Adding a config block to the analyzer, parsed from JSON

A CLI option can now be given to tell GAS it should parse data
from a JSON file. Fatal errors are given if the file is not
readable or is not valid JSON.
This commit is contained in:
Tim Kelsey 2016-07-29 11:19:50 +01:00
parent 8261ee58d6
commit d4367de2e2
17 changed files with 75 additions and 48 deletions

View file

@ -15,11 +15,13 @@
package core package core
import ( import (
"encoding/json"
"go/ast" "go/ast"
"go/importer" "go/importer"
"go/parser" "go/parser"
"go/token" "go/token"
"go/types" "go/types"
"io/ioutil"
"log" "log"
"os" "os"
"reflect" "reflect"
@ -53,19 +55,33 @@ type Analyzer struct {
logger *log.Logger logger *log.Logger
Issues []Issue `json:"issues"` Issues []Issue `json:"issues"`
Stats Metrics `json:"metrics"` Stats Metrics `json:"metrics"`
Config map[string]interface{}
} }
func NewAnalyzer(ignoreNosec bool, logger *log.Logger) Analyzer { func NewAnalyzer(ignoreNosec bool, conf *string, logger *log.Logger) Analyzer {
if logger == nil { if logger == nil {
logger = log.New(os.Stdout, "[gas]", 0) logger = log.New(os.Stdout, "[gas]", 0)
} }
return Analyzer{ a := Analyzer{
ignoreNosec: ignoreNosec, ignoreNosec: ignoreNosec,
ruleset: make(RuleSet), ruleset: make(RuleSet),
Issues: make([]Issue, 0), Issues: make([]Issue, 0),
context: Context{token.NewFileSet(), nil, nil, nil}, context: Context{token.NewFileSet(), nil, nil, nil},
logger: logger, logger: logger,
Config: nil,
} }
if conf != nil && *conf != "" { // if we have a config
if data, err := ioutil.ReadFile(*conf); err == nil {
if err := json.Unmarshal(data, &(a.Config)); err != nil {
logger.Fatal("Could not parse JSON config: ", *conf, ": ", err)
}
} else {
logger.Fatal("Could not read config file: ", *conf)
}
}
return a
} }
func (gas *Analyzer) process(filename string, source interface{}) error { func (gas *Analyzer) process(filename string, source interface{}) error {

View file

@ -35,6 +35,8 @@ var flagFormat = flag.String("fmt", "text", "Set output format. Valid options ar
// output file // output file
var flagOutput = flag.String("out", "", "Set output file for results") var flagOutput = flag.String("out", "", "Set output file for results")
var flagConfig = flag.String("conf", "", "Path to optional config file")
var usageText = ` var usageText = `
GAS - Go AST Scanner GAS - Go AST Scanner
@ -99,7 +101,7 @@ func main() {
} }
// Setup analyzer // Setup analyzer
analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, logger) analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, flagConfig, logger)
if !rules.overwritten { if !rules.overwritten {
rules.useDefaults() rules.useDefaults()
} }

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestBind0000(t *testing.T) { func TestBind0000(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBindsToAllNetworkInterfaces()) analyzer.AddRule(NewBindsToAllNetworkInterfaces())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -41,7 +42,7 @@ func TestBind0000(t *testing.T) {
} }
func TestBindEmptyHost(t *testing.T) { func TestBindEmptyHost(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBindsToAllNetworkInterfaces()) analyzer.AddRule(NewBindsToAllNetworkInterfaces())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -21,7 +21,7 @@ import (
) )
func TestErrorsMulti(t *testing.T) { func TestErrorsMulti(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck()) analyzer.AddRule(NewNoErrorCheck())
issues := gasTestRunner( issues := gasTestRunner(
@ -43,7 +43,7 @@ func TestErrorsMulti(t *testing.T) {
} }
func TestErrorsSingle(t *testing.T) { func TestErrorsSingle(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck()) analyzer.AddRule(NewNoErrorCheck())
issues := gasTestRunner( issues := gasTestRunner(
@ -65,7 +65,7 @@ func TestErrorsSingle(t *testing.T) {
} }
func TestErrorsGood(t *testing.T) { func TestErrorsGood(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck()) analyzer.AddRule(NewNoErrorCheck())
issues := gasTestRunner( issues := gasTestRunner(

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestChmod(t *testing.T) { func TestChmod(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewChmodPerms()) analyzer.AddRule(NewChmodPerms())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -35,7 +36,7 @@ func TestChmod(t *testing.T) {
} }
func TestMkdir(t *testing.T) { func TestMkdir(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewMkdirPerms()) analyzer.AddRule(NewMkdirPerms())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestHardcoded(t *testing.T) { func TestHardcoded(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewHardcodedCredentials()) analyzer.AddRule(NewHardcodedCredentials())
issues := gasTestRunner( issues := gasTestRunner(

View file

@ -21,7 +21,7 @@ import (
) )
func TestHttpoxy(t *testing.T) { func TestHttpoxy(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewHttpoxyTest()) analyzer.AddRule(NewHttpoxyTest())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -21,7 +21,7 @@ import (
) )
func TestNosec(t *testing.T) { func TestNosec(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc()) analyzer.AddRule(NewSubproc())
issues := gasTestRunner( issues := gasTestRunner(
@ -39,7 +39,7 @@ func TestNosec(t *testing.T) {
} }
func TestNosecBlock(t *testing.T) { func TestNosecBlock(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc()) analyzer.AddRule(NewSubproc())
issues := gasTestRunner( issues := gasTestRunner(

View file

@ -21,7 +21,7 @@ import (
) )
func TestRandOk(t *testing.T) { func TestRandOk(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakRandCheck()) analyzer.AddRule(NewWeakRandCheck())
issues := gasTestRunner( issues := gasTestRunner(
@ -38,7 +38,7 @@ func TestRandOk(t *testing.T) {
} }
func TestRandBad(t *testing.T) { func TestRandBad(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakRandCheck()) analyzer.AddRule(NewWeakRandCheck())
issues := gasTestRunner( issues := gasTestRunner(

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestRSAKeys(t *testing.T) { func TestRSAKeys(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakKeyStrength()) analyzer.AddRule(NewWeakKeyStrength())
issues := gasTestRunner( issues := gasTestRunner(

View file

@ -21,7 +21,7 @@ import (
) )
func TestSQLInjectionViaConcatenation(t *testing.T) { func TestSQLInjectionViaConcatenation(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat()) analyzer.AddRule(NewSqlStrConcat())
source := ` source := `
@ -48,7 +48,7 @@ func TestSQLInjectionViaConcatenation(t *testing.T) {
} }
func TestSQLInjectionViaIntepolation(t *testing.T) { func TestSQLInjectionViaIntepolation(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrFormat()) analyzer.AddRule(NewSqlStrFormat())
source := ` source := `
@ -77,7 +77,7 @@ func TestSQLInjectionViaIntepolation(t *testing.T) {
} }
func TestSQLInjectionFalsePositiveA(t *testing.T) { func TestSQLInjectionFalsePositiveA(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat()) analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat()) analyzer.AddRule(NewSqlStrFormat())
@ -112,7 +112,7 @@ func TestSQLInjectionFalsePositiveA(t *testing.T) {
} }
func TestSQLInjectionFalsePositiveB(t *testing.T) { func TestSQLInjectionFalsePositiveB(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat()) analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat()) analyzer.AddRule(NewSqlStrFormat())
@ -147,7 +147,7 @@ func TestSQLInjectionFalsePositiveB(t *testing.T) {
} }
func TestSQLInjectionFalsePositiveC(t *testing.T) { func TestSQLInjectionFalsePositiveC(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat()) analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat()) analyzer.AddRule(NewSqlStrFormat())
@ -182,7 +182,7 @@ func TestSQLInjectionFalsePositiveC(t *testing.T) {
} }
func TestSQLInjectionFalsePositiveD(t *testing.T) { func TestSQLInjectionFalsePositiveD(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat()) analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat()) analyzer.AddRule(NewSqlStrFormat())

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestSubprocess(t *testing.T) { func TestSubprocess(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc()) analyzer.AddRule(NewSubproc())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -46,7 +47,7 @@ func TestSubprocess(t *testing.T) {
} }
func TestSubprocessVar(t *testing.T) { func TestSubprocessVar(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc()) analyzer.AddRule(NewSubproc())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -73,7 +74,7 @@ func TestSubprocessVar(t *testing.T) {
} }
func TestSubprocessPath(t *testing.T) { func TestSubprocessPath(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc()) analyzer.AddRule(NewSubproc())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestTempfiles(t *testing.T) { func TestTempfiles(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBadTempFile()) analyzer.AddRule(NewBadTempFile())
source := ` source := `

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestTemplateCheckSafe(t *testing.T) { func TestTemplateCheckSafe(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck()) analyzer.AddRule(NewTemplateCheck())
source := ` source := `
@ -47,7 +48,7 @@ func TestTemplateCheckSafe(t *testing.T) {
} }
func TestTemplateCheckBadHTML(t *testing.T) { func TestTemplateCheckBadHTML(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck()) analyzer.AddRule(NewTemplateCheck())
source := ` source := `
@ -75,7 +76,7 @@ func TestTemplateCheckBadHTML(t *testing.T) {
} }
func TestTemplateCheckBadJS(t *testing.T) { func TestTemplateCheckBadJS(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck()) analyzer.AddRule(NewTemplateCheck())
source := ` source := `
@ -103,7 +104,7 @@ func TestTemplateCheckBadJS(t *testing.T) {
} }
func TestTemplateCheckBadURL(t *testing.T) { func TestTemplateCheckBadURL(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck()) analyzer.AddRule(NewTemplateCheck())
source := ` source := `

View file

@ -21,7 +21,7 @@ import (
) )
func TestInsecureSkipVerify(t *testing.T) { func TestInsecureSkipVerify(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewModernTlsCheck()) analyzer.AddRule(NewModernTlsCheck())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -49,7 +49,7 @@ func TestInsecureSkipVerify(t *testing.T) {
} }
func TestInsecureMinVersion(t *testing.T) { func TestInsecureMinVersion(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewModernTlsCheck()) analyzer.AddRule(NewModernTlsCheck())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -77,7 +77,7 @@ func TestInsecureMinVersion(t *testing.T) {
} }
func TestInsecureMaxVersion(t *testing.T) { func TestInsecureMaxVersion(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewModernTlsCheck()) analyzer.AddRule(NewModernTlsCheck())
issues := gasTestRunner(` issues := gasTestRunner(`
@ -105,7 +105,7 @@ func TestInsecureMaxVersion(t *testing.T) {
} }
func TestInsecureCipherSuite(t *testing.T) { func TestInsecureCipherSuite(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewModernTlsCheck()) analyzer.AddRule(NewModernTlsCheck())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestUnsafe(t *testing.T) { func TestUnsafe(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewUsingUnsafe()) analyzer.AddRule(NewUsingUnsafe())
issues := gasTestRunner(` issues := gasTestRunner(`

View file

@ -15,12 +15,13 @@
package rules package rules
import ( import (
gas "github.com/HewlettPackard/gas/core"
"testing" "testing"
gas "github.com/HewlettPackard/gas/core"
) )
func TestMD5(t *testing.T) { func TestMD5(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewImportsWeakCryptography()) analyzer.AddRule(NewImportsWeakCryptography())
analyzer.AddRule(NewUsesWeakCryptography()) analyzer.AddRule(NewUsesWeakCryptography())
@ -41,7 +42,7 @@ func TestMD5(t *testing.T) {
} }
func TestDES(t *testing.T) { func TestDES(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewImportsWeakCryptography()) analyzer.AddRule(NewImportsWeakCryptography())
analyzer.AddRule(NewUsesWeakCryptography()) analyzer.AddRule(NewUsesWeakCryptography())
@ -80,7 +81,7 @@ func TestDES(t *testing.T) {
} }
func TestRC4(t *testing.T) { func TestRC4(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil) analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewImportsWeakCryptography()) analyzer.AddRule(NewImportsWeakCryptography())
analyzer.AddRule(NewUsesWeakCryptography()) analyzer.AddRule(NewUsesWeakCryptography())