mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Fix some linting warnings
This commit is contained in:
parent
83fc5e63fa
commit
6a73248135
26 changed files with 58 additions and 60 deletions
|
@ -182,7 +182,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) {
|
|||
}
|
||||
|
||||
// GetCallStringArgsValues returns the values of strings arguments if they can be resolved
|
||||
func GetCallStringArgsValues(n ast.Node, ctx *Context) []string {
|
||||
func GetCallStringArgsValues(n ast.Node, _ *Context) []string {
|
||||
values := []string{}
|
||||
switch node := n.(type) {
|
||||
case *ast.CallExpr:
|
||||
|
|
|
@ -51,9 +51,7 @@ func (t *ImportTracker) TrackPackages(pkgs ...*types.Package) {
|
|||
func (t *ImportTracker) TrackImport(imported *ast.ImportSpec) {
|
||||
importPath := strings.Trim(imported.Path.Value, `"`)
|
||||
if imported.Name != nil {
|
||||
if imported.Name.Name == "_" {
|
||||
// Initialization only import
|
||||
} else {
|
||||
if imported.Name.Name != "_" {
|
||||
// Aliased import
|
||||
t.Imported[importPath] = append(t.Imported[importPath], imported.Name.String())
|
||||
}
|
||||
|
|
|
@ -288,10 +288,10 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err := CreateReport(buf, "csv", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n"
|
||||
|
@ -303,10 +303,10 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error).WithVersion("v2.7.0")
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, errors).WithVersion("v2.7.0")
|
||||
err := CreateReport(buf, "xml", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n > 1: testcode\n\n\n\nSummary:\n Gosec : v2.7.0\n Files : 0\n Lines : 0\n Nosec : 0\n Issues : 0\n\n"
|
||||
|
@ -318,7 +318,7 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
data := createReportInfo(rule, cwe)
|
||||
|
||||
|
@ -327,7 +327,7 @@ var _ = Describe("Formatter", func() {
|
|||
err := enc.Encode(data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err = CreateReport(buf, "json", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
result := stripString(buf.String())
|
||||
|
@ -339,7 +339,7 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
data := createReportInfo(rule, cwe)
|
||||
|
||||
|
@ -348,7 +348,7 @@ var _ = Describe("Formatter", func() {
|
|||
err := enc.Encode(data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err = CreateReport(buf, "html", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
result := stripString(buf.String())
|
||||
|
@ -360,7 +360,7 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
data := createReportInfo(rule, cwe)
|
||||
|
||||
|
@ -369,7 +369,7 @@ var _ = Describe("Formatter", func() {
|
|||
err := enc.Encode(data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err = CreateReport(buf, "yaml", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
result := stripString(buf.String())
|
||||
|
@ -381,7 +381,7 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
data := createReportInfo(rule, cwe)
|
||||
|
||||
|
@ -390,7 +390,7 @@ var _ = Describe("Formatter", func() {
|
|||
err := enc.Encode(data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID))
|
||||
|
@ -402,7 +402,7 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
data := createReportInfo(rule, cwe)
|
||||
|
||||
|
@ -411,7 +411,7 @@ var _ = Describe("Formatter", func() {
|
|||
err := enc.Encode(data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err = CreateReport(buf, "text", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID))
|
||||
|
@ -423,9 +423,9 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
|
||||
|
@ -444,10 +444,10 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
|
||||
err := CreateReport(buf, "golint", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n"
|
||||
|
@ -459,10 +459,10 @@ var _ = Describe("Formatter", func() {
|
|||
for _, rule := range grules {
|
||||
cwe := issue.GetCweByRule(rule)
|
||||
newissue := createIssue(rule, cwe)
|
||||
error := map[string][]gosec.Error{}
|
||||
errors := map[string][]gosec.Error{}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error).WithVersion("v2.7.0")
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors).WithVersion("v2.7.0")
|
||||
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
|
||||
|
@ -502,8 +502,8 @@ var _ = Describe("Formatter", func() {
|
|||
suppressedIssue.WithSuppressions(suppressions)
|
||||
|
