mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Configuration
This re-works the way that CLI options are passed through to the analyzer so that they can act as overrides for config options. If not given on the CLI, options will come from a config file. If no file is used then a default value is chosen. Two lists are also populated with tests to include or exclude. These lists are not used for now but will eventually replace the way we select test to run in a future patch to follow.
This commit is contained in:
parent
4e30ca3866
commit
e3b1d33b95
17 changed files with 154 additions and 53 deletions
|
@ -15,13 +15,11 @@
|
||||||
package core
|
package core
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"go/ast"
|
"go/ast"
|
||||||
"go/importer"
|
"go/importer"
|
||||||
"go/parser"
|
"go/parser"
|
||||||
"go/token"
|
"go/token"
|
||||||
"go/types"
|
"go/types"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
@ -59,27 +57,19 @@ type Analyzer struct {
|
||||||
Stats Metrics `json:"metrics"`
|
Stats Metrics `json:"metrics"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAnalyzer(ignoreNosec bool, conf *string, logger *log.Logger) Analyzer {
|
func NewAnalyzer(conf map[string]interface{}, logger *log.Logger) Analyzer {
|
||||||
if logger == nil {
|
if logger == nil {
|
||||||
logger = log.New(os.Stdout, "[gas]", 0)
|
logger = log.New(os.Stdout, "[gas]", 0)
|
||||||
}
|
}
|
||||||
a := Analyzer{
|
a := Analyzer{
|
||||||
ignoreNosec: ignoreNosec,
|
ignoreNosec: conf["ignoreNosec"].(bool),
|
||||||
ruleset: make(RuleSet),
|
ruleset: make(RuleSet),
|
||||||
Issues: make([]Issue, 0),
|
Issues: make([]Issue, 0),
|
||||||
context: Context{token.NewFileSet(), nil, nil, nil, nil, nil},
|
context: Context{token.NewFileSet(), nil, nil, nil, nil, nil},
|
||||||
logger: logger,
|
logger: logger,
|
||||||
}
|
}
|
||||||
|
|
||||||
if conf != nil && *conf != "" { // if we have a config
|
// TODO(tkelsey): use the inc/exc lists
|
||||||
if data, err := ioutil.ReadFile(*conf); err == nil {
|
|
||||||
if err := json.Unmarshal(data, &(a.context.Config)); err != nil {
|
|
||||||
logger.Fatal("Could not parse JSON config: ", *conf, ": ", err)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
logger.Fatal("Could not read config file: ", *conf)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return a
|
return a
|
||||||
}
|
}
|
||||||
|
|
61
main.go
61
main.go
|
@ -15,8 +15,10 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
@ -57,6 +59,51 @@ USAGE:
|
||||||
|
|
||||||
`
|
`
|
||||||
|
|
||||||
|
var logger *log.Logger
|
||||||
|
|
||||||
|
func extendConfList(conf map[string]interface{}, name string, input []string) {
|
||||||
|
if val, ok := conf[name]; ok {
|
||||||
|
if data, ok := val.(*[]string); ok {
|
||||||
|
conf[name] = append(*data, input...)
|
||||||
|
} else {
|
||||||
|
logger.Fatal("Config item must be a string list: ", name)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
conf[name] = []string{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func buildConfig(incRules string, excRules string) map[string]interface{} {
|
||||||
|
config := make(map[string]interface{})
|
||||||
|
if flagConfig != nil && *flagConfig != "" { // parse config if we have one
|
||||||
|
if data, err := ioutil.ReadFile(*flagConfig); err == nil {
|
||||||
|
if err := json.Unmarshal(data, &(config)); err != nil {
|
||||||
|
logger.Fatal("Could not parse JSON config: ", *flagConfig, ": ", err)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
logger.Fatal("Could not read config file: ", *flagConfig)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// add in CLI include and exclude data
|
||||||
|
extendConfList(config, "include", strings.Split(incRules, ","))
|
||||||
|
extendConfList(config, "exclude", strings.Split(excRules, ","))
|
||||||
|
|
||||||
|
// override ignoreNosec if given on CLI
|
||||||
|
if flagIgnoreNoSec != nil {
|
||||||
|
config["ignoreNosec"] = *flagIgnoreNoSec
|
||||||
|
} else {
|
||||||
|
val, ok := config["ignoreNosec"]
|
||||||
|
if !ok {
|
||||||
|
config["ignoreNosec"] = false
|
||||||
|
} else if _, ok := val.(bool); !ok {
|
||||||
|
logger.Fatal("Config value must be a bool: 'ignoreNosec'")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return config
|
||||||
|
}
|
||||||
|
|
||||||
func usage() {
|
func usage() {
|
||||||
fmt.Fprintln(os.Stderr, usageText)
|
fmt.Fprintln(os.Stderr, usageText)
|
||||||
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
||||||
|
@ -70,12 +117,18 @@ func main() {
|
||||||
|
|
||||||
// Exclude files
|
// Exclude files
|
||||||
var excluded filelist = []string{"*_test.go"}
|
var excluded filelist = []string{"*_test.go"}
