mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Fix some linting warnings
This commit is contained in:
parent
83fc5e63fa
commit
6a73248135
26 changed files with 58 additions and 60 deletions
|
@ -182,7 +182,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCallStringArgsValues returns the values of strings arguments if they can be resolved
|
// GetCallStringArgsValues returns the values of strings arguments if they can be resolved
|
||||||
func GetCallStringArgsValues(n ast.Node, ctx *Context) []string {
|
func GetCallStringArgsValues(n ast.Node, _ *Context) []string {
|
||||||
values := []string{}
|
values := []string{}
|
||||||
switch node := n.(type) {
|
switch node := n.(type) {
|
||||||
case *ast.CallExpr:
|
case *ast.CallExpr:
|
||||||
|
|
|
@ -51,9 +51,7 @@ func (t *ImportTracker) TrackPackages(pkgs ...*types.Package) {
|
||||||
func (t *ImportTracker) TrackImport(imported *ast.ImportSpec) {
|
func (t *ImportTracker) TrackImport(imported *ast.ImportSpec) {
|
||||||
importPath := strings.Trim(imported.Path.Value, `"`)
|
importPath := strings.Trim(imported.Path.Value, `"`)
|
||||||
if imported.Name != nil {
|
if imported.Name != nil {
|
||||||
if imported.Name.Name == "_" {
|
if imported.Name.Name != "_" {
|
||||||
// Initialization only import
|
|
||||||
} else {
|
|
||||||
// Aliased import
|
// Aliased import
|
||||||
t.Imported[importPath] = append(t.Imported[importPath], imported.Name.String())
|
t.Imported[importPath] = append(t.Imported[importPath], imported.Name.String())
|
||||||
}
|
}
|
||||||
|
|
|
@ -288,10 +288,10 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err := CreateReport(buf, "csv", false, []string{}, reportInfo)
|
err := CreateReport(buf, "csv", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n"
|
pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n"
|
||||||
|
@ -303,10 +303,10 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error).WithVersion("v2.7.0")
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, errors).WithVersion("v2.7.0")
|
||||||
err := CreateReport(buf, "xml", false, []string{}, reportInfo)
|
err := CreateReport(buf, "xml", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n > 1: testcode\n\n\n\nSummary:\n Gosec : v2.7.0\n Files : 0\n Lines : 0\n Nosec : 0\n Issues : 0\n\n"
|
pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n > 1: testcode\n\n\n\nSummary:\n Gosec : v2.7.0\n Files : 0\n Lines : 0\n Nosec : 0\n Issues : 0\n\n"
|
||||||
|
@ -318,7 +318,7 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
data := createReportInfo(rule, cwe)
|
data := createReportInfo(rule, cwe)
|
||||||
|
|
||||||
|
@ -327,7 +327,7 @@ var _ = Describe("Formatter", func() {
|
||||||
err := enc.Encode(data)
|
err := enc.Encode(data)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err = CreateReport(buf, "json", false, []string{}, reportInfo)
|
err = CreateReport(buf, "json", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
result := stripString(buf.String())
|
result := stripString(buf.String())
|
||||||
|
@ -339,7 +339,7 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
data := createReportInfo(rule, cwe)
|
data := createReportInfo(rule, cwe)
|
||||||
|
|
||||||
|
@ -348,7 +348,7 @@ var _ = Describe("Formatter", func() {
|
||||||
err := enc.Encode(data)
|
err := enc.Encode(data)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err = CreateReport(buf, "html", false, []string{}, reportInfo)
|
err = CreateReport(buf, "html", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
result := stripString(buf.String())
|
result := stripString(buf.String())
|
||||||
|
@ -360,7 +360,7 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
data := createReportInfo(rule, cwe)
|
data := createReportInfo(rule, cwe)
|
||||||
|
|
||||||
|
@ -369,7 +369,7 @@ var _ = Describe("Formatter", func() {
|
||||||
err := enc.Encode(data)
|
err := enc.Encode(data)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err = CreateReport(buf, "yaml", false, []string{}, reportInfo)
|
err = CreateReport(buf, "yaml", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
result := stripString(buf.String())
|
result := stripString(buf.String())
|
||||||
|
@ -381,7 +381,7 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
data := createReportInfo(rule, cwe)
|
data := createReportInfo(rule, cwe)
|
||||||
|
|
||||||
|
@ -390,7 +390,7 @@ var _ = Describe("Formatter", func() {
|
||||||
err := enc.Encode(data)
|
err := enc.Encode(data)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo)
|
err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID))
|
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID))
|
||||||
|
@ -402,7 +402,7 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
data := createReportInfo(rule, cwe)
|
data := createReportInfo(rule, cwe)
|
||||||
|
|
||||||
|
@ -411,7 +411,7 @@ var _ = Describe("Formatter", func() {
|
||||||
err := enc.Encode(data)
|
err := enc.Encode(data)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err = CreateReport(buf, "text", false, []string{}, reportInfo)
|
err = CreateReport(buf, "text", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID))
|
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID))
|
||||||
|
@ -423,9 +423,9 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo)
|
err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
|
||||||
|
@ -444,10 +444,10 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||||
err := CreateReport(buf, "golint", false, []string{}, reportInfo)
|
err := CreateReport(buf, "golint", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n"
|
pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n"
|
||||||
|
@ -459,10 +459,10 @@ var _ = Describe("Formatter", func() {
|
||||||
for _, rule := range grules {
|
for _, rule := range grules {
|
||||||
cwe := issue.GetCweByRule(rule)
|
cwe := issue.GetCweByRule(rule)
|
||||||
newissue := createIssue(rule, cwe)
|
newissue := createIssue(rule, cwe)
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error).WithVersion("v2.7.0")
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors).WithVersion("v2.7.0")
|
||||||
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
|
||||||
|
@ -502,8 +502,8 @@ var _ = Describe("Formatter", func() {
|
||||||
suppressedIssue.WithSuppressions(suppressions)
|
suppressedIssue.WithSuppressions(suppressions)
|
||||||
|
|
||||||
It("text formatted report should contain the suppressed issues", func() {
|
It("text formatted report should contain the suppressed issues", func() {
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
err := CreateReport(buf, "text", false, []string{}, reportInfo)
|
err := CreateReport(buf, "text", false, []string{}, reportInfo)
|
||||||
|
@ -514,8 +514,8 @@ var _ = Describe("Formatter", func() {
|
||||||
})
|
})
|
||||||
|
|
||||||
It("sarif formatted report should contain the suppressed issues", func() {
|
It("sarif formatted report should contain the suppressed issues", func() {
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
||||||
|
@ -526,8 +526,8 @@ var _ = Describe("Formatter", func() {
|
||||||
})
|
})
|
||||||
|
|
||||||
It("json formatted report should contain the suppressed issues", func() {
|
It("json formatted report should contain the suppressed issues", func() {
|
||||||
error := map[string][]gosec.Error{}
|
errors := map[string][]gosec.Error{}
|
||||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
err := CreateReport(buf, "json", false, []string{}, reportInfo)
|
err := CreateReport(buf, "json", false, []string{}, reportInfo)
|
||||||
|
|
|
@ -66,7 +66,7 @@ func resolveBinExpr(n *ast.BinaryExpr, c *Context) bool {
|
||||||
return (TryResolve(n.X, c) && TryResolve(n.Y, c))
|
return (TryResolve(n.X, c) && TryResolve(n.Y, c))
|
||||||
}
|
}
|
||||||
|
|
||||||
func resolveCallExpr(n *ast.CallExpr, c *Context) bool {
|
func resolveCallExpr(_ *ast.CallExpr, _ *Context) bool {
|
||||||
// TODO(tkelsey): next step, full function resolution
|
// TODO(tkelsey): next step, full function resolution
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,7 +49,7 @@ func (a *archive) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives
|
// NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives
|
||||||
func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewArchive(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("path/filepath", "Join")
|
calls.Add("path/filepath", "Join")
|
||||||
calls.Add("path", "Join")
|
calls.Add("path", "Join")
|
||||||
|
|
|
@ -67,7 +67,7 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*issu
|
||||||
|
|
||||||
// NewBindsToAllNetworkInterfaces detects socket connections that are setup to
|
// NewBindsToAllNetworkInterfaces detects socket connections that are setup to
|
||||||
// listen on all network interfaces.
|
// listen on all network interfaces.
|
||||||
func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewBindsToAllNetworkInterfaces(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("net", "Listen")
|
calls.Add("net", "Listen")
|
||||||
calls.Add("crypto/tls", "Listen")
|
calls.Add("crypto/tls", "Listen")
|
||||||
|
|
|
@ -28,9 +28,9 @@ type blocklistedImport struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func unquote(original string) string {
|
func unquote(original string) string {
|
||||||
copy := strings.TrimSpace(original)
|
cleaned := strings.TrimSpace(original)
|
||||||
copy = strings.TrimLeft(copy, `"`)
|
cleaned = strings.TrimLeft(cleaned, `"`)
|
||||||
return strings.TrimRight(copy, `"`)
|
return strings.TrimRight(cleaned, `"`)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *blocklistedImport) ID() string {
|
func (r *blocklistedImport) ID() string {
|
||||||
|
@ -48,7 +48,7 @@ func (r *blocklistedImport) Match(n ast.Node, c *gosec.Context) (*issue.Issue, e
|
||||||
|
|
||||||
// NewBlocklistedImports reports when a blocklisted import is being used.
|
// NewBlocklistedImports reports when a blocklisted import is being used.
|
||||||
// Typically when a deprecated technology is being used.
|
// Typically when a deprecated technology is being used.
|
||||||
func NewBlocklistedImports(id string, conf gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
|
func NewBlocklistedImports(id string, _ gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
|
||||||
return &blocklistedImport{
|
return &blocklistedImport{
|
||||||
MetaData: issue.MetaData{
|
MetaData: issue.MetaData{
|
||||||
ID: id,
|
ID: id,
|
||||||
|
|
|
@ -83,7 +83,7 @@ func (d *decompressionBombCheck) Match(node ast.Node, ctx *gosec.Context) (*issu
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb
|
// NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb
|
||||||
func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewDecompressionBombCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
readerCalls := gosec.NewCallList()
|
readerCalls := gosec.NewCallList()
|
||||||
readerCalls.Add("compress/gzip", "NewReader")
|
readerCalls.Add("compress/gzip", "NewReader")
|
||||||
readerCalls.AddAll("compress/zlib", "NewReader", "NewReaderDict")
|
readerCalls.AddAll("compress/zlib", "NewReader", "NewReaderDict")
|
||||||
|
|
|
@ -30,8 +30,8 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*is
|
||||||
if basiclit, ok1 := i.(*ast.BasicLit); ok1 {
|
if basiclit, ok1 := i.(*ast.BasicLit); ok1 {
|
||||||
if fun, ok2 := assign.Fun.(*ast.SelectorExpr); ok2 {
|
if fun, ok2 := assign.Fun.(*ast.SelectorExpr); ok2 {
|
||||||
if x, ok3 := fun.X.(*ast.Ident); ok3 {
|
if x, ok3 := fun.X.(*ast.Ident); ok3 {
|
||||||
string := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
|
str := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
|
||||||
if r.pattern.MatchString(string) {
|
if r.pattern.MatchString(str) {
|
||||||
return ctx.NewIssue(assign, r.ID(), r.What, r.Severity, r.Confidence), nil
|
return ctx.NewIssue(assign, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,7 +25,7 @@ func (r *httpServeWithoutTimeouts) Match(n ast.Node, c *gosec.Context) (gi *issu
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts.
|
// NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts.
|
||||||
func NewHTTPServeWithoutTimeouts(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewHTTPServeWithoutTimeouts(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &httpServeWithoutTimeouts{
|
return &httpServeWithoutTimeouts{
|
||||||
pkg: "net/http",
|
pkg: "net/http",
|
||||||
calls: []string{"ListenAndServe", "ListenAndServeTLS", "Serve", "ServeTLS"},
|
calls: []string{"ListenAndServe", "ListenAndServeTLS", "Serve", "ServeTLS"},
|
||||||
|
|
|
@ -90,7 +90,7 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...}
|
// NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...}
|
||||||
func NewImplicitAliasing(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewImplicitAliasing(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &implicitAliasing{
|
return &implicitAliasing{
|
||||||
aliases: make(map[*ast.Object]struct{}),
|
aliases: make(map[*ast.Object]struct{}),
|
||||||
rightBrace: token.NoPos,
|
rightBrace: token.NoPos,
|
||||||
|
|
|
@ -75,7 +75,7 @@ func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*issue.
