Merge pull request #29 from HewlettPackard/fix_regexp

Fix incorrect regexp matches
This commit is contained in:
Grant Murphy 2016-07-30 15:16:08 -07:00 committed by GitHub
commit 8261ee58d6
12 changed files with 18 additions and 18 deletions

View file

@ -40,7 +40,7 @@ func (r *BindsToAllNetworkInterfaces) Match(n ast.Node, c *gas.Context) (gi *gas
func NewBindsToAllNetworkInterfaces() (r gas.Rule, n ast.Node) { func NewBindsToAllNetworkInterfaces() (r gas.Rule, n ast.Node) {
r = &BindsToAllNetworkInterfaces{ r = &BindsToAllNetworkInterfaces{
call: regexp.MustCompile(`^net.Listen$`), call: regexp.MustCompile(`^net\.Listen$`),
pattern: regexp.MustCompile(`^(0.0.0.0|:).*$`), pattern: regexp.MustCompile(`^(0.0.0.0|:).*$`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,

View file

@ -39,7 +39,7 @@ func (r *FilePermissions) Match(n ast.Node, c *gas.Context) (*gas.Issue, error)
func NewChmodPerms() (r gas.Rule, n ast.Node) { func NewChmodPerms() (r gas.Rule, n ast.Node) {
mode := 0600 mode := 0600
r = &FilePermissions{ r = &FilePermissions{
pattern: regexp.MustCompile(`^os.Chmod$`), pattern: regexp.MustCompile(`^os\.Chmod$`),
mode: (int64)(mode), mode: (int64)(mode),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
@ -54,7 +54,7 @@ func NewChmodPerms() (r gas.Rule, n ast.Node) {
func NewMkdirPerms() (r gas.Rule, n ast.Node) { func NewMkdirPerms() (r gas.Rule, n ast.Node) {
mode := 0700 mode := 0700
r = &FilePermissions{ r = &FilePermissions{
pattern: regexp.MustCompile(`^(os.Mkdir|os.MkdirAll)$`), pattern: regexp.MustCompile(`^(os\.Mkdir|os\.MkdirAll)$`),
mode: (int64)(mode), mode: (int64)(mode),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,

View file

@ -45,7 +45,7 @@ func (r *CredsAssign) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
func NewHardcodedCredentials() (r gas.Rule, n ast.Node) { func NewHardcodedCredentials() (r gas.Rule, n ast.Node) {
r = &CredsAssign{ r = &CredsAssign{
pattern: regexp.MustCompile("(?i)passwd|pass|password|pwd|secret|token"), pattern: regexp.MustCompile(`(?i)passwd|pass|password|pwd|secret|token`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
What: "Potential hardcoded credentials", What: "Potential hardcoded credentials",
Confidence: gas.Low, Confidence: gas.Low,

View file

@ -43,7 +43,7 @@ func NewHttpoxyTest() (r gas.Rule, n ast.Node) {
Confidence: gas.Low, Confidence: gas.Low,
What: "Go code running under CGI is vulnerable to Httpoxy attack. (CVE-2016-5386)", What: "Go code running under CGI is vulnerable to Httpoxy attack. (CVE-2016-5386)",
}, },
pattern: regexp.MustCompile("^\"net/http/cgi\"$"), pattern: regexp.MustCompile(`^"net/http/cgi"$`),
} }
n = (*ast.ImportSpec)(nil) n = (*ast.ImportSpec)(nil)
return return

View file

@ -41,7 +41,7 @@ func (w *WeakRand) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) {
func NewWeakRandCheck() (r gas.Rule, n ast.Node) { func NewWeakRandCheck() (r gas.Rule, n ast.Node) {
r = &WeakRand{ r = &WeakRand{
pattern: regexp.MustCompile(`^rand.Read$`), pattern: regexp.MustCompile(`^rand\.Read$`),
packageName: "rand", packageName: "rand",
packagePath: "math/rand", packagePath: "math/rand",
MetaData: gas.MetaData{ MetaData: gas.MetaData{

View file

@ -40,7 +40,7 @@ func (w *WeakKeyStrength) Match(n ast.Node, c *gas.Context) (*gas.Issue, error)
func NewWeakKeyStrength() (r gas.Rule, n ast.Node) { func NewWeakKeyStrength() (r gas.Rule, n ast.Node) {
bits := 2048 bits := 2048
r = &WeakKeyStrength{ r = &WeakKeyStrength{
pattern: regexp.MustCompile(`^rsa.GenerateKey$`), pattern: regexp.MustCompile(`^rsa\.GenerateKey$`),
bits: bits, bits: bits,
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,

View file

@ -59,7 +59,7 @@ func (s *SqlStrConcat) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) {
func NewSqlStrConcat() (r gas.Rule, n ast.Node) { func NewSqlStrConcat() (r gas.Rule, n ast.Node) {
r = &SqlStrConcat{ r = &SqlStrConcat{
SqlStatement: SqlStatement{ SqlStatement: SqlStatement{
pattern: regexp.MustCompile("(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "), pattern: regexp.MustCompile(`(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) `),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
Confidence: gas.High, Confidence: gas.High,
@ -88,7 +88,7 @@ func (s *SqlStrFormat) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err err
func NewSqlStrFormat() (r gas.Rule, n ast.Node) { func NewSqlStrFormat() (r gas.Rule, n ast.Node) {
r = &SqlStrFormat{ r = &SqlStrFormat{
call: regexp.MustCompile("^fmt.Sprintf$"), call: regexp.MustCompile(`^fmt\.Sprintf$`),
SqlStatement: SqlStatement{ SqlStatement: SqlStatement{
pattern: regexp.MustCompile("(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "), pattern: regexp.MustCompile("(?)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) "),
MetaData: gas.MetaData{ MetaData: gas.MetaData{