|
||||||
flag.Var(&excluded, "exclude", "File pattern to exclude from scan")
|
flag.Var(&excluded, "skip", "File pattern to exclude from scan")
|
||||||
|
|
||||||
// Rule configuration
|
// Rule configuration
|
||||||
rules := newRulelist()
|
rules := newRulelist()
|
||||||
flag.Var(&rules, "rule", "GAS rules enabled when performing a scan")
|
flag.Var(&rules, "rule", "GAS rules enabled when performing a scan")
|
||||||
|
|
||||||
|
incRules := ""
|
||||||
|
flag.StringVar(&incRules, "include", "", "comma sperated list of rules to include")
|
||||||
|
|
||||||
|
excRules := ""
|
||||||
|
flag.StringVar(&excRules, "exclude", "", "comma sperated list of rules to exclude")
|
||||||
|
|
||||||
// Custom commands / utilities to run instead of default analyzer
|
// Custom commands / utilities to run instead of default analyzer
|
||||||
tools := newUtils()
|
tools := newUtils()
|
||||||
flag.Var(tools, "tool", "GAS utilities to assist with rule development")
|
flag.Var(tools, "tool", "GAS utilities to assist with rule development")
|
||||||
|
@ -84,7 +137,7 @@ func main() {
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
// Setup logging
|
// Setup logging
|
||||||
logger := log.New(os.Stderr, "[gas]", log.LstdFlags)
|
logger = log.New(os.Stderr, "[gas]", log.LstdFlags)
|
||||||
|
|
||||||
// Ensure at least one file was specified
|
// Ensure at least one file was specified
|
||||||
if flag.NArg() == 0 {
|
if flag.NArg() == 0 {
|
||||||
|
@ -101,7 +154,9 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup analyzer
|
// Setup analyzer
|
||||||
analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, flagConfig, logger)
|
config := buildConfig(incRules, excRules)
|
||||||
|
|
||||||
|
analyzer := gas.NewAnalyzer(config, logger)
|
||||||
if !rules.overwritten {
|
if !rules.overwritten {
|
||||||
rules.useDefaults()
|
rules.useDefaults()
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestBind0000(t *testing.T) {
|
func TestBind0000(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -42,7 +43,8 @@ func TestBind0000(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBindEmptyHost(t *testing.T) {
|
func TestBindEmptyHost(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
analyzer.AddRule(NewBindsToAllNetworkInterfaces())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestErrorsMulti(t *testing.T) {
|
func TestErrorsMulti(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -43,7 +44,8 @@ func TestErrorsMulti(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestErrorsSingle(t *testing.T) {
|
func TestErrorsSingle(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -65,7 +67,8 @@ func TestErrorsSingle(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestErrorsGood(t *testing.T) {
|
func TestErrorsGood(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewNoErrorCheck())
|
analyzer.AddRule(NewNoErrorCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestChmod(t *testing.T) {
|
func TestChmod(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewChmodPerms())
|
analyzer.AddRule(NewChmodPerms())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -36,7 +37,8 @@ func TestChmod(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestMkdir(t *testing.T) {
|
func TestMkdir(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewMkdirPerms())
|
analyzer.AddRule(NewMkdirPerms())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestHardcoded(t *testing.T) {
|
func TestHardcoded(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewHardcodedCredentials())
|
analyzer.AddRule(NewHardcodedCredentials())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestHttpoxy(t *testing.T) {
|
func TestHttpoxy(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestNosec(t *testing.T) {
|
func TestNosec(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -39,7 +40,8 @@ func TestNosec(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNosecBlock(t *testing.T) {
|
func TestNosecBlock(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -58,3 +60,22 @@ func TestNosecBlock(t *testing.T) {
|
||||||
|
|
||||||
checkTestResults(t, issues, 0, "None")
|
checkTestResults(t, issues, 0, "None")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNosecIgnore(t *testing.T) {
|
||||||
|
config := map[string]interface{}{"ignoreNosec": true}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
|
issues := gasTestRunner(
|
||||||
|
`package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
cmd := exec.Command("sh", "-c", config.Command) // #nosec
|
||||||
|
}`, analyzer)
|
||||||
|
|
||||||
|
checkTestResults(t, issues, 1, "Subprocess launching with variable.")