||||
It("text formatted report should contain the suppressed issues", func() {
|
||||
error := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
||||
errors := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err := CreateReport(buf, "text", false, []string{}, reportInfo)
|
||||
|
@ -514,8 +514,8 @@ var _ = Describe("Formatter", func() {
|
|||
})
|
||||
|
||||
It("sarif formatted report should contain the suppressed issues", func() {
|
||||
error := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
||||
errors := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
|
||||
|
@ -526,8 +526,8 @@ var _ = Describe("Formatter", func() {
|
|||
})
|
||||
|
||||
It("json formatted report should contain the suppressed issues", func() {
|
||||
error := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
|
||||
errors := map[string][]gosec.Error{}
|
||||
reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err := CreateReport(buf, "json", false, []string{}, reportInfo)
|
||||
|
|
|
@ -66,7 +66,7 @@ func resolveBinExpr(n *ast.BinaryExpr, c *Context) bool {
|
|||
return (TryResolve(n.X, c) && TryResolve(n.Y, c))
|
||||
}
|
||||
|
||||
func resolveCallExpr(n *ast.CallExpr, c *Context) bool {
|
||||
func resolveCallExpr(_ *ast.CallExpr, _ *Context) bool {
|
||||
// TODO(tkelsey): next step, full function resolution
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -49,7 +49,7 @@ func (a *archive) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
|||
}
|
||||
|
||||
// NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives
|
||||
func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewArchive(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("path/filepath", "Join")
|
||||
calls.Add("path", "Join")
|
||||
|
|
|
@ -67,7 +67,7 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*issu
|
|||
|
||||
// NewBindsToAllNetworkInterfaces detects socket connections that are setup to
|
||||
// listen on all network interfaces.
|
||||
func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewBindsToAllNetworkInterfaces(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("net", "Listen")
|
||||
calls.Add("crypto/tls", "Listen")
|
||||
|
|
|
@ -28,9 +28,9 @@ type blocklistedImport struct {
|
|||
}
|
||||
|
||||
func unquote(original string) string {
|
||||
copy := strings.TrimSpace(original)
|
||||
copy = strings.TrimLeft(copy, `"`)
|
||||
return strings.TrimRight(copy, `"`)
|
||||
cleaned := strings.TrimSpace(original)
|
||||
cleaned = strings.TrimLeft(cleaned, `"`)
|
||||
return strings.TrimRight(cleaned, `"`)
|
||||
}
|
||||
|
||||
func (r *blocklistedImport) ID() string {
|
||||
|
@ -48,7 +48,7 @@ func (r *blocklistedImport) Match(n ast.Node, c *gosec.Context) (*issue.Issue, e
|
|||
|
||||
// NewBlocklistedImports reports when a blocklisted import is being used.
|
||||
// Typically when a deprecated technology is being used.
|
||||
func NewBlocklistedImports(id string, conf gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
|
||||
func NewBlocklistedImports(id string, _ gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
|
||||
return &blocklistedImport{
|
||||
MetaData: issue.MetaData{
|
||||
ID: id,
|
||||
|
|
|
@ -83,7 +83,7 @@ func (d *decompressionBombCheck) Match(node ast.Node, ctx *gosec.Context) (*issu
|
|||
}
|
||||
|
||||
// NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb
|
||||
func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewDecompressionBombCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
readerCalls := gosec.NewCallList()
|
||||
readerCalls.Add("compress/gzip", "NewReader")
|
||||
readerCalls.AddAll("compress/zlib", "NewReader", "NewReaderDict")
|
||||
|
|
|
@ -30,8 +30,8 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*is
|
|||
if basiclit, ok1 := i.(*ast.BasicLit); ok1 {
|
||||
if fun, ok2 := assign.Fun.(*ast.SelectorExpr); ok2 {
|
||||
if x, ok3 := fun.X.(*ast.Ident); ok3 {
|
||||
string := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
|
||||
if r.pattern.MatchString(string) {
|
||||
str := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
|
||||
if r.pattern.MatchString(str) {
|
||||
return ctx.NewIssue(assign, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ func (r *httpServeWithoutTimeouts) Match(n ast.Node, c *gosec.Context) (gi *issu
|
|||
}
|
||||
|
||||
// NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts.
|
||||
func NewHTTPServeWithoutTimeouts(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewHTTPServeWithoutTimeouts(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &httpServeWithoutTimeouts{
|
||||
pkg: "net/http",
|
||||
calls: []string{"ListenAndServe", "ListenAndServeTLS", "Serve", "ServeTLS"},
|
||||
|
|
|
@ -90,7 +90,7 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er
|
|||
}
|
||||
|
||||
// NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...}
|
||||
func NewImplicitAliasing(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewImplicitAliasing(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &implicitAliasing{
|
||||
aliases: make(map[*ast.Object]struct{}),
|
||||
rightBrace: token.NoPos,
|
||||
|
|
|
@ -75,7 +75,7 @@ func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*issue.
|
|||
}
|
||||
|
||||
// NewIntegerOverflowCheck detects if there is potential Integer OverFlow
|
||||
func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewIntegerOverflowCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("strconv", "Atoi")
|
||||
return &integerOverflowCheck{
|
||||
|
|
|
@ -29,7 +29,7 @@ func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
|||
}
|
||||
|
||||
// NewPprofCheck detects when the profiling endpoint is automatically exposed
|
||||
func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewPprofCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &pprofCheck{
|
||||
MetaData: issue.MetaData{
|
||||
ID: id,
|
||||
|
|
|
@ -42,7 +42,7 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
|||
}
|
||||
|
||||
// NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
|
||||
func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewWeakRandCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &weakRand{
|
||||
funcNames: []string{
|
||||
"New", "Read", "Float32", "Float64", "Int", "Int31",
|
||||
|
|
|
@ -126,7 +126,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
|||
}
|
||||
|
||||
// NewReadFile detects cases where we read files
|
||||
func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewReadFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
rule := &readfile{
|
||||
pathJoin: gosec.NewCallList(),
|
||||
clean: gosec.NewCallList(),
|
||||
|
|
|
@ -42,7 +42,7 @@ func (w *weakKeyStrength) Match(n ast.Node, c *gosec.Context) (*issue.Issue, err
|
|||
}
|
||||
|
||||
// NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
|
||||
func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewWeakKeyStrength(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("crypto/rsa", "GenerateKey")
|
||||
bits := 2048
|
||||
|
|
|
@ -59,7 +59,7 @@ func (r *slowloris) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error)
|
|||
}
|
||||
|
||||
// NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured.
|
||||
func NewSlowloris(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSlowloris(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &slowloris{
|
||||
MetaData: issue.MetaData{
|
||||
ID: id,
|
||||
|
|
|
@ -161,7 +161,7 @@ func (s *sqlStrConcat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
|
|||
}
|
||||
|
||||
// NewSQLStrConcat looks for cases where we are building SQL strings via concatenation
|
||||
func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSQLStrConcat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
rule := &sqlStrConcat{
|
||||
sqlStatement: sqlStatement{
|
||||
patterns: []*regexp.Regexp{
|
||||
|
@ -324,7 +324,7 @@ func (s *sqlStrFormat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
|
|||
}
|
||||
|
||||
// NewSQLStrFormat looks for cases where we're building SQL query strings using format strings
|
||||
func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSQLStrFormat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
rule := &sqlStrFormat{
|
||||
CallList: gosec.NewCallList(),
|
||||
fmtCalls: gosec.NewCallList(),
|
||||
|
|
|
@ -25,7 +25,7 @@ func (r *sshHostKey) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err e
|
|||
}
|
||||
|
||||
// NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.
