diff --git a/rules/bind.go b/rules/bind.go index ae0b619..4770608 100644 --- a/rules/bind.go +++ b/rules/bind.go @@ -40,7 +40,7 @@ func (r *BindsToAllNetworkInterfaces) Match(n ast.Node, c *gas.Context) (gi *gas func NewBindsToAllNetworkInterfaces() (r gas.Rule, n ast.Node) { r = &BindsToAllNetworkInterfaces{ - call: regexp.MustCompile(`^net.Listen$`), + call: regexp.MustCompile(`^net\.Listen$`), pattern: regexp.MustCompile(`^(0.0.0.0|:).*$`), MetaData: gas.MetaData{ Severity: gas.Medium, diff --git a/rules/fileperms.go b/rules/fileperms.go index afd1392..1d7bafe 100644 --- a/rules/fileperms.go +++ b/rules/fileperms.go @@ -39,7 +39,7 @@ func (r *FilePermissions) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) func NewChmodPerms() (r gas.Rule, n ast.Node) { mode := 0600 r = &FilePermissions{ - pattern: regexp.MustCompile(`^os.Chmod$`), + pattern: regexp.MustCompile(`^os\.Chmod$`), mode: (int64)(mode), MetaData: gas.MetaData{ Severity: gas.Medium, @@ -54,7 +54,7 @@ func NewChmodPerms() (r gas.Rule, n ast.Node) { func NewMkdirPerms() (r gas.Rule, n ast.Node) { mode := 0700 r = &FilePermissions{ - pattern: regexp.MustCompile(`^(os.Mkdir|os.MkdirAll)$`), + pattern: regexp.MustCompile(`^(os\.Mkdir|os\.MkdirAll)$`), mode: (int64)(mode), MetaData: gas.MetaData{ Severity: gas.Medium, diff --git a/rules/hardcoded_credentials.go b/rules/hardcoded_credentials.go index 83c9f64..eecf85f 100644 --- a/rules/hardcoded_credentials.go +++ b/rules/hardcoded_credentials.go @@ -45,7 +45,7 @@ func (r *CredsAssign) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro func NewHardcodedCredentials() (r gas.Rule, n ast.Node) { r = &CredsAssign{ - pattern: regexp.MustCompile("(?i)passwd|pass|password|pwd|secret|token"), + pattern: regexp.MustCompile(`(?i)passwd|pass|password|pwd|secret|token`), MetaData: gas.MetaData{ What: "Potential hardcoded credentials", Confidence: gas.Low, diff --git a/rules/httpoxy.go b/rules/httpoxy.go index badb3b1..1bf8da9 100644 --- a/rules/httpoxy.go +++ b/rules/httpoxy.go @@ -43,7 +43,7 @@ func NewHttpoxyTest() (r gas.Rule, n ast.Node) { Confidence: gas.Low, What: "Go code running under CGI is vulnerable to Httpoxy attack. (CVE-2016-5386)", }, - pattern: regexp.MustCompile("^\"net/http/cgi\"$"), + pattern: regexp.MustCompile(`^"net/http/cgi"$`), } n = (*ast.ImportSpec)(nil) return diff --git a/rules/rand.go b/rules/rand.go index eff2204..95c8b47 100644 --- a/rules/rand.go +++ b/rules/rand.go @@ -41,7 +41,7 @@ func (w *WeakRand) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { func NewWeakRandCheck() (r gas.Rule, n ast.Node) { r = &WeakRand{ - pattern: regexp.MustCompile(`^rand.Read$`), + pattern: regexp.MustCompile(`^rand\.Read$`), packageName: "rand", packagePath: "math/rand", MetaData: gas.MetaData{ diff --git a/rules/rsa.go b/rules/rsa.go index 7639f66..d2c640c 100644 --- a/rules/rsa.go +++ b/rules/rsa.go @@ -40,7 +40,7 @@ func (w *WeakKeyStrength) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) func NewWeakKeyStrength() (r gas.Rule, n ast.Node) { bits := 2048 r = &WeakKeyStrength{ - pattern: regexp.MustCompile(`^rsa.GenerateKey$`), + pattern: regexp.MustCompile(`^rsa\.GenerateKey$`), bits: bits, MetaData: gas.MetaData{ Severity: gas.Medium, diff --git a/rules/sql.go b/rules/sql.go index 2220668..737f4e2 100644 --- a/rules/sql.go +++ b/rules/sql.go @@ -59,7 +59,7 @@ func (s *SqlStrConcat) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { func NewSqlStrConcat() (r gas.Rule, n ast.Node) { r = &SqlStrConcat{ SqlStatement: SqlStatement{ - pattern: regexp.MustCompile("(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "), + pattern: regexp.MustCompile(`(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) `), MetaData: gas.MetaData{ Severity: gas.Medium, Confidence: gas.High, @@ -88,7 +88,7 @@ func (s *SqlStrFormat) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err err func NewSqlStrFormat() (r gas.Rule, n ast.Node) { r = &SqlStrFormat{ - call: regexp.MustCompile("^fmt.Sprintf$"), + call: regexp.MustCompile(`^fmt\.Sprintf$`), SqlStatement: SqlStatement{ pattern: regexp.MustCompile("(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "), MetaData: gas.MetaData{ diff --git a/rules/tempfiles.go b/rules/tempfiles.go index 0b04a21..c31b556 100644 --- a/rules/tempfiles.go +++ b/rules/tempfiles.go @@ -37,8 +37,8 @@ func (t *BadTempFile) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro func NewBadTempFile() (r gas.Rule, n ast.Node) { r = &BadTempFile{ - call: regexp.MustCompile("ioutil.WriteFile|os.Create"), - args: regexp.MustCompile("^/tmp/.*$|^/var/tmp/.*$"), + call: regexp.MustCompile(`ioutil\.WriteFile|os\.Create`), + args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`), MetaData: gas.MetaData{ Severity: gas.Medium, Confidence: gas.High, diff --git a/rules/templates.go b/rules/templates.go index eb59cac..5b8a28b 100644 --- a/rules/templates.go +++ b/rules/templates.go @@ -38,7 +38,7 @@ func (t *TemplateCheck) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err er func NewTemplateCheck() (r gas.Rule, n ast.Node) { r = &TemplateCheck{ - call: regexp.MustCompile("^template.(HTML|JS|URL)$"), + call: regexp.MustCompile(`^template\.(HTML|JS|URL)$`), MetaData: gas.MetaData{ Severity: gas.Medium, Confidence: gas.Low, diff --git a/rules/tls.go b/rules/tls.go index 3faafd9..3d8b521 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -112,7 +112,7 @@ func (t *InsecureConfigTLS) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, er func NewModernTlsCheck() (r gas.Rule, n ast.Node) { // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility r = &InsecureConfigTLS{ - pattern: regexp.MustCompile("^tls.Config$"), + pattern: regexp.MustCompile(`^tls\.Config$`), MinVersion: 0x0303, // TLS 1.2 only MaxVersion: 0x0303, goodCiphers: []string{ @@ -129,7 +129,7 @@ func NewModernTlsCheck() (r gas.Rule, n ast.Node) { func NewIntermediateTlsCheck() (r gas.Rule, n ast.Node) { // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 r = &InsecureConfigTLS{ - pattern: regexp.MustCompile("^tls.Config$"), + pattern: regexp.MustCompile(`^tls\.Config$`), MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0 MaxVersion: 0x0303, goodCiphers: []string{ @@ -157,7 +157,7 @@ func NewIntermediateTlsCheck() (r gas.Rule, n ast.Node) { func NewCompatTlsCheck() (r gas.Rule, n ast.Node) { // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29 r = &InsecureConfigTLS{ - pattern: regexp.MustCompile("^tls.Config$"), + pattern: regexp.MustCompile(`^tls\.Config$`), MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0 MaxVersion: 0x0303, goodCiphers: []string{ diff --git a/rules/unsafe.go b/rules/unsafe.go index bf0313c..186db9c 100644 --- a/rules/unsafe.go +++ b/rules/unsafe.go @@ -34,7 +34,7 @@ func (r *UsingUnsafe) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro func NewUsingUnsafe() (r gas.Rule, n ast.Node) { r = &UsingUnsafe{ - pattern: regexp.MustCompile("unsafe.*"), + pattern: regexp.MustCompile(`unsafe.*`), MetaData: gas.MetaData{ What: "Use of unsafe calls should be audited", Severity: gas.Low, diff --git a/rules/weakcrypto.go b/rules/weakcrypto.go index 59886b2..c5db192 100644 --- a/rules/weakcrypto.go +++ b/rules/weakcrypto.go @@ -40,7 +40,7 @@ func (r *ImportsWeakCryptography) Match(n ast.Node, c *gas.Context) (gi *gas.Iss // Imports crypto/md5, crypto/des crypto/rc4 func NewImportsWeakCryptography() (r gas.Rule, n ast.Node) { r = &ImportsWeakCryptography{ - pattern: regexp.MustCompile("crypto/md5|crypto/des|crypto/rc4"), + pattern: regexp.MustCompile(`crypto/md5|crypto/des|crypto/rc4`), MetaData: gas.MetaData{ Severity: gas.Medium, Confidence: gas.High, @@ -66,7 +66,7 @@ func (r *UsesWeakCryptography) Match(n ast.Node, c *gas.Context) (*gas.Issue, er // Uses des.* md5.* or rc4.* func NewUsesWeakCryptography() (r gas.Rule, n ast.Node) { r = &UsesWeakCryptography{ - pattern: regexp.MustCompile("des.NewCipher|des.NewTripleDESCipher|md5.New|md5.Sum|rc4.NewCipher"), + pattern: regexp.MustCompile(`des\.NewCipher|des\.NewTripleDESCipher|md5\.New|md5\.Sum|rc4\.NewCipher`), MetaData: gas.MetaData{ Severity: gas.Medium, Confidence: gas.High,