mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Scan the go packages path recursively starting from a root folder
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
85221996b6
commit
85eb8a52ab
4 changed files with 43 additions and 17 deletions
|
@ -24,7 +24,6 @@ import (
|
|||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/kisielk/gotool"
|
||||
"github.com/securego/gosec"
|
||||
"github.com/securego/gosec/output"
|
||||
"github.com/securego/gosec/rules"
|
||||
|
@ -147,19 +146,19 @@ func loadConfig(configFile string) (gosec.Config, error) {
|
|||
func loadRules(include, exclude string) rules.RuleList {
|
||||
var filters []rules.RuleFilter
|
||||
if include != "" {
|
||||
logger.Printf("including rules: %s", include)
|
||||
logger.Printf("Including rules: %s", include)
|
||||
including := strings.Split(include, ",")
|
||||
filters = append(filters, rules.NewRuleFilter(false, including...))
|
||||
} else {
|
||||
logger.Println("including rules: default")
|
||||
logger.Println("Including rules: default")
|
||||
}
|
||||
|
||||
if exclude != "" {
|
||||
logger.Printf("excluding rules: %s", exclude)
|
||||
logger.Printf("Excluding rules: %s", exclude)
|
||||
excluding := strings.Split(exclude, ",")
|
||||
filters = append(filters, rules.NewRuleFilter(true, excluding...))
|
||||
} else {
|
||||
logger.Println("excluding rules: default")
|
||||
logger.Println("Excluding rules: default")
|
||||
}
|
||||
return rules.Generate(filters...)
|
||||
}
|
||||
|
@ -244,7 +243,7 @@ func main() {
|
|||
// Load enabled rule definitions
|
||||
ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude)
|
||||
if len(ruleDefinitions) == 0 {
|
||||
logger.Fatal("cannot continue: no rules are configured.")
|
||||
logger.Fatal("No rules are configured")
|
||||
}
|
||||
|
||||
// Create the analyzer
|
||||
|
@ -253,15 +252,15 @@ func main() {
|
|||
|
||||
vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
|
||||
var packages []string
|
||||
// Iterate over packages on the import paths
|
||||
for _, pkg := range gotool.ImportPaths(flag.Args()) {
|
||||
// Skip vendor directory
|
||||
if !*flagScanVendor {
|
||||
if vendor.MatchString(pkg) {
|
||||
continue
|
||||
for _, path := range flag.Args() {
|
||||
pcks, err := gosec.PackagePaths(path, vendor)
|
||||
if err != nil {
|
||||
logger.Fatal(err)
|
||||
}
|
||||
packages = append(packages, pcks...)
|
||||
}
|
||||
packages = append(packages, pkg)
|
||||
if len(packages) == 0 {
|
||||
logger.Fatal("No packages found")
|
||||
}
|
||||
|
||||
var buildTags []string
|
||||
|
|
1
go.mod
1
go.mod
|
@ -3,7 +3,6 @@ module github.com/securego/gosec
|
|||
require (
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/golang/protobuf v1.3.1 // indirect
|
||||
github.com/kisielk/gotool v1.0.0
|
||||
github.com/kr/pretty v0.1.0 // indirect
|
||||
github.com/lib/pq v1.1.0 // indirect
|
||||
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd
|
||||
|
|
2
go.sum
2
go.sum
|
@ -9,8 +9,6 @@ github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg
|
|||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
|
|
30
helpers.go
30
helpers.go
|
@ -23,6 +23,7 @@ import (
|
|||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -357,3 +358,32 @@ func FindVarIdentities(n *ast.BinaryExpr, c *Context) ([]*ast.Ident, bool) {
|
|||
// if nil or error, return false
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// PackagePaths returns a slice with all packages path at given root directory
|
||||
func PackagePaths(root string, exclude *regexp.Regexp) ([]string, error) {
|
||||
if strings.HasSuffix(root, "...") {
|
||||
root = root[0 : len(root)-3]
|
||||
} else {
|
||||
return []string{root}, nil
|
||||
}
|
||||
paths := map[string]bool{}
|
||||
err := filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
|
||||
if filepath.Ext(path) == ".go" {
|
||||
path = filepath.Dir(path)
|
||||
if exclude != nil && exclude.MatchString(path) {
|
||||
return nil
|
||||
}
|
||||
paths[path] = true
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return []string{}, err
|
||||
}
|
||||
|
||||
result := []string{}
|
||||
for path := range paths {
|
||||
result = append(result, path)
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue