mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Scan the go packages path recursively starting from a root folder
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
85221996b6
commit
85eb8a52ab
4 changed files with 43 additions and 17 deletions
|
@ -24,7 +24,6 @@ import (
|
||||||
"sort"
|
"sort"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/kisielk/gotool"
|
|
||||||
"github.com/securego/gosec"
|
"github.com/securego/gosec"
|
||||||
"github.com/securego/gosec/output"
|
"github.com/securego/gosec/output"
|
||||||
"github.com/securego/gosec/rules"
|
"github.com/securego/gosec/rules"
|
||||||
|
@ -147,19 +146,19 @@ func loadConfig(configFile string) (gosec.Config, error) {
|
||||||
func loadRules(include, exclude string) rules.RuleList {
|
func loadRules(include, exclude string) rules.RuleList {
|
||||||
var filters []rules.RuleFilter
|
var filters []rules.RuleFilter
|
||||||
if include != "" {
|
if include != "" {
|
||||||
logger.Printf("including rules: %s", include)
|
logger.Printf("Including rules: %s", include)
|
||||||
including := strings.Split(include, ",")
|
including := strings.Split(include, ",")
|
||||||
filters = append(filters, rules.NewRuleFilter(false, including...))
|
filters = append(filters, rules.NewRuleFilter(false, including...))
|
||||||
} else {
|
} else {
|
||||||
logger.Println("including rules: default")
|
logger.Println("Including rules: default")
|
||||||
}
|
}
|
||||||
|
|
||||||
if exclude != "" {
|
if exclude != "" {
|
||||||
logger.Printf("excluding rules: %s", exclude)
|
logger.Printf("Excluding rules: %s", exclude)
|
||||||
excluding := strings.Split(exclude, ",")
|
excluding := strings.Split(exclude, ",")
|
||||||
filters = append(filters, rules.NewRuleFilter(true, excluding...))
|
filters = append(filters, rules.NewRuleFilter(true, excluding...))
|
||||||
} else {
|
} else {
|
||||||
logger.Println("excluding rules: default")
|
logger.Println("Excluding rules: default")
|
||||||
}
|
}
|
||||||
return rules.Generate(filters...)
|
return rules.Generate(filters...)
|
||||||
}
|
}
|
||||||
|
@ -244,7 +243,7 @@ func main() {
|
||||||
// Load enabled rule definitions
|
// Load enabled rule definitions
|
||||||
ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude)
|
ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude)
|
||||||
if len(ruleDefinitions) == 0 {
|
if len(ruleDefinitions) == 0 {
|
||||||
logger.Fatal("cannot continue: no rules are configured.")
|
logger.Fatal("No rules are configured")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create the analyzer
|
// Create the analyzer
|
||||||
|
@ -253,15 +252,15 @@ func main() {
|
||||||
|
|
||||||
vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
|
vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
|
||||||
var packages []string
|
var packages []string
|
||||||
// Iterate over packages on the import paths
|
for _, path := range flag.Args() {
|
||||||
for _, pkg := range gotool.ImportPaths(flag.Args()) {
|
pcks, err := gosec.PackagePaths(path, vendor)
|
||||||
// Skip vendor directory
|
if err != nil {
|
||||||
if !*flagScanVendor {
|
logger.Fatal(err)
|
||||||
if vendor.MatchString(pkg) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
packages = append(packages, pkg)
|
packages = append(packages, pcks...)
|
||||||
|
}
|
||||||
|
if len(packages) == 0 {
|
||||||
|
logger.Fatal("No packages found")
|
||||||
}
|
}
|
||||||
|
|
||||||
var buildTags []string
|
var buildTags []string
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -3,7 +3,6 @@ module github.com/securego/gosec
|
||||||
require (
|
require (
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/golang/protobuf v1.3.1 // indirect
|
github.com/golang/protobuf v1.3.1 // indirect
|
||||||
github.com/kisielk/gotool v1.0.0
|
|
||||||
github.com/kr/pretty v0.1.0 // indirect
|
github.com/kr/pretty v0.1.0 // indirect
|
||||||
github.com/lib/pq v1.1.0 // indirect
|
github.com/lib/pq v1.1.0 // indirect
|
||||||
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd
|
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -9,8 +9,6 @@ github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg
|
||||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
||||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||||
github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
|
|
||||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
|
||||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||||
|
|
30
helpers.go
30
helpers.go
|
@ -23,6 +23,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"os/user"
|
"os/user"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"regexp"
|
||||||
"runtime"
|
"runtime"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -357,3 +358,32 @@ func FindVarIdentities(n *ast.BinaryExpr, c *Context) ([]*ast.Ident, bool) {
|
||||||
// if nil or error, return false
|
// if nil or error, return false
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PackagePaths returns a slice with all packages path at given root directory
|
||||||
|
func PackagePaths(root string, exclude *regexp.Regexp) ([]string, error) {
|
||||||
|
if strings.HasSuffix(root, "...") {
|
||||||
|
root = root[0 : len(root)-3]
|
||||||
|
} else {
|
||||||
|
return []string{root}, nil
|
||||||
|
}
|
||||||
|
paths := map[string]bool{}
|
||||||
|
err := filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
|
||||||
|
if filepath.Ext(path) == ".go" {
|
||||||
|
path = filepath.Dir(path)
|
||||||
|
if exclude != nil && exclude.MatchString(path) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
paths[path] = true
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return []string{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
result := []string{}
|
||||||
|
for path := range paths {
|
||||||
|
result = append(result, path)
|
||||||
|
}
|
||||||
|
return result, nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue