- rules/pprof.go | 2 +- rules/rand.go | 2 +- rules/readfile.go | 2 +- rules/rsa.go | 2 +- rules/slowloris.go | 2 +- rules/sql.go | 4 +-- rules/ssh.go | 2 +- rules/ssrf.go | 2 +- rules/subproc.go | 2 +- rules/tempfiles.go | 2 +- rules/templates.go | 2 +- rules/tls_config.go | 6 ++--- rules/unsafe.go | 2 +- rules/weakcrypto.go | 2 +- 26 files changed, 58 insertions(+), 60 deletions(-) diff --git a/helpers.go b/helpers.go index 62ede05..08b7893 100644 --- a/helpers.go +++ b/helpers.go @@ -182,7 +182,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) { } // GetCallStringArgsValues returns the values of strings arguments if they can be resolved -func GetCallStringArgsValues(n ast.Node, ctx *Context) []string { +func GetCallStringArgsValues(n ast.Node, _ *Context) []string { values := []string{} switch node := n.(type) { case *ast.CallExpr: diff --git a/import_tracker.go b/import_tracker.go index 30e7c00..7984e99 100644 --- a/import_tracker.go +++ b/import_tracker.go @@ -51,9 +51,7 @@ func (t *ImportTracker) TrackPackages(pkgs ...*types.Package) { func (t *ImportTracker) TrackImport(imported *ast.ImportSpec) { importPath := strings.Trim(imported.Path.Value, `"`) if imported.Name != nil { - if imported.Name.Name == "_" { - // Initialization only import - } else { + if imported.Name.Name != "_" { // Aliased import t.Imported[importPath] = append(t.Imported[importPath], imported.Name.String()) } diff --git a/report/formatter_test.go b/report/formatter_test.go index 36c337c..0688d1a 100644 --- a/report/formatter_test.go +++ b/report/formatter_test.go @@ -288,10 +288,10 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err := CreateReport(buf, "csv", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n" @@ -303,10 +303,10 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error).WithVersion("v2.7.0") + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, errors).WithVersion("v2.7.0") err := CreateReport(buf, "xml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n > 1: testcode\n\n\n\nSummary:\n Gosec : v2.7.0\n Files : 0\n Lines : 0\n Nosec : 0\n Issues : 0\n\n" @@ -318,7 +318,7 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} data := createReportInfo(rule, cwe) @@ -327,7 +327,7 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err = CreateReport(buf, "json", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) @@ -339,7 +339,7 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} data := createReportInfo(rule, cwe) @@ -348,7 +348,7 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err = CreateReport(buf, "html", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) @@ -360,7 +360,7 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} data := createReportInfo(rule, cwe) @@ -369,7 +369,7 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err = CreateReport(buf, "yaml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) @@ -381,7 +381,7 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} data := createReportInfo(rule, cwe) @@ -390,7 +390,7 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID)) @@ -402,7 +402,7 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} data := createReportInfo(rule, cwe) @@ -411,7 +411,7 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err = CreateReport(buf, "text", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID)) @@ -423,9 +423,9 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) @@ -444,10 +444,10 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors) err := CreateReport(buf, "golint", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n" @@ -459,10 +459,10 @@ var _ = Describe("Formatter", func() { for _, rule := range grules { cwe := issue.GetCweByRule(rule) newissue := createIssue(rule, cwe) - error := map[string][]gosec.Error{} + errors := map[string][]gosec.Error{} buf := new(bytes.Buffer) - reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error).WithVersion("v2.7.0") + reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors).WithVersion("v2.7.0") err := CreateReport(buf, "sarif", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) @@ -502,8 +502,8 @@ var _ = Describe("Formatter", func() { suppressedIssue.WithSuppressions(suppressions) It("text formatted report should contain the suppressed issues", func() { - error := map[string][]gosec.Error{} - reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error) + errors := map[string][]gosec.Error{} + reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors) buf := new(bytes.Buffer) err := CreateReport(buf, "text", false, []string{}, reportInfo) @@ -514,8 +514,8 @@ var _ = Describe("Formatter", func() { }) It("sarif formatted report should contain the suppressed