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewIntegerOverflowCheck detects if there is potential Integer OverFlow
|
// NewIntegerOverflowCheck detects if there is potential Integer OverFlow
|
||||||
func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewIntegerOverflowCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("strconv", "Atoi")
|
calls.Add("strconv", "Atoi")
|
||||||
return &integerOverflowCheck{
|
return &integerOverflowCheck{
|
||||||
|
|
|
@ -29,7 +29,7 @@ func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewPprofCheck detects when the profiling endpoint is automatically exposed
|
// NewPprofCheck detects when the profiling endpoint is automatically exposed
|
||||||
func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewPprofCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &pprofCheck{
|
return &pprofCheck{
|
||||||
MetaData: issue.MetaData{
|
MetaData: issue.MetaData{
|
||||||
ID: id,
|
ID: id,
|
||||||
|
|
|
@ -42,7 +42,7 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
|
// NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
|
||||||
func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewWeakRandCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &weakRand{
|
return &weakRand{
|
||||||
funcNames: []string{
|
funcNames: []string{
|
||||||
"New", "Read", "Float32", "Float64", "Int", "Int31",
|
"New", "Read", "Float32", "Float64", "Int", "Int31",
|
||||||
|
|
|
@ -126,7 +126,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewReadFile detects cases where we read files
|
// NewReadFile detects cases where we read files
|
||||||
func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewReadFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule := &readfile{
|
rule := &readfile{
|
||||||
pathJoin: gosec.NewCallList(),
|
pathJoin: gosec.NewCallList(),
|
||||||
clean: gosec.NewCallList(),
|
clean: gosec.NewCallList(),
|
||||||
|
|
|
@ -42,7 +42,7 @@ func (w *weakKeyStrength) Match(n ast.Node, c *gosec.Context) (*issue.Issue, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
|
// NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
|
||||||
func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewWeakKeyStrength(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("crypto/rsa", "GenerateKey")
|
calls.Add("crypto/rsa", "GenerateKey")
|
||||||
bits := 2048
|
bits := 2048
|
||||||
|
|
|
@ -59,7 +59,7 @@ func (r *slowloris) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured.
|
// NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured.
|
||||||
func NewSlowloris(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSlowloris(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &slowloris{
|
return &slowloris{
|
||||||
MetaData: issue.MetaData{
|
MetaData: issue.MetaData{
|
||||||
ID: id,
|
ID: id,
|
||||||
|
|
|
@ -161,7 +161,7 @@ func (s *sqlStrConcat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSQLStrConcat looks for cases where we are building SQL strings via concatenation
|
// NewSQLStrConcat looks for cases where we are building SQL strings via concatenation
|
||||||
func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSQLStrConcat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule := &sqlStrConcat{
|
rule := &sqlStrConcat{
|
||||||
sqlStatement: sqlStatement{
|
sqlStatement: sqlStatement{
|
||||||
patterns: []*regexp.Regexp{
|
patterns: []*regexp.Regexp{
|
||||||
|
@ -324,7 +324,7 @@ func (s *sqlStrFormat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSQLStrFormat looks for cases where we're building SQL query strings using format strings
|
// NewSQLStrFormat looks for cases where we're building SQL query strings using format strings
|
||||||
func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSQLStrFormat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule := &sqlStrFormat{
|
rule := &sqlStrFormat{
|
||||||
CallList: gosec.NewCallList(),
|
CallList: gosec.NewCallList(),
|
||||||
fmtCalls: gosec.NewCallList(),
|
fmtCalls: gosec.NewCallList(),
|
||||||
|
|
|
@ -25,7 +25,7 @@ func (r *sshHostKey) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err e
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.
|
// NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.
|
||||||
func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSSHHostKey(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &sshHostKey{
|
return &sshHostKey{
|
||||||
pkg: "golang.org/x/crypto/ssh",
|
pkg: "golang.org/x/crypto/ssh",
|
||||||
calls: []string{"InsecureIgnoreHostKey"},
|
calls: []string{"InsecureIgnoreHostKey"},
|
||||||
|
|
|
@ -52,7 +52,7 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSSRFCheck detects cases where HTTP requests are sent
|
// NewSSRFCheck detects cases where HTTP requests are sent
|
||||||
func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSSRFCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule := &ssrf{
|
rule := &ssrf{
|
||||||
CallList: gosec.NewCallList(),
|
CallList: gosec.NewCallList(),
|
||||||
MetaData: issue.MetaData{
|
MetaData: issue.MetaData{
|
||||||
|
|
|
@ -110,7 +110,7 @@ func (r *subprocess) isContext(n ast.Node, ctx *gosec.Context) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSubproc detects cases where we are forking out to an external process
|
// NewSubproc detects cases where we are forking out to an external process
|
||||||
func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewSubproc(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule := &subprocess{issue.MetaData{ID: id}, gosec.NewCallList()}
|
rule := &subprocess{issue.MetaData{ID: id}, gosec.NewCallList()}
|
||||||
rule.Add("os/exec", "Command")
|
rule.Add("os/exec", "Command")
|
||||||
rule.Add("os/exec", "CommandContext")
|
rule.Add("os/exec", "CommandContext")
|
||||||
|
|
|
@ -64,7 +64,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewBadTempFile detects direct writes to predictable path in temporary directory
|
// NewBadTempFile detects direct writes to predictable path in temporary directory
|
||||||
func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewBadTempFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("io/ioutil", "WriteFile")
|
calls.Add("io/ioutil", "WriteFile")
|
||||||
calls.AddAll("os", "Create", "WriteFile")
|
calls.AddAll("os", "Create", "WriteFile")
|
||||||
|
|
|
@ -43,7 +43,7 @@ func (t *templateCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error
|
||||||
|
|
||||||
// NewTemplateCheck constructs the template check rule. This rule is used to
|
// NewTemplateCheck constructs the template check rule. This rule is used to
|
||||||
// find use of templates where HTML/JS escaping is not being used
|
// find use of templates where HTML/JS escaping is not being used
|
||||||
func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewTemplateCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := gosec.NewCallList()
|
calls := gosec.NewCallList()
|
||||||
calls.Add("html/template", "HTML")
|
calls.Add("html/template", "HTML")
|
||||||
calls.Add("html/template", "HTMLAttr")
|
calls.Add("html/template", "HTMLAttr")
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
|
|
||||||
// NewModernTLSCheck creates a check for Modern TLS ciphers
|
// NewModernTLSCheck creates a check for Modern TLS ciphers
|
||||||
// DO NOT EDIT - generated by tlsconfig tool
|
// DO NOT EDIT - generated by tlsconfig tool
|
||||||
func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewModernTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &insecureConfigTLS{
|
return &insecureConfigTLS{
|
||||||
MetaData: issue.MetaData{ID: id},
|
MetaData: issue.MetaData{ID: id},
|
||||||
requiredType: "crypto/tls.Config",
|
requiredType: "crypto/tls.Config",
|
||||||
|
@ -25,7 +25,7 @@ func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
|
|
||||||
// NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers
|
// NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers
|
||||||
// DO NOT EDIT - generated by tlsconfig tool
|
// DO NOT EDIT - generated by tlsconfig tool
|
||||||
func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewIntermediateTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &insecureConfigTLS{
|
return &insecureConfigTLS{
|
||||||
MetaData: issue.MetaData{ID: id},
|
MetaData: issue.MetaData{ID: id},
|
||||||
requiredType: "crypto/tls.Config",
|
requiredType: "crypto/tls.Config",
|
||||||
|
@ -51,7 +51,7 @@ func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.No
|
||||||
|
|
||||||
// NewOldTLSCheck creates a check for Old TLS ciphers
|
// NewOldTLSCheck creates a check for Old TLS ciphers
|
||||||
// DO NOT EDIT - generated by tlsconfig tool
|
// DO NOT EDIT - generated by tlsconfig tool
|
||||||
func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewOldTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &insecureConfigTLS{
|
return &insecureConfigTLS{
|
||||||
MetaData: issue.MetaData{ID: id},
|
MetaData: issue.MetaData{ID: id},
|
||||||
requiredType: "crypto/tls.Config",
|
requiredType: "crypto/tls.Config",
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (r *usingUnsafe) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err
|
||||||
|
|
||||||
// NewUsingUnsafe rule detects the use of the unsafe package. This is only
|
// NewUsingUnsafe rule detects the use of the unsafe package. This is only
|
||||||
// really useful for auditing purposes.
|
// really useful for auditing purposes.
|
||||||
func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewUsingUnsafe(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
return &usingUnsafe{
|
return &usingUnsafe{
|
||||||
pkg: "unsafe",
|
pkg: "unsafe",
|
||||||
calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"},
|
calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"},
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (r *usesWeakCryptography) Match(n ast.Node, c *gosec.Context) (*issue.Issue
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*
|
// NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*
|
||||||
func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
func NewUsesWeakCryptography(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
calls := make(map[string][]string)
|
calls := make(map[string][]string)
|
||||||
calls["crypto/des"] = []string{"NewCipher", "NewTripleDESCipher"}
|
calls["crypto/des"] = []string{"NewCipher", "NewTripleDESCipher"}
|
||||||
calls["crypto/md5"] = []string{"New", "Sum"}
|
calls["crypto/md5"] = []string{"New", "Sum"}
|
||||||
|
|
Loading…
Reference in a new issue