View file

@ -37,8 +37,8 @@ func (t *BadTempFile) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
func NewBadTempFile() (r gas.Rule, n ast.Node) { func NewBadTempFile() (r gas.Rule, n ast.Node) {
r = &BadTempFile{ r = &BadTempFile{
call: regexp.MustCompile("ioutil.WriteFile|os.Create"), call: regexp.MustCompile(`ioutil\.WriteFile|os\.Create`),
args: regexp.MustCompile("^/tmp/.*$|^/var/tmp/.*$"), args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
Confidence: gas.High, Confidence: gas.High,

View file

@ -38,7 +38,7 @@ func (t *TemplateCheck) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err er
func NewTemplateCheck() (r gas.Rule, n ast.Node) { func NewTemplateCheck() (r gas.Rule, n ast.Node) {
r = &TemplateCheck{ r = &TemplateCheck{
call: regexp.MustCompile("^template.(HTML|JS|URL)$"), call: regexp.MustCompile(`^template\.(HTML|JS|URL)$`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
Confidence: gas.Low, Confidence: gas.Low,

View file

@ -112,7 +112,7 @@ func (t *InsecureConfigTLS) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, er
func NewModernTlsCheck() (r gas.Rule, n ast.Node) { func NewModernTlsCheck() (r gas.Rule, n ast.Node) {
// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
r = &InsecureConfigTLS{ r = &InsecureConfigTLS{
pattern: regexp.MustCompile("^tls.Config$"), pattern: regexp.MustCompile(`^tls\.Config$`),
MinVersion: 0x0303, // TLS 1.2 only MinVersion: 0x0303, // TLS 1.2 only
MaxVersion: 0x0303, MaxVersion: 0x0303,
goodCiphers: []string{ goodCiphers: []string{
@ -129,7 +129,7 @@ func NewModernTlsCheck() (r gas.Rule, n ast.Node) {
func NewIntermediateTlsCheck() (r gas.Rule, n ast.Node) { func NewIntermediateTlsCheck() (r gas.Rule, n ast.Node) {
// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
r = &InsecureConfigTLS{ r = &InsecureConfigTLS{
pattern: regexp.MustCompile("^tls.Config$"), pattern: regexp.MustCompile(`^tls\.Config$`),
MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0 MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0
MaxVersion: 0x0303, MaxVersion: 0x0303,
goodCiphers: []string{ goodCiphers: []string{
@ -157,7 +157,7 @@ func NewIntermediateTlsCheck() (r gas.Rule, n ast.Node) {
func NewCompatTlsCheck() (r gas.Rule, n ast.Node) { func NewCompatTlsCheck() (r gas.Rule, n ast.Node) {
// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29 // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29
r = &InsecureConfigTLS{ r = &InsecureConfigTLS{
pattern: regexp.MustCompile("^tls.Config$"), pattern: regexp.MustCompile(`^tls\.Config$`),
MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0 MinVersion: 0x0301, // TLS 1.2, 1.1, 1.0
MaxVersion: 0x0303, MaxVersion: 0x0303,
goodCiphers: []string{ goodCiphers: []string{

View file

@ -34,7 +34,7 @@ func (r *UsingUnsafe) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err erro
func NewUsingUnsafe() (r gas.Rule, n ast.Node) { func NewUsingUnsafe() (r gas.Rule, n ast.Node) {
r = &UsingUnsafe{ r = &UsingUnsafe{
pattern: regexp.MustCompile("unsafe.*"), pattern: regexp.MustCompile(`unsafe.*`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
What: "Use of unsafe calls should be audited", What: "Use of unsafe calls should be audited",
Severity: gas.Low, Severity: gas.Low,

View file

@ -40,7 +40,7 @@ func (r *ImportsWeakCryptography) Match(n ast.Node, c *gas.Context) (gi *gas.Iss
// Imports crypto/md5, crypto/des crypto/rc4 // Imports crypto/md5, crypto/des crypto/rc4
func NewImportsWeakCryptography() (r gas.Rule, n ast.Node) { func NewImportsWeakCryptography() (r gas.Rule, n ast.Node) {
r = &ImportsWeakCryptography{ r = &ImportsWeakCryptography{
pattern: regexp.MustCompile("crypto/md5|crypto/des|crypto/rc4"), pattern: regexp.MustCompile(`crypto/md5|crypto/des|crypto/rc4`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
Confidence: gas.High, Confidence: gas.High,
@ -66,7 +66,7 @@ func (r *UsesWeakCryptography) Match(n ast.Node, c *gas.Context) (*gas.Issue, er
// Uses des.* md5.* or rc4.* // Uses des.* md5.* or rc4.*
func NewUsesWeakCryptography() (r gas.Rule, n ast.Node) { func NewUsesWeakCryptography() (r gas.Rule, n ast.Node) {
r = &UsesWeakCryptography{ r = &UsesWeakCryptography{
pattern: regexp.MustCompile("des.NewCipher|des.NewTripleDESCipher|md5.New|md5.Sum|rc4.NewCipher"), pattern: regexp.MustCompile(`des\.NewCipher|des\.NewTripleDESCipher|md5\.New|md5\.Sum|rc4\.NewCipher`),
MetaData: gas.MetaData{ MetaData: gas.MetaData{
Severity: gas.Medium, Severity: gas.Medium,
Confidence: gas.High, Confidence: gas.High,