Scan the go packages path recursively starting from a root folder

This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2019-04-25 12:47:13 +02:00 committed by Grant Murphy
parent 85221996b6
commit 85eb8a52ab
4 changed files with 43 additions and 17 deletions

View file

@ -24,7 +24,6 @@ import (
"sort" "sort"
"strings" "strings"
"github.com/kisielk/gotool"
"github.com/securego/gosec" "github.com/securego/gosec"
"github.com/securego/gosec/output" "github.com/securego/gosec/output"
"github.com/securego/gosec/rules" "github.com/securego/gosec/rules"
@ -147,19 +146,19 @@ func loadConfig(configFile string) (gosec.Config, error) {
func loadRules(include, exclude string) rules.RuleList { func loadRules(include, exclude string) rules.RuleList {
var filters []rules.RuleFilter var filters []rules.RuleFilter
if include != "" { if include != "" {
logger.Printf("including rules: %s", include) logger.Printf("Including rules: %s", include)
including := strings.Split(include, ",") including := strings.Split(include, ",")
filters = append(filters, rules.NewRuleFilter(false, including...)) filters = append(filters, rules.NewRuleFilter(false, including...))
} else { } else {
logger.Println("including rules: default") logger.Println("Including rules: default")
} }
if exclude != "" { if exclude != "" {
logger.Printf("excluding rules: %s", exclude) logger.Printf("Excluding rules: %s", exclude)
excluding := strings.Split(exclude, ",") excluding := strings.Split(exclude, ",")
filters = append(filters, rules.NewRuleFilter(true, excluding...)) filters = append(filters, rules.NewRuleFilter(true, excluding...))
} else { } else {
logger.Println("excluding rules: default") logger.Println("Excluding rules: default")
} }
return rules.Generate(filters...) return rules.Generate(filters...)
} }
@ -244,7 +243,7 @@ func main() {
// Load enabled rule definitions // Load enabled rule definitions
ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude) ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude)
if len(ruleDefinitions) == 0 { if len(ruleDefinitions) == 0 {
logger.Fatal("cannot continue: no rules are configured.") logger.Fatal("No rules are configured")
} }
// Create the analyzer // Create the analyzer
@ -253,15 +252,15 @@ func main() {
vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`) vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
var packages []string var packages []string
// Iterate over packages on the import paths for _, path := range flag.Args() {
for _, pkg := range gotool.ImportPaths(flag.Args()) { pcks, err := gosec.PackagePaths(path, vendor)
// Skip vendor directory if err != nil {
if !*flagScanVendor { logger.Fatal(err)
if vendor.MatchString(pkg) {
continue
}
} }
packages = append(packages, pkg) packages = append(packages, pcks...)
}
if len(packages) == 0 {
logger.Fatal("No packages found")
} }
var buildTags []string var buildTags []string

1
go.mod
View file

@ -3,7 +3,6 @@ module github.com/securego/gosec
require ( require (
github.com/davecgh/go-spew v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect
github.com/golang/protobuf v1.3.1 // indirect github.com/golang/protobuf v1.3.1 // indirect
github.com/kisielk/gotool v1.0.0
github.com/kr/pretty v0.1.0 // indirect github.com/kr/pretty v0.1.0 // indirect
github.com/lib/pq v1.1.0 // indirect github.com/lib/pq v1.1.0 // indirect
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd

2
go.sum
View file

@ -9,8 +9,6 @@ github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=

View file

@ -23,6 +23,7 @@ import (
"os" "os"
"os/user" "os/user"
"path/filepath" "path/filepath"
"regexp"
"runtime" "runtime"
"strconv" "strconv"
"strings" "strings"
@ -357,3 +358,32 @@ func FindVarIdentities(n *ast.BinaryExpr, c *Context) ([]*ast.Ident, bool) {
// if nil or error, return false // if nil or error, return false
return nil, false return nil, false
} }
// PackagePaths returns a slice with all packages path at given root directory
func PackagePaths(root string, exclude *regexp.Regexp) ([]string, error) {
if strings.HasSuffix(root, "...") {
root = root[0 : len(root)-3]
} else {
return []string{root}, nil
}
paths := map[string]bool{}
err := filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
if filepath.Ext(path) == ".go" {
path = filepath.Dir(path)
if exclude != nil && exclude.MatchString(path) {
return nil
}
paths[path] = true
}
return nil
})
if err != nil {
return []string{}, err
}
result := []string{}
for path := range paths {
result = append(result, path)
}
return result, nil
}