issues", func() { - error := map[string][]gosec.Error{} - reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error) + errors := map[string][]gosec.Error{} + reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors) buf := new(bytes.Buffer) err := CreateReport(buf, "sarif", false, []string{}, reportInfo) @@ -526,8 +526,8 @@ var _ = Describe("Formatter", func() { }) It("json formatted report should contain the suppressed issues", func() { - error := map[string][]gosec.Error{} - reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error) + errors := map[string][]gosec.Error{} + reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors) buf := new(bytes.Buffer) err := CreateReport(buf, "json", false, []string{}, reportInfo) diff --git a/resolve.go b/resolve.go index cdc287e..a201b8d 100644 --- a/resolve.go +++ b/resolve.go @@ -66,7 +66,7 @@ func resolveBinExpr(n *ast.BinaryExpr, c *Context) bool { return (TryResolve(n.X, c) && TryResolve(n.Y, c)) } -func resolveCallExpr(n *ast.CallExpr, c *Context) bool { +func resolveCallExpr(_ *ast.CallExpr, _ *Context) bool { // TODO(tkelsey): next step, full function resolution return false } diff --git a/rules/archive.go b/rules/archive.go index 509f818..9870474 100644 --- a/rules/archive.go +++ b/rules/archive.go @@ -49,7 +49,7 @@ func (a *archive) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) { } // NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives -func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewArchive(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("path/filepath", "Join") calls.Add("path", "Join") diff --git a/rules/bind.go b/rules/bind.go index 7d64dcb..fef760c 100644 --- a/rules/bind.go +++ b/rules/bind.go @@ -67,7 +67,7 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*issu // NewBindsToAllNetworkInterfaces detects socket connections that are setup to // listen on all network interfaces. -func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewBindsToAllNetworkInterfaces(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("net", "Listen") calls.Add("crypto/tls", "Listen") diff --git a/rules/blocklist.go b/rules/blocklist.go index 003361c..5e03cf7 100644 --- a/rules/blocklist.go +++ b/rules/blocklist.go @@ -28,9 +28,9 @@ type blocklistedImport struct { } func unquote(original string) string { - copy := strings.TrimSpace(original) - copy = strings.TrimLeft(copy, `"`) - return strings.TrimRight(copy, `"`) + cleaned := strings.TrimSpace(original) + cleaned = strings.TrimLeft(cleaned, `"`) + return strings.TrimRight(cleaned, `"`) } func (r *blocklistedImport) ID() string { @@ -48,7 +48,7 @@ func (r *blocklistedImport) Match(n ast.Node, c *gosec.Context) (*issue.Issue, e // NewBlocklistedImports reports when a blocklisted import is being used. // Typically when a deprecated technology is being used. -func NewBlocklistedImports(id string, conf gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) { +func NewBlocklistedImports(id string, _ gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) { return &blocklistedImport{ MetaData: issue.MetaData{ ID: id, diff --git a/rules/decompression-bomb.go b/rules/decompression-bomb.go index 4c1ef1d..7e57f1a 100644 --- a/rules/decompression-bomb.go +++ b/rules/decompression-bomb.go @@ -83,7 +83,7 @@ func (d *decompressionBombCheck) Match(node ast.Node, ctx *gosec.Context) (*issu } // NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb -func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewDecompressionBombCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { readerCalls := gosec.NewCallList() readerCalls.Add("compress/gzip", "NewReader") readerCalls.AddAll("compress/zlib", "NewReader", "NewReaderDict") diff --git a/rules/directory-traversal.go b/rules/directory-traversal.go index 77b85f9..47bcb2d 100644 --- a/rules/directory-traversal.go +++ b/rules/directory-traversal.go @@ -30,8 +30,8 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*is if basiclit, ok1 := i.(*ast.BasicLit); ok1 { if fun, ok2 := assign.Fun.(*ast.SelectorExpr); ok2 { if x, ok3 := fun.X.(*ast.Ident); ok3 { - string := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")" - if r.pattern.MatchString(string) { + str := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")" + if r.pattern.MatchString(str) { return ctx.NewIssue(assign, r.ID(), r.What, r.Severity, r.Confidence), nil } } diff --git a/rules/http_serve.go b/rules/http_serve.go index b94b914..525ed4e 100644 --- a/rules/http_serve.go +++ b/rules/http_serve.go @@ -25,7 +25,7 @@ func (r *httpServeWithoutTimeouts) Match(n ast.Node, c *gosec.Context) (gi *issu } // NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts. -func NewHTTPServeWithoutTimeouts(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewHTTPServeWithoutTimeouts(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &httpServeWithoutTimeouts{ pkg: "net/http", calls: []string{"ListenAndServe", "ListenAndServeTLS", "Serve", "ServeTLS"}, diff --git a/rules/implicit_aliasing.go b/rules/implicit_aliasing.go index d45c94f..70678e2 100644 --- a/rules/implicit_aliasing.go +++ b/rules/implicit_aliasing.go @@ -90,7 +90,7 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er } // NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...