mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
Go modules support for 1.12 (#297)
* support go module * fix implement and uncommented out tests * includes test package * remove test environment go1.10 or older
This commit is contained in:
parent
eaba99df37
commit
85d180848d
5 changed files with 102 additions and 81 deletions
|
@ -1,9 +1,8 @@
|
||||||
language: go
|
language: go
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- "1.9.x"
|
|
||||||
- "1.10.x"
|
|
||||||
- "1.11.x"
|
- "1.11.x"
|
||||||
|
- "1.12.x"
|
||||||
- tip
|
- tip
|
||||||
|
|
||||||
install:
|
install:
|
||||||
|
@ -16,6 +15,7 @@ install:
|
||||||
- go get -u github.com/securego/gosec/cmd/gosec/...
|
- go get -u github.com/securego/gosec/cmd/gosec/...
|
||||||
- go get -v -t ./...
|
- go get -v -t ./...
|
||||||
- export PATH=$PATH:$HOME/gopath/bin
|
- export PATH=$PATH:$HOME/gopath/bin
|
||||||
|
- export GO111MODULE=on
|
||||||
|
|
||||||
script: make test
|
script: make test
|
||||||
|
|
||||||
|
|
42
analyzer.go
42
analyzer.go
|
@ -18,7 +18,6 @@ package gosec
|
||||||
import (
|
import (
|
||||||
"go/ast"
|
"go/ast"
|
||||||
"go/build"
|
"go/build"
|
||||||
"go/parser"
|
|
||||||
"go/token"
|
"go/token"
|
||||||
"go/types"
|
"go/types"
|
||||||
"log"
|
"log"
|
||||||
|
@ -27,9 +26,10 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"golang.org/x/tools/go/loader"
|
"golang.org/x/tools/go/packages"
|
||||||
)
|
)
|
||||||
|
|
||||||
// The Context is populated with data parsed from the source code as it is scanned.
|
// The Context is populated with data parsed from the source code as it is scanned.
|
||||||
|
@ -102,11 +102,12 @@ func (gosec *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
|
||||||
func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error {
|
func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error {
|
||||||
ctx := build.Default
|
ctx := build.Default
|
||||||
ctx.BuildTags = append(ctx.BuildTags, buildTags...)
|
ctx.BuildTags = append(ctx.BuildTags, buildTags...)
|
||||||
packageConfig := loader.Config{
|
conf := &packages.Config{
|
||||||
Build: &ctx,
|
Mode: packages.LoadSyntax,
|
||||||
ParserMode: parser.ParseComments,
|
Tests: true,
|
||||||
AllowErrors: true,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pkgs := []*packages.Package{}
|
||||||
for _, packagePath := range packagePaths {
|
for _, packagePath := range packagePaths {
|
||||||
abspath, err := GetPkgAbsPath(packagePath)
|
abspath, err := GetPkgAbsPath(packagePath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -125,14 +126,15 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
|
||||||
packageFiles = append(packageFiles, path.Join(packagePath, filename))
|
packageFiles = append(packageFiles, path.Join(packagePath, filename))
|
||||||
}
|
}
|
||||||
|
|
||||||
packageConfig.CreateFromFilenames(basePackage.Name, packageFiles...)
|
_pkgs, err := packages.Load(conf, packageFiles...)
|
||||||
}
|
|
||||||
|
|
||||||
builtPackage, err := packageConfig.Load()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
for _, packageInfo := range builtPackage.AllPackages {
|
pkgs = append(pkgs, _pkgs...)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
for _, packageInfo := range pkgs {
|
||||||
if len(packageInfo.Errors) != 0 {
|
if len(packageInfo.Errors) != 0 {
|
||||||
for _, packErr := range packageInfo.Errors {
|
for _, packErr := range packageInfo.Errors {
|
||||||
// infoErr contains information about the error
|
// infoErr contains information about the error
|
||||||
|
@ -160,26 +162,28 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sortErrors(gosec.errors) // sorts errors by line and column in the file
|
sortErrors(gosec.errors) // sorts errors by line and column in the file
|
||||||
|
|
||||||
for _, pkg := range builtPackage.Created {
|
for _, pkg := range pkgs {
|
||||||
gosec.logger.Println("Checking package:", pkg.String())
|
gosec.logger.Println("Checking package:", pkg.String())
|
||||||
for _, file := range pkg.Files {
|
for _, file := range pkg.Syntax {
|
||||||
gosec.logger.Println("Checking file:", builtPackage.Fset.File(file.Pos()).Name())
|
gosec.logger.Println("Checking file:", pkg.Fset.File(file.Pos()).Name())
|
||||||
gosec.context.FileSet = builtPackage.Fset
|
gosec.context.FileSet = pkg.Fset
|
||||||
gosec.context.Config = gosec.config
|
gosec.context.Config = gosec.config
|
||||||
gosec.context.Comments = ast.NewCommentMap(gosec.context.FileSet, file, file.Comments)
|
gosec.context.Comments = ast.NewCommentMap(gosec.context.FileSet, file, file.Comments)
|
||||||
gosec.context.Root = file
|
gosec.context.Root = file
|
||||||
gosec.context.Info = &pkg.Info
|
gosec.context.Info = pkg.TypesInfo
|
||||||
gosec.context.Pkg = pkg.Pkg
|
gosec.context.Pkg = pkg.Types
|
||||||
gosec.context.PkgFiles = pkg.Files
|
gosec.context.PkgFiles = pkg.Syntax
|
||||||
gosec.context.Imports = NewImportTracker()
|
gosec.context.Imports = NewImportTracker()
|
||||||
gosec.context.Imports.TrackPackages(gosec.context.Pkg.Imports()...)