|
||||
func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSSHHostKey(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &sshHostKey{
|
||||
pkg: "golang.org/x/crypto/ssh",
|
||||
calls: []string{"InsecureIgnoreHostKey"},
|
||||
|
|
|
@ -52,7 +52,7 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
|
|||
}
|
||||
|
||||
// NewSSRFCheck detects cases where HTTP requests are sent
|
||||
func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSSRFCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
rule := &ssrf{
|
||||
CallList: gosec.NewCallList(),
|
||||
MetaData: issue.MetaData{
|
||||
|
|
|
@ -110,7 +110,7 @@ func (r *subprocess) isContext(n ast.Node, ctx *gosec.Context) bool {
|
|||
}
|
||||
|
||||
// NewSubproc detects cases where we are forking out to an external process
|
||||
func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewSubproc(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
rule := &subprocess{issue.MetaData{ID: id}, gosec.NewCallList()}
|
||||
rule.Add("os/exec", "Command")
|
||||
rule.Add("os/exec", "CommandContext")
|
||||
|
|
|
@ -64,7 +64,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err
|
|||
}
|
||||
|
||||
// NewBadTempFile detects direct writes to predictable path in temporary directory
|
||||
func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewBadTempFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("io/ioutil", "WriteFile")
|
||||
calls.AddAll("os", "Create", "WriteFile")
|
||||
|
|
|
@ -43,7 +43,7 @@ func (t *templateCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error
|
|||
|
||||
// NewTemplateCheck constructs the template check rule. This rule is used to
|
||||
// find use of templates where HTML/JS escaping is not being used
|
||||
func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewTemplateCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := gosec.NewCallList()
|
||||
calls.Add("html/template", "HTML")
|
||||
calls.Add("html/template", "HTMLAttr")
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
|
||||
// NewModernTLSCheck creates a check for Modern TLS ciphers
|
||||
// DO NOT EDIT - generated by tlsconfig tool
|
||||
func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewModernTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &insecureConfigTLS{
|
||||
MetaData: issue.MetaData{ID: id},
|
||||
requiredType: "crypto/tls.Config",
|
||||
|
@ -25,7 +25,7 @@ func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
|
||||
// NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers
|
||||
// DO NOT EDIT - generated by tlsconfig tool
|
||||
func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewIntermediateTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &insecureConfigTLS{
|
||||
MetaData: issue.MetaData{ID: id},
|
||||
requiredType: "crypto/tls.Config",
|
||||
|
@ -51,7 +51,7 @@ func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.No
|
|||
|
||||
// NewOldTLSCheck creates a check for Old TLS ciphers
|
||||
// DO NOT EDIT - generated by tlsconfig tool
|
||||
func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewOldTLSCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &insecureConfigTLS{
|
||||
MetaData: issue.MetaData{ID: id},
|
||||
requiredType: "crypto/tls.Config",
|
||||
|
|
|
@ -40,7 +40,7 @@ func (r *usingUnsafe) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err
|
|||
|
||||
// NewUsingUnsafe rule detects the use of the unsafe package. This is only
|
||||
// really useful for auditing purposes.
|
||||
func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewUsingUnsafe(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &usingUnsafe{
|
||||
pkg: "unsafe",
|
||||
calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"},
|
||||
|
|
|
@ -40,7 +40,7 @@ func (r *usesWeakCryptography) Match(n ast.Node, c *gosec.Context) (*issue.Issue
|
|||
}
|
||||
|
||||
// NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*
|
||||
func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
func NewUsesWeakCryptography(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
calls := make(map[string][]string)
|
||||
calls["crypto/des"] = []string{"NewCipher", "NewTripleDESCipher"}
|
||||
calls["crypto/md5"] = []string{"New", "Sum"}
|
||||
|
|
Loading…
Reference in a new issue