} -func NewImplicitAliasing(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewImplicitAliasing(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &implicitAliasing{ aliases: make(map[*ast.Object]struct{}), rightBrace: token.NoPos, diff --git a/rules/integer_overflow.go b/rules/integer_overflow.go index 71ffdc0..1d57906 100644 --- a/rules/integer_overflow.go +++ b/rules/integer_overflow.go @@ -75,7 +75,7 @@ func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*issue. } // NewIntegerOverflowCheck detects if there is potential Integer OverFlow -func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewIntegerOverflowCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("strconv", "Atoi") return &integerOverflowCheck{ diff --git a/rules/pprof.go b/rules/pprof.go index 8995fc6..68498dd 100644 --- a/rules/pprof.go +++ b/rules/pprof.go @@ -29,7 +29,7 @@ func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) { } // NewPprofCheck detects when the profiling endpoint is automatically exposed -func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewPprofCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &pprofCheck{ MetaData: issue.MetaData{ ID: id, diff --git a/rules/rand.go b/rules/rand.go index 8f9bd3b..4491fd9 100644 --- a/rules/rand.go +++ b/rules/rand.go @@ -42,7 +42,7 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) { } // NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure -func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewWeakRandCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &weakRand{ funcNames: []string{ "New", "Read", "Float32", "Float64", "Int", "Int31", diff --git a/rules/readfile.go b/rules/readfile.go index 5a5f90b..7ef4bba 100644 --- a/rules/readfile.go +++ b/rules/readfile.go @@ -126,7 +126,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) { } // NewReadFile detects cases where we read files -func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewReadFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { rule := &readfile{ pathJoin: gosec.NewCallList(), clean: gosec.NewCallList(), diff --git a/rules/rsa.go b/rules/rsa.go index 62e3e62..331e7fc 100644 --- a/rules/rsa.go +++ b/rules/rsa.go @@ -42,7 +42,7 @@ func (w *weakKeyStrength) Match(n ast.Node, c *gosec.Context) (*issue.Issue, err } // NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits -func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewWeakKeyStrength(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("crypto/rsa", "GenerateKey") bits := 2048 diff --git a/rules/slowloris.go b/rules/slowloris.go index f67b58a..70db73f 100644 --- a/rules/slowloris.go +++ b/rules/slowloris.go @@ -59,7 +59,7 @@ func (r *slowloris) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error) } // NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured. -func NewSlowloris(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSlowloris(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &slowloris{ MetaData: issue.MetaData{ ID: id, diff --git a/rules/sql.go b/rules/sql.go index 5d15872..4085b5d 100644 --- a/rules/sql.go +++ b/rules/sql.go @@ -161,7 +161,7 @@ func (s *sqlStrConcat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro } // NewSQLStrConcat looks for cases where we are building SQL strings via concatenation -func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSQLStrConcat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { rule := &sqlStrConcat{ sqlStatement: sqlStatement{ patterns: []*regexp.Regexp{ @@ -324,7 +324,7 @@ func (s *sqlStrFormat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro } // NewSQLStrFormat looks for cases where we're building SQL query strings using format strings -func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSQLStrFormat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { rule := &sqlStrFormat{ CallList: gosec.NewCallList(), fmtCalls: gosec.NewCallList(), diff --git a/rules/ssh.go b/rules/ssh.go index 17dfa80..e2ba5a3 100644 --- a/rules/ssh.go +++ b/rules/ssh.go @@ -25,7 +25,7 @@ func (r *sshHostKey) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err e } // NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback. -func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSSHHostKey(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &sshHostKey{ pkg: "golang.org/x/crypto/ssh", calls: []string{"InsecureIgnoreHostKey"}, diff --git a/rules/ssrf.go b/rules/ssrf.go index 9cba2a6..dbf0108 100644 --- a/rules/ssrf.go +++ b/rules/ssrf.go @@ -52,7 +52,7 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) { } // NewSSRFCheck detects cases where HTTP requests are sent -func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSSRFCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { rule := &ssrf{ CallList: gosec.NewCallList(), MetaData: issue.MetaData{ diff --git a/rules/subproc.go b/rules/subproc.go index 5f96a73..ea50d69 100644 --- a/rules/subproc.go +++ b/rules/subproc.go @@ -110,7 +110,7 @@ func (r *subprocess) isContext(n ast.Node, ctx *gosec.Context) bool { } // NewSubproc detects cases where we are forking out to an external process -func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewSubproc(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { rule := &subprocess{issue.MetaData{ID: id}, gosec.NewCallList()} rule.Add("os/exec", "Command") rule.Add("os/exec", "CommandContext") diff --git a/rules/tempfiles.go b/rules/tempfiles.go index bdeabcd..6fef52a 100644 --- a/rules/tempfiles.go +++ b/rules/tempfiles.go @@ -64,7 +64,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err } // NewBadTempFile detects direct writes to predictable path in temporary directory -func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewBadTempFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("io/ioutil", "WriteFile") calls.AddAll("os", "Create", "WriteFile") diff --git a/rules/templates.go b/rules/templates.go index 8836312..728766f 100644 --- a/rules/templates.go +++ b/rules/templates.go @@ -43,7 +43,7 @@ func (t *templateCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error // NewTemplateCheck constructs the template check rule. This rule is used to // find use of templates where HTML/JS escaping is not being used -func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewTemplateCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("html/template", "HTML") calls.Add("html/template", "HTMLAttr") diff --git a/rules/tls_config.go b/rules/tls_config.go index 8a25518..cbbdf79 100644 --- a/rules/tls_config.go +++ b/rules/tls_config.go @@ -9,7 +9,7 @@ import ( // NewModernTLSCheck creates a check for Modern TLS ciphers // DO NOT EDIT - generated by tlsconfig tool -func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewModernTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &insecureConfigTLS{ MetaData: issue.MetaData{ID: id}, requiredType: "crypto/tls.Config", @@ -25,7 +25,7 @@ func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { // NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers // DO NOT EDIT - generated by tlsconfig tool -func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewIntermediateTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &insecureConfigTLS{ MetaData: issue.MetaData{ID: id}, requiredType: "crypto/tls.Config", @@ -51,7 +51,7 @@ func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.No // NewOldTLSCheck creates a check for Old TLS ciphers // DO NOT EDIT - generated by tlsconfig tool -func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewOldTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &insecureConfigTLS{ MetaData: issue.MetaData{ID: id}, requiredType: "crypto/tls.Config", diff --git a/rules/unsafe.go b/rules/unsafe.go index 133ba1e..e1e8d02 100644 --- a/rules/unsafe.go +++ b/rules/unsafe.go @@ -40,7 +40,7 @@ func (r *usingUnsafe) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err // NewUsingUnsafe rule detects the use of the unsafe package. This is only // really useful for auditing purposes. -func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewUsingUnsafe(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { return &usingUnsafe{ pkg: "unsafe", calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"}, diff --git a/rules/weakcrypto.go b/rules/weakcrypto.go index d6910db..4f2ab11 100644 --- a/rules/weakcrypto.go +++ b/rules/weakcrypto.go @@ -40,7 +40,7 @@ func (r *usesWeakCryptography) Match(n ast.Node, c *gosec.Context) (*issue.Issue } // NewUsesWeakCryptography detects uses of des.* md5.* or rc4.* -func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { +func NewUsesWeakCryptography(id string, _ gosec.Config) (gosec.Rule, []ast.Node) { calls := make(map[string][]string) calls["crypto/des"] = []string{"NewCipher", "NewTripleDESCipher"} calls["crypto/md5"] = []string{"New", "Sum"}