|
gosec.context.Imports.TrackPackages(gosec.context.Pkg.Imports()...)
|
||||||
ast.Walk(gosec, file)
|
ast.Walk(gosec, file)
|
||||||
gosec.stats.NumFiles++
|
gosec.stats.NumFiles++
|
||||||
gosec.stats.NumLines += builtPackage.Fset.File(file.Pos()).LineCount()
|
gosec.stats.NumLines += pkg.Fset.File(file.Pos()).LineCount()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
27
go.mod
27
go.mod
|
@ -2,21 +2,18 @@ module github.com/securego/gosec
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/golang/protobuf v1.2.0 // indirect
|
github.com/golang/protobuf v1.3.1 // indirect
|
||||||
github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3
|
github.com/kisielk/gotool v1.0.0
|
||||||
github.com/kr/pretty v0.1.0 // indirect
|
github.com/kr/pretty v0.1.0 // indirect
|
||||||
github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40
|
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd
|
||||||
github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd
|
github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d
|
||||||
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c
|
github.com/onsi/ginkgo v1.8.0
|
||||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c
|
github.com/onsi/gomega v1.5.0
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/ryanuber/go-glob v1.0.0
|
||||||
github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735
|
github.com/stretchr/testify v1.3.0 // indirect
|
||||||
github.com/stretchr/testify v1.2.2 // indirect
|
golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2 // indirect
|
||||||
golang.org/x/net v0.0.0-20170915142106-8351a756f30f // indirect
|
golang.org/x/sys v0.0.0-20190416152802-12500544f89f // indirect
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f // indirect
|
golang.org/x/tools v0.0.0-20190417005754-4ca4b55e2050
|
||||||
golang.org/x/sys v0.0.0-20171026204733-164713f0dfce // indirect
|
|
||||||
golang.org/x/text v0.0.0-20170915090833-1cbadb444a80 // indirect
|
|
||||||
golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f
|
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
||||||
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7
|
gopkg.in/yaml.v2 v2.2.2
|
||||||
)
|
)
|
||||||
|
|
68
go.sum
68
go.sum
|
@ -1,39 +1,59 @@
|
||||||
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
|
||||||
|
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||||
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
|
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
|
||||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3 h1:s/sV9geKJwXXzcrFiQdiiIFgfesbREplXWR9ZFgnGSQ=
|
github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
|
||||||
github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM=
|
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
|
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
||||||
|
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||||
|
github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
|
||||||
|
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||||
github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40 h1:Q0XH6Ql1+Z6YbUKyWyI0sD8/9yH0U8x86yA8LuWMJwY=
|
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd h1:Av0AX0PnAlPZ3AY2rQUobGFaZfE4KHVRdKWIEPvsCWY=
|
||||||
github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
|
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
|
||||||
github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd h1:hEzcdYzgmGA1zDrSYdh+OE4H43RrglXdZQ5ip/+93GU=
|
github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E=
|
||||||
github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
|
github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
|
||||||
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c h1:Hww8mOyEKTeON4bZn7FrlLismspbPc1teNRUVH7wLQ8=
|
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=
|
||||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c h1:eSfnfIuwhxZyULg1NNuZycJcYkjYVGYe7FczwQReM6U=
|
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo=
|
||||||
|
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735 h1:7YvPJVmEeFHR1Tj9sZEYsmarJEQfMVYpd/Vyy/A8dqE=
|
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
|
||||||
github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
|
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
|
||||||
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
|
||||||
golang.org/x/net v0.0.0-20170915142106-8351a756f30f h1:gBDN4vcizo3zTVoOZWdw1W3KB3Yh9lxB8I1uOgf/7n0=
|
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||||
golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
|
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
|
golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2 h1:iC0Y6EDq+rhnAePxGvJs2kzUAYcwESqdcGRPzEUfzTU=
|
||||||
|
golang.org/x/net v0.0.0-20190415214537-1da14a5a36f2/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sys v0.0.0-20171026204733-164713f0dfce h1:BDMHZhZQhI6KuA6MzarSMksZq8ZegBJ3mSbFKLEYG/w=
|
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/text v0.0.0-20170915090833-1cbadb444a80 h1:LMxnNSL1jel8frQKy+gjCcwcgLsd3UEDVGg9DD8ryxw=
|
golang.org/x/sys v0.0.0-20190416152802-12500544f89f h1:1ZH9RnjNgLzh6YrsRp/c6ddZ8Lq0fq9xztNOoWJ2sz4=
|
||||||
golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/sys v0.0.0-20190416152802-12500544f89f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f h1:2bTOCVQtYN868SqJlTyB1SOrvrmeurDB7H5ylUynHsY=
|
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||||
golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
golang.org/x/tools v0.0.0-20190417005754-4ca4b55e2050 h1:F2v+dqex82KbcdFuJrgIWjWXfT48L8i0Qh8NFaZPNZg=
|
||||||
|
golang.org/x/tools v0.0.0-20190417005754-4ca4b55e2050/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7 h1:+t9dhfO+GNOIGJof6kPOAenx7YgrZMTdRPV+EsnPabk=
|
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
|
||||||
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
|
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
||||||
|
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
|
||||||
|
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||||
|
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
|
|
@ -3,7 +3,6 @@ package testutils
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"go/build"
|
"go/build"
|
||||||
"go/parser"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
@ -11,13 +10,13 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/securego/gosec"
|
"github.com/securego/gosec"
|
||||||
"golang.org/x/tools/go/loader"
|
"golang.org/x/tools/go/packages"
|
||||||
)
|
)
|
||||||
|
|
||||||
type buildObj struct {
|
type buildObj struct {
|
||||||
pkg *build.Package
|
pkg *build.Package
|
||||||
config loader.Config
|
config *packages.Config
|
||||||
program *loader.Program
|
pkgs []*packages.Package
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestPackage is a mock package for testing purposes
|
// TestPackage is a mock package for testing purposes
|
||||||
|
@ -37,9 +36,7 @@ func NewTestPackage() *TestPackage {
|
||||||
goPath = build.Default.GOPATH
|
goPath = build.Default.GOPATH
|
||||||
}
|
}
|
||||||
|
|
||||||
// Files must exist in $GOPATH
|
workingDir, err := ioutil.TempDir("", "gosecs_test")
|
||||||
sourceDir := path.Join(goPath, "src")
|
|
||||||
workingDir, err := ioutil.TempDir(sourceDir, "gosecs_test")
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -84,20 +81,23 @@ func (p *TestPackage) Build() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
var packageFiles []string
|
var packageFiles []string
|
||||||
packageConfig := loader.Config{Build: &build.Default, ParserMode: parser.ParseComments}
|
|
||||||
for _, filename := range basePackage.GoFiles {
|
for _, filename := range basePackage.GoFiles {
|
||||||
packageFiles = append(packageFiles, path.Join(p.Path, filename))
|
packageFiles = append(packageFiles, path.Join(p.Path, filename))
|
||||||
}
|
}
|
||||||
|
|
||||||
packageConfig.CreateFromFilenames(basePackage.Name, packageFiles...)
|
conf := &packages.Config{
|
||||||
program, err := packageConfig.Load()
|
Mode: packages.LoadSyntax,
|
||||||
|
Tests: false,
|
||||||
|
}
|
||||||
|
pkgs, err := packages.Load(conf, packageFiles...)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
p.build = &buildObj{
|
p.build = &buildObj{
|
||||||
pkg: basePackage,
|
pkg: basePackage,
|
||||||
config: packageConfig,
|
config: conf,
|
||||||
program: program,
|
pkgs: pkgs,
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -109,18 +109,18 @@ func (p *TestPackage) CreateContext(filename string) *gosec.Context {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, pkg := range p.build.program.Created {
|
for _, pkg := range p.build.pkgs {
|
||||||
for _, file := range pkg.Files {
|
for _, file := range pkg.Syntax {
|
||||||
pkgFile := p.build.program.Fset.File(file.Pos()).Name()
|
pkgFile := pkg.Fset.File(file.Pos()).Name()
|
||||||
strip := fmt.Sprintf("%s%c", p.Path, os.PathSeparator)
|
strip := fmt.Sprintf("%s%c", p.Path, os.PathSeparator)
|
||||||
pkgFile = strings.TrimPrefix(pkgFile, strip)
|
pkgFile = strings.TrimPrefix(pkgFile, strip)
|
||||||
if pkgFile == filename {
|
if pkgFile == filename {
|
||||||
ctx := &gosec.Context{
|
ctx := &gosec.Context{
|
||||||
FileSet: p.build.program.Fset,
|
FileSet: pkg.Fset,
|
||||||
Root: file,
|
Root: file,
|
||||||
Config: gosec.NewConfig(),
|
Config: gosec.NewConfig(),
|
||||||
Info: &pkg.Info,
|
Info: pkg.TypesInfo,
|
||||||
Pkg: pkg.Pkg,
|
Pkg: pkg.Types,
|
||||||
Imports: gosec.NewImportTracker(),
|
Imports: gosec.NewImportTracker(),
|
||||||
}
|
}
|
||||||
ctx.Imports.TrackPackages(ctx.Pkg.Imports()...)
|
ctx.Imports.TrackPackages(ctx.Pkg.Imports()...)
|
||||||
|
|
Loading…
Reference in a new issue