|
||||||
|
}
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRandOk(t *testing.T) {
|
func TestRandOk(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakRandCheck())
|
analyzer.AddRule(NewWeakRandCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
@ -38,7 +39,8 @@ func TestRandOk(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRandBad(t *testing.T) {
|
func TestRandBad(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakRandCheck())
|
analyzer.AddRule(NewWeakRandCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRSAKeys(t *testing.T) {
|
func TestRSAKeys(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewWeakKeyStrength())
|
analyzer.AddRule(NewWeakKeyStrength())
|
||||||
|
|
||||||
issues := gasTestRunner(
|
issues := gasTestRunner(
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSQLInjectionViaConcatenation(t *testing.T) {
|
func TestSQLInjectionViaConcatenation(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -48,7 +49,8 @@ func TestSQLInjectionViaConcatenation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionViaIntepolation(t *testing.T) {
|
func TestSQLInjectionViaIntepolation(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -77,7 +79,8 @@ func TestSQLInjectionViaIntepolation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -112,7 +115,8 @@ func TestSQLInjectionFalsePositiveA(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -147,7 +151,8 @@ func TestSQLInjectionFalsePositiveB(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
@ -182,7 +187,8 @@ func TestSQLInjectionFalsePositiveC(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSQLInjectionFalsePositiveD(t *testing.T) {
|
func TestSQLInjectionFalsePositiveD(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSqlStrConcat())
|
analyzer.AddRule(NewSqlStrConcat())
|
||||||
analyzer.AddRule(NewSqlStrFormat())
|
analyzer.AddRule(NewSqlStrFormat())
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSubprocess(t *testing.T) {
|
func TestSubprocess(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -48,7 +49,8 @@ func TestSubprocess(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessVar(t *testing.T) {
|
func TestSubprocessVar(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -75,7 +77,8 @@ func TestSubprocessVar(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessPath(t *testing.T) {
|
func TestSubprocessPath(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -101,7 +104,8 @@ func TestSubprocessPath(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSubprocessSyscall(t *testing.T) {
|
func TestSubprocessSyscall(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewSubproc())
|
analyzer.AddRule(NewSubproc())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTempfiles(t *testing.T) {
|
func TestTempfiles(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBadTempFile())
|
analyzer.AddRule(NewBadTempFile())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTemplateCheckSafe(t *testing.T) {
|
func TestTemplateCheckSafe(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -48,7 +49,8 @@ func TestTemplateCheckSafe(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadHTML(t *testing.T) {
|
func TestTemplateCheckBadHTML(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -76,7 +78,8 @@ func TestTemplateCheckBadHTML(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadJS(t *testing.T) {
|
func TestTemplateCheckBadJS(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
@ -104,7 +107,8 @@ func TestTemplateCheckBadJS(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplateCheckBadURL(t *testing.T) {
|
func TestTemplateCheckBadURL(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewTemplateCheck())
|
analyzer.AddRule(NewTemplateCheck())
|
||||||
|
|
||||||
source := `
|
source := `
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestInsecureSkipVerify(t *testing.T) {
|
func TestInsecureSkipVerify(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -49,7 +50,8 @@ func TestInsecureSkipVerify(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureMinVersion(t *testing.T) {
|
func TestInsecureMinVersion(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -77,7 +79,8 @@ func TestInsecureMinVersion(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureMaxVersion(t *testing.T) {
|
func TestInsecureMaxVersion(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
@ -105,7 +108,8 @@ func TestInsecureMaxVersion(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestInsecureCipherSuite(t *testing.T) {
|
func TestInsecureCipherSuite(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewModernTlsCheck())
|
analyzer.AddRule(NewModernTlsCheck())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestUnsafe(t *testing.T) {
|
func TestUnsafe(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewUsingUnsafe())
|
analyzer.AddRule(NewUsingUnsafe())
|
||||||
|
|
||||||
issues := gasTestRunner(`
|
issues := gasTestRunner(`
|
||||||
|
|
|
@ -21,7 +21,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestMD5(t *testing.T) {
|
func TestMD5(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
@ -42,7 +43,8 @@ func TestMD5(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDES(t *testing.T) {
|
func TestDES(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
@ -81,7 +83,8 @@ func TestDES(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRC4(t *testing.T) {
|
func TestRC4(t *testing.T) {
|
||||||
analyzer := gas.NewAnalyzer(false, nil, nil)
|
config := map[string]interface{}{"ignoreNosec": false}
|
||||||
|
analyzer := gas.NewAnalyzer(config, nil)
|
||||||
analyzer.AddRule(NewBlacklistImports())
|
analyzer.AddRule(NewBlacklistImports())
|
||||||
analyzer.AddRule(NewUsesWeakCryptography())
|
analyzer.AddRule(NewUsesWeakCryptography())
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue