Merge pull request #170 from cosmincojocar/build_more_checks

Update the build file with more checks
This commit is contained in:
Grant Murphy 2018-02-11 22:30:14 +10:00 committed by GitHub
commit d48668e9e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 26 deletions

View file

@ -1,17 +1,25 @@
language: go language: go
before_script:
- go vet $(go list ./... | grep -v /vendor/)
go: go:
- 1.7 - 1.7
- 1.8 - 1.8
- 1.9 - 1.9
- tip - tip
install: install:
- go get -u github.com/golang/lint/golint
- go get -v github.com/onsi/ginkgo/ginkgo - go get -v github.com/onsi/ginkgo/ginkgo
- go get -v github.com/onsi/gomega - go get -v github.com/onsi/gomega
- go get -v golang.org/x/crypto/ssh - go get -v golang.org/x/crypto/ssh
- go get github.com/GoASTScanner/gas/cmd/gas/...
- go get -v -t ./... - go get -v -t ./...
- export PATH=$PATH:$HOME/gopath/bin - export PATH=$PATH:$HOME/gopath/bin
before_script:
- test -z "$(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)"
- test -z "$(golint . | tee /dev/stderr)"
- go vet $(go list ./... | grep -v /vendor/)
- gas ./...
script: ginkgo -r script: ginkgo -r

View file

@ -102,7 +102,10 @@ func (gas *Analyzer) Process(packagePaths ...string) error {
AllowErrors: true, AllowErrors: true,
} }
for _, packagePath := range packagePaths { for _, packagePath := range packagePaths {
abspath, _ := filepath.Abs(packagePath) abspath, err := filepath.Abs(packagePath)
if err != nil {
return err
}
gas.logger.Println("Searching directory:", abspath) gas.logger.Println("Searching directory:", abspath)
basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment) basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)

View file

@ -15,7 +15,7 @@ var _ = Describe("ImportTracker", func() {
}) })
Context("when I have a valid go package", func() { Context("when I have a valid go package", func() {
It("should record all import specs", func() { It("should record all import specs", func() {
Expect(source).To(Equal(source)) Expect(source).To(Equal(source))
Skip("Not implemented") Skip("Not implemented")
}) })

View file

@ -76,7 +76,7 @@ func codeSnippet(file *os.File, start int64, end int64, n ast.Node) (string, err
} }
size := (int)(end - start) // Go bug, os.File.Read should return int64 ... size := (int)(end - start) // Go bug, os.File.Read should return int64 ...
file.Seek(start, 0) file.Seek(start, 0) // #nosec
buf := make([]byte, size) buf := make([]byte, size)
if nread, err := file.Read(buf); err != nil || nread != size { if nread, err := file.Read(buf); err != nil || nread != size {

View file

@ -60,35 +60,35 @@ func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter {
func Generate(filters ...RuleFilter) RuleList { func Generate(filters ...RuleFilter) RuleList {
rules := map[string]RuleDefinition{ rules := map[string]RuleDefinition{
// misc // misc
"G101": RuleDefinition{"Look for hardcoded credentials", NewHardcodedCredentials}, "G101": {"Look for hardcoded credentials", NewHardcodedCredentials},
"G102": RuleDefinition{"Bind to all interfaces", NewBindsToAllNetworkInterfaces}, "G102": {"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
"G103": RuleDefinition{"Audit the use of unsafe block", NewUsingUnsafe}, "G103": {"Audit the use of unsafe block", NewUsingUnsafe},
"G104": RuleDefinition{"Audit errors not checked", NewNoErrorCheck}, "G104": {"Audit errors not checked", NewNoErrorCheck},
"G105": RuleDefinition{"Audit the use of big.Exp function", NewUsingBigExp}, "G105": {"Audit the use of big.Exp function", NewUsingBigExp},
"G106": RuleDefinition{"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey}, "G106": {"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
// injection // injection
"G201": RuleDefinition{"SQL query construction using format string", NewSQLStrFormat}, "G201": {"SQL query construction using format string", NewSQLStrFormat},
"G202": RuleDefinition{"SQL query construction using string concatenation", NewSQLStrConcat}, "G202": {"SQL query construction using string concatenation", NewSQLStrConcat},
"G203": RuleDefinition{"Use of unescaped data in HTML templates", NewTemplateCheck}, "G203": {"Use of unescaped data in HTML templates", NewTemplateCheck},
"G204": RuleDefinition{"Audit use of command execution", NewSubproc}, "G204": {"Audit use of command execution", NewSubproc},
// filesystem // filesystem
"G301": RuleDefinition{"Poor file permissions used when creating a directory", NewMkdirPerms}, "G301": {"Poor file permissions used when creating a directory", NewMkdirPerms},
"G302": RuleDefinition{"Poor file permisions used when creation file or using chmod", NewFilePerms}, "G302": {"Poor file permisions used when creation file or using chmod", NewFilePerms},
"G303": RuleDefinition{"Creating tempfile using a predictable path", NewBadTempFile}, "G303": {"Creating tempfile using a predictable path", NewBadTempFile},
// crypto // crypto
"G401": RuleDefinition{"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography}, "G401": {"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
"G402": RuleDefinition{"Look for bad TLS connection settings", NewIntermediateTLSCheck}, "G402": {"Look for bad TLS connection settings", NewIntermediateTLSCheck},
"G403": RuleDefinition{"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength}, "G403": {"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
"G404": RuleDefinition{"Insecure random number source (rand)", NewWeakRandCheck}, "G404": {"Insecure random number source (rand)", NewWeakRandCheck},
// blacklist // blacklist
"G501": RuleDefinition{"Import blacklist: crypto/md5", NewBlacklistedImportMD5}, "G501": {"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
"G502": RuleDefinition{"Import blacklist: crypto/des", NewBlacklistedImportDES}, "G502": {"Import blacklist: crypto/des", NewBlacklistedImportDES},
"G503": RuleDefinition{"Import blacklist: crypto/rc4", NewBlacklistedImportRC4}, "G503": {"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
"G504": RuleDefinition{"Import blacklist: net/http/cgi", NewBlacklistedImportCGI}, "G504": {"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
} }
for rule := range rules { for rule := range rules {