mirror of
https://github.com/securego/gosec.git
synced 2024-12-26 04:25:52 +00:00
Merge pull request #170 from cosmincojocar/build_more_checks
Update the build file with more checks
This commit is contained in:
Grant Murphy
GitHub
commit
d48668e9e7
5 changed files with 37 additions and 26 deletions
12
.travis.yml
12
.travis.yml
|
|
@ -1,17 +1,25 @@
|
||||||
language: go
|
language: go
|
||||||
before_script:
|
|
||||||
- go vet $(go list ./... | grep -v /vendor/)
|
|
||||||
go:
|
go:
|
||||||
- 1.7
|
- 1.7
|
||||||
- 1.8
|
- 1.8
|
||||||
- 1.9
|
- 1.9
|
||||||
- tip
|
- tip
|
||||||
|
|
||||||
install:
|
install:
|
||||||
|
- go get -u github.com/golang/lint/golint
|
||||||
- go get -v github.com/onsi/ginkgo/ginkgo
|
- go get -v github.com/onsi/ginkgo/ginkgo
|
||||||
- go get -v github.com/onsi/gomega
|
- go get -v github.com/onsi/gomega
|
||||||
- go get -v golang.org/x/crypto/ssh
|
- go get -v golang.org/x/crypto/ssh
|
||||||
|
- go get github.com/GoASTScanner/gas/cmd/gas/...
|
||||||
- go get -v -t ./...
|
- go get -v -t ./...
|
||||||
- export PATH=$PATH:$HOME/gopath/bin
|
- export PATH=$PATH:$HOME/gopath/bin
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- test -z "$(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)"
|
||||||
|
- test -z "$(golint . | tee /dev/stderr)"
|
||||||
|
- go vet $(go list ./... | grep -v /vendor/)
|
||||||
|
- gas ./...
|
||||||
|
|
||||||
script: ginkgo -r
|
script: ginkgo -r
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,10 @@ func (gas *Analyzer) Process(packagePaths ...string) error {
|
||||||
AllowErrors: true,
|
AllowErrors: true,
|
||||||
}
|
}
|
||||||
for _, packagePath := range packagePaths {
|
for _, packagePath := range packagePaths {
|
||||||
abspath, _ := filepath.Abs(packagePath)
|
abspath, err := filepath.Abs(packagePath)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
gas.logger.Println("Searching directory:", abspath)
|
gas.logger.Println("Searching directory:", abspath)
|
||||||
|
|
||||||
basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)
|
basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)
|
||||||
|
|
|
||||||
2
issue.go
2
issue.go
|
|
@ -76,7 +76,7 @@ func codeSnippet(file *os.File, start int64, end int64, n ast.Node) (string, err
|
||||||
}
|
}
|
||||||
|
|
||||||
size := (int)(end - start) // Go bug, os.File.Read should return int64 ...
|
size := (int)(end - start) // Go bug, os.File.Read should return int64 ...
|
||||||
file.Seek(start, 0)
|
file.Seek(start, 0) // #nosec
|
||||||
|
|
||||||
buf := make([]byte, size)
|
buf := make([]byte, size)
|
||||||
if nread, err := file.Read(buf); err != nil || nread != size {
|
if nread, err := file.Read(buf); err != nil || nread != size {
|
||||||
|
|
|
||||||
|
|
@ -60,35 +60,35 @@ func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter {
|
||||||
func Generate(filters ...RuleFilter) RuleList {
|
func Generate(filters ...RuleFilter) RuleList {
|
||||||
rules := map[string]RuleDefinition{
|
rules := map[string]RuleDefinition{
|
||||||
// misc
|
// misc
|
||||||
"G101": RuleDefinition{"Look for hardcoded credentials", NewHardcodedCredentials},
|
"G101": {"Look for hardcoded credentials", NewHardcodedCredentials},
|
||||||
"G102": RuleDefinition{"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
|
"G102": {"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
|
||||||
"G103": RuleDefinition{"Audit the use of unsafe block", NewUsingUnsafe},
|
"G103": {"Audit the use of unsafe block", NewUsingUnsafe},
|
||||||
"G104": RuleDefinition{"Audit errors not checked", NewNoErrorCheck},
|
"G104": {"Audit errors not checked", NewNoErrorCheck},
|
||||||
"G105": RuleDefinition{"Audit the use of big.Exp function", NewUsingBigExp},
|
"G105": {"Audit the use of big.Exp function", NewUsingBigExp},
|
||||||
"G106": RuleDefinition{"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
|
"G106": {"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
|
||||||
|
|
||||||
// injection
|
// injection
|
||||||
"G201": RuleDefinition{"SQL query construction using format string", NewSQLStrFormat},
|
"G201": {"SQL query construction using format string", NewSQLStrFormat},
|
||||||
"G202": RuleDefinition{"SQL query construction using string concatenation", NewSQLStrConcat},
|
"G202": {"SQL query construction using string concatenation", NewSQLStrConcat},
|
||||||
"G203": RuleDefinition{"Use of unescaped data in HTML templates", NewTemplateCheck},
|
"G203": {"Use of unescaped data in HTML templates", NewTemplateCheck},
|
||||||
"G204": RuleDefinition{"Audit use of command execution", NewSubproc},
|
"G204": {"Audit use of command execution", NewSubproc},
|
||||||
|
|
||||||
// filesystem
|
// filesystem
|
||||||
"G301": RuleDefinition{"Poor file permissions used when creating a directory", NewMkdirPerms},
|
"G301": {"Poor file permissions used when creating a directory", NewMkdirPerms},
|
||||||
"G302": RuleDefinition{"Poor file permisions used when creation file or using chmod", NewFilePerms},
|
"G302": {"Poor file permisions used when creation file or using chmod", NewFilePerms},
|
||||||
"G303": RuleDefinition{"Creating tempfile using a predictable path", NewBadTempFile},
|
"G303": {"Creating tempfile using a predictable path", NewBadTempFile},
|
||||||
|
|
||||||
// crypto
|
// crypto
|
||||||
"G401": RuleDefinition{"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
|
"G401": {"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
|
||||||
"G402": RuleDefinition{"Look for bad TLS connection settings", NewIntermediateTLSCheck},
|
"G402": {"Look for bad TLS connection settings", NewIntermediateTLSCheck},
|
||||||
"G403": RuleDefinition{"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
|
"G403": {"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
|
||||||
"G404": RuleDefinition{"Insecure random number source (rand)", NewWeakRandCheck},
|
"G404": {"Insecure random number source (rand)", NewWeakRandCheck},
|
||||||
|
|
||||||
// blacklist
|
// blacklist
|
||||||
"G501": RuleDefinition{"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
|
"G501": {"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
|
||||||
"G502": RuleDefinition{"Import blacklist: crypto/des", NewBlacklistedImportDES},
|
"G502": {"Import blacklist: crypto/des", NewBlacklistedImportDES},
|
||||||
"G503": RuleDefinition{"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
|
"G503": {"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
|
||||||
"G504": RuleDefinition{"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
|
"G504": {"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
|
||||||
}
|
}
|
||||||
|
|
||||||
for rule := range rules {
|
for rule := range rules {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue