mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Build improvments (#179)
* Add a semantic version to the usage text * Add a comment to the version function * Inject the version, git tag and build date as build variables * Update README * Fix lint warnings * Update README * Manage dependencies with dep tool instead of godep * Add a Makefile for common build tasks * Update the build file to use the make tool * Update Dockerfile * Add docker entry point in to make the passing of arguments easy * Update README * Add missing tools to the build * Drop 1.7 support and add 1.10 * Fix Go 1.10 according with the travis guidelines https://docs.travis-ci.com/user/languages/go/ * Update the tls-observatory package * Fix lint warnings * Change the output of the tests to be more verbose * Check if the are build errors before executing the rule test
This commit is contained in:
parent
2115402409
commit
e809226800
13 changed files with 311 additions and 348 deletions
19
.travis.yml
19
.travis.yml
|
@ -1,25 +1,20 @@
|
||||||
language: go
|
language: go
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.7
|
|
||||||
- 1.8
|
- 1.8
|
||||||
- 1.9
|
- 1.9
|
||||||
|
- "1.10"
|
||||||
- tip
|
- tip
|
||||||
|
|
||||||
install:
|
install:
|
||||||
|
- go get -u github.com/golang/dep/cmd/dep
|
||||||
- go get -u github.com/golang/lint/golint
|
- go get -u github.com/golang/lint/golint
|
||||||
- go get -v github.com/onsi/ginkgo/ginkgo
|
- go get -u github.com/onsi/ginkgo/ginkgo
|
||||||
- go get -v github.com/onsi/gomega
|
- go get -u github.com/onsi/gomega
|
||||||
- go get -v golang.org/x/crypto/ssh
|
- go get -u golang.org/x/crypto/ssh
|
||||||
- go get github.com/GoASTScanner/gas/cmd/gas/...
|
- go get -u github.com/GoASTScanner/gas/cmd/gas/...
|
||||||
- go get -v -t ./...
|
- go get -v -t ./...
|
||||||
- export PATH=$PATH:$HOME/gopath/bin
|
- export PATH=$PATH:$HOME/gopath/bin
|
||||||
|
|
||||||
before_script:
|
script: make test
|
||||||
- test -z "$(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)"
|
|
||||||
- test -z "$(golint . | tee /dev/stderr)"
|
|
||||||
- go vet $(go list ./... | grep -v /vendor/)
|
|
||||||
- gas ./...
|
|
||||||
|
|
||||||
script: ginkgo -r
|
|
||||||
|
|
||||||
|
|
25
Dockerfile
25
Dockerfile
|
@ -1,23 +1,8 @@
|
||||||
# Docker version must be 17.05 or higher to allow multistage build
|
FROM golang:1.9.4-alpine3.7
|
||||||
# See build and run instructions in README.md
|
|
||||||
|
|
||||||
# Builds Gas for utilization
|
ENV BIN=gas
|
||||||
FROM golang:1.8.1-alpine as builder
|
|
||||||
ENV workspace /go/src/github.com/GoASTScanner/gas
|
|
||||||
ENV GOPATH /go
|
|
||||||
COPY . $workspace
|
|
||||||
WORKDIR $workspace
|
|
||||||
|
|
||||||
RUN go vet $(go list ./... | grep -v /vendor/)
|
COPY build/*-linux-amd64 /go/bin/$BIN
|
||||||
RUN CGO_ENABLED=0 go build -o gas .
|
COPY docker-entrypoint.sh /usr/local/bin
|
||||||
|
|
||||||
########################################################
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||||
|
|
||||||
# Runs Gas on all Go files in the current directory when
|
|
||||||
# 'docker run' command in README is given
|
|
||||||
FROM alpine:3.6
|
|
||||||
|
|
||||||
COPY --from=builder /go/src/github.com/GoASTScanner/gas/gas /
|
|
||||||
|
|
||||||
# Mounted directory should be placed into the workdir
|
|
||||||
CMD /gas $(find . -path ./vendor -prune -o -type f -name "*.go")
|
|
||||||
|
|
302
Godeps/Godeps.json
generated
302
Godeps/Godeps.json
generated
|
@ -1,302 +0,0 @@
|
||||||
{
|
|
||||||
"ImportPath": "github.com/GoASTScanner/gas",
|
|
||||||
"GoVersion": "go1.9",
|
|
||||||
"GodepVersion": "v80",
|
|
||||||
"Packages": [
|
|
||||||
"./..."
|
|
||||||
],
|
|
||||||
"Deps": [
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/kisielk/gotool",
|
|
||||||
"Rev": "0de1eaf82fa3f583ce21fde859f1e7e0c5e9b220"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/mozilla/tls-observatory/constants",
|
|
||||||
"Comment": "1.2.32-17-g17e0ce4b",
|
|
||||||
"Rev": "17e0ce4bfc46eae3d57acf13a2d7c7517655d493"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/adjacency",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/data",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/entropy",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/frequency",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/match",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/matching",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/scoring",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/nbutton23/zxcvbn-go/utils/math",
|
|
||||||
"Rev": "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/config",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/codelocation",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/containernode",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/failer",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/leafnodes",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/remote",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/spec",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/spec_iterator",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/specrunner",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/suite",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/testingtproxy",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/internal/writer",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/reporters",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/reporters/stenographer",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/ginkgo/types",
|
|
||||||
"Comment": "v1.4.0-4-g11459a8",
|
|
||||||
"Rev": "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/format",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/internal/assertion",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/internal/asyncassertion",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/internal/oraclematcher",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/internal/testingtsupport",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/matchers",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/matchers/support/goraph/bipartitegraph",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/matchers/support/goraph/edge",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/matchers/support/goraph/node",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/matchers/support/goraph/util",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/onsi/gomega/types",
|
|
||||||
"Comment": "v1.2.0-2-gdcabb60",
|
|
||||||
"Rev": "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "github.com/ryanuber/go-glob",
|
|
||||||
"Comment": "v0.1-4-g256dc44",
|
|
||||||
"Rev": "256dc444b735e061061cf46c809487313d5b0065"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/net/html",
|
|
||||||
"Rev": "8351a756f30f1297fe94bbf4b767ec589c6ea6d0"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/net/html/atom",
|
|
||||||
"Rev": "8351a756f30f1297fe94bbf4b767ec589c6ea6d0"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/net/html/charset",
|
|
||||||
"Rev": "8351a756f30f1297fe94bbf4b767ec589c6ea6d0"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/sys/unix",
|
|
||||||
"Rev": "164713f0dfcec4e80be8b53e1f0811f5f0d84578"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/charmap",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/htmlindex",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/internal",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/internal/identifier",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/japanese",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/korean",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/simplifiedchinese",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/traditionalchinese",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/encoding/unicode",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/internal/tag",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/internal/utf8internal",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/language",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/runes",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/text/transform",
|
|
||||||
"Rev": "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/tools/go/ast/astutil",
|
|
||||||
"Rev": "e531a2a1c15f94033f6fa87666caeb19a688175f"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/tools/go/buildutil",
|
|
||||||
"Rev": "e531a2a1c15f94033f6fa87666caeb19a688175f"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "golang.org/x/tools/go/loader",
|
|
||||||
"Rev": "e531a2a1c15f94033f6fa87666caeb19a688175f"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"ImportPath": "gopkg.in/yaml.v2",
|
|
||||||
"Rev": "d670f9405373e636a5a2765eea47fac0c9bc91a4"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
5
Godeps/Readme
generated
5
Godeps/Readme
generated
|
@ -1,5 +0,0 @@
|
||||||
This directory tree is generated automatically by godep.
|
|
||||||
|
|
||||||
Please do not edit.
|
|
||||||
|
|
||||||
See https://github.com/tools/godep for more information.
|
|
134
Gopkg.lock
generated
Normal file
134
Gopkg.lock
generated
Normal file
|
@ -0,0 +1,134 @@
|
||||||
|
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
|
||||||
|
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "github.com/kisielk/gotool"
|
||||||
|
packages = ["."]
|
||||||
|
revision = "0de1eaf82fa3f583ce21fde859f1e7e0c5e9b220"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
branch = "master"
|
||||||
|
name = "github.com/mozilla/tls-observatory"
|
||||||
|
packages = ["constants"]
|
||||||
|
revision = "26cf7187f27c96815d0b4d4ad6da36c7161d4bf8"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "github.com/nbutton23/zxcvbn-go"
|
||||||
|
packages = [
|
||||||
|
".",
|
||||||
|
"adjacency",
|
||||||
|
"data",
|
||||||
|
"entropy",
|
||||||
|
"frequency",
|
||||||
|
"match",
|
||||||
|
"matching",
|
||||||
|
"scoring",
|
||||||
|
"utils/math"
|
||||||
|
]
|
||||||
|
revision = "a22cb81b2ecdde8b68e9ffb8824731cbf88e1de4"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "github.com/onsi/ginkgo"
|
||||||
|
packages = [
|
||||||
|
".",
|
||||||
|
"config",
|
||||||
|
"internal/codelocation",
|
||||||
|
"internal/containernode",
|
||||||
|
"internal/failer",
|
||||||
|
"internal/leafnodes",
|
||||||
|
"internal/remote",
|
||||||
|
"internal/spec",
|
||||||
|
"internal/spec_iterator",
|
||||||
|
"internal/specrunner",
|
||||||
|
"internal/suite",
|
||||||
|
"internal/testingtproxy",
|
||||||
|
"internal/writer",
|
||||||
|
"reporters",
|
||||||
|
"reporters/stenographer",
|
||||||
|
"reporters/stenographer/support/go-colorable",
|
||||||
|
"reporters/stenographer/support/go-isatty",
|
||||||
|
"types"
|
||||||
|
]
|
||||||
|
revision = "11459a886d9cd66b319dac7ef1e917ee221372c9"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "github.com/onsi/gomega"
|
||||||
|
packages = [
|
||||||
|
".",
|
||||||
|
"format",
|
||||||
|
"internal/assertion",
|
||||||
|
"internal/asyncassertion",
|
||||||
|
"internal/oraclematcher",
|
||||||
|
"internal/testingtsupport",
|
||||||
|
"matchers",
|
||||||
|
"matchers/support/goraph/bipartitegraph",
|
||||||
|
"matchers/support/goraph/edge",
|
||||||
|
"matchers/support/goraph/node",
|
||||||
|
"matchers/support/goraph/util",
|
||||||
|
"types"
|
||||||
|
]
|
||||||
|
revision = "dcabb60a477c2b6f456df65037cb6708210fbb02"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
branch = "master"
|
||||||
|
name = "github.com/ryanuber/go-glob"
|
||||||
|
packages = ["."]
|
||||||
|
revision = "256dc444b735e061061cf46c809487313d5b0065"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "golang.org/x/net"
|
||||||
|
packages = [
|
||||||
|
"html",
|
||||||
|
"html/atom",
|
||||||
|
"html/charset"
|
||||||
|
]
|
||||||
|
revision = "8351a756f30f1297fe94bbf4b767ec589c6ea6d0"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "golang.org/x/sys"
|
||||||
|
packages = ["unix"]
|
||||||
|
revision = "164713f0dfcec4e80be8b53e1f0811f5f0d84578"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "golang.org/x/text"
|
||||||
|
packages = [
|
||||||
|
"encoding",
|
||||||
|
"encoding/charmap",
|
||||||
|
"encoding/htmlindex",
|
||||||
|
"encoding/internal",
|
||||||
|
"encoding/internal/identifier",
|
||||||
|
"encoding/japanese",
|
||||||
|
"encoding/korean",
|
||||||
|
"encoding/simplifiedchinese",
|
||||||
|
"encoding/traditionalchinese",
|
||||||
|
"encoding/unicode",
|
||||||
|
"internal/gen",
|
||||||
|
"internal/tag",
|
||||||
|
"internal/utf8internal",
|
||||||
|
"language",
|
||||||
|
"runes",
|
||||||
|
"transform",
|
||||||
|
"unicode/cldr"
|
||||||
|
]
|
||||||
|
revision = "1cbadb444a806fd9430d14ad08967ed91da4fa0a"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "golang.org/x/tools"
|
||||||
|
packages = [
|
||||||
|
"go/ast/astutil",
|
||||||
|
"go/buildutil",
|
||||||
|
"go/loader"
|
||||||
|
]
|
||||||
|
revision = "e531a2a1c15f94033f6fa87666caeb19a688175f"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
name = "gopkg.in/yaml.v2"
|
||||||
|
packages = ["."]
|
||||||
|
revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f"
|
||||||
|
|
||||||
|
[solve-meta]
|
||||||
|
analyzer-name = "dep"
|
||||||
|
analyzer-version = 1
|
||||||
|
inputs-digest = "706e049cd8b8db8705af09e7a375a999d01373a409beadc850c80d64de9849fd"
|
||||||
|
solver-name = "gps-cdcl"
|
||||||
|
solver-version = 1
|
38
Gopkg.toml
Normal file
38
Gopkg.toml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Gopkg.toml example
|
||||||
|
#
|
||||||
|
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
|
||||||
|
# for detailed Gopkg.toml documentation.
|
||||||
|
#
|
||||||
|
# required = ["github.com/user/thing/cmd/thing"]
|
||||||
|
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
|
||||||
|
#
|
||||||
|
# [[constraint]]
|
||||||
|
# name = "github.com/user/project"
|
||||||
|
# version = "1.0.0"
|
||||||
|
#
|
||||||
|
# [[constraint]]
|
||||||
|
# name = "github.com/user/project2"
|
||||||
|
# branch = "dev"
|
||||||
|
# source = "github.com/myfork/project2"
|
||||||
|
#
|
||||||
|
# [[override]]
|
||||||
|
# name = "github.com/x/y"
|
||||||
|
# version = "2.4.0"
|
||||||
|
#
|
||||||
|
# [prune]
|
||||||
|
# non-go = false
|
||||||
|
# go-tests = true
|
||||||
|
# unused-packages = true
|
||||||
|
|
||||||
|
|
||||||
|
[[constraint]]
|
||||||
|
branch = "master"
|
||||||
|
name = "github.com/mozilla/tls-observatory"
|
||||||
|
|
||||||
|
[[constraint]]
|
||||||
|
branch = "master"
|
||||||
|
name = "github.com/ryanuber/go-glob"
|
||||||
|
|
||||||
|
[prune]
|
||||||
|
go-tests = true
|
||||||
|
unused-packages = true
|
48
Makefile
Normal file
48
Makefile
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
GIT_TAG?= $(shell git describe --always --tags)
|
||||||
|
BUILD_DATE = $(shell date +%Y-%m-%d)
|
||||||
|
BIN = gas
|
||||||
|
BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gas/ &
|
||||||
|
FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
|
||||||
|
IMAGE_REPO = docker.io
|
||||||
|
|
||||||
|
default:
|
||||||
|
$(MAKE) bootstrap
|
||||||
|
$(MAKE) build
|
||||||
|
|
||||||
|
test: bootstrap
|
||||||
|
test -z '$(FMT_CMD)'
|
||||||
|
go vet $(go list ./... | grep -v /vendor/)
|
||||||
|
golint -set_exit_status $(shell go list ./... | grep -v vendor)
|
||||||
|
gas ./...
|
||||||
|
ginkgo -r -v
|
||||||
|
bootstrap:
|
||||||
|
dep ensure
|
||||||
|
build:
|
||||||
|
go build -o $(BIN) ./cmd/gas/
|
||||||
|
clean:
|
||||||
|
rm -rf build vendor
|
||||||
|
rm -f release image bootstrap $(BIN)
|
||||||
|
release: bootstrap
|
||||||
|
ifndef VERSION
|
||||||
|
$(error VERSION flag is not set. Run 'make release VERSION=<YOUR VERSION>'.)
|
||||||
|
endif
|
||||||
|
@echo "Running build command..."
|
||||||
|
bash -c '\
|
||||||
|
export GOOS=linux; export GOARCH=amd64; export CGO_ENABLED=0; $(BUILD_CMD) \
|
||||||
|
wait \
|
||||||
|
'
|
||||||
|
touch release
|
||||||
|
|
||||||
|
image: release
|
||||||
|
@echo "Building the Docker image..."
|
||||||
|
docker build -t $(IMAGE_REPO)/$(BIN):$(VERSION) .
|
||||||
|
docker tag $(IMAGE_REPO)/$(BIN):$(VERSION) $(IMAGE_REPO)/$(BIN):latest
|
||||||
|
touch image
|
||||||
|
|
||||||
|
image-push: image
|
||||||
|
@echo "Pushing the Docker image..."
|
||||||
|
docker push $(IMAGE_REPO)/$(BIN):$(VERSION)
|
||||||
|
docker push $(IMAGE_REPO)/$(BIN):latest
|
||||||
|
|
||||||
|
.PHONY: test build clean image-push
|
||||||
|
|
54
README.md
54
README.md
|
@ -114,8 +114,60 @@ file. The output format is controlled by the '-fmt' flag, and the output file is
|
||||||
# Write output in json format to results.json
|
# Write output in json format to results.json
|
||||||
$ gas -fmt=json -out=results.json *.go
|
$ gas -fmt=json -out=results.json *.go
|
||||||
```
|
```
|
||||||
|
### Development
|
||||||
|
|
||||||
### Generate TLS rule
|
#### Build
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Tests
|
||||||
|
|
||||||
|
```
|
||||||
|
make tests
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Release Build
|
||||||
|
|
||||||
|
Gas can be released as follows:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
make release VERSION=2.0.0
|
||||||
|
```
|
||||||
|
|
||||||
|
The released version of the tool is available in the `build` folder. The build information should be displayed in the usage text.
|
||||||
|
|
||||||
|
```
|
||||||
|
./build/gas-2.0.0-linux-amd64 -h
|
||||||
|
|
||||||
|
GAS - Go AST Scanner
|
||||||
|
|
||||||
|
Gas analyzes Go source code to look for common programming mistakes that
|
||||||
|
can lead to security problems.
|
||||||
|
|
||||||
|
VERSION: 2.0.0
|
||||||
|
GIT TAG: 96489ff
|
||||||
|
BUILD DATE: 2018-02-21
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Docker image
|
||||||
|
|
||||||
|
You can execute a release and build the docker image as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
make image VERSION=2.0.0
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you can run the gas tool in a container against your local workspace:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run -it -v <YOUR LOCAL WORKSPACE>:/workspace gas /workspace
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Generate TLS rule
|
||||||
|
|
||||||
The configuration of TLS rule can be generated from [Mozilla's TLS ciphers recommendation](https://statics.tls.security.mozilla.org/server-side-tls-conf.json).
|
The configuration of TLS rule can be generated from [Mozilla's TLS ciphers recommendation](https://statics.tls.security.mozilla.org/server-side-tls-conf.json).
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,10 @@ GAS - Go AST Scanner
|
||||||
Gas analyzes Go source code to look for common programming mistakes that
|
Gas analyzes Go source code to look for common programming mistakes that
|
||||||
can lead to security problems.
|
can lead to security problems.
|
||||||
|
|
||||||
|
VERSION: %s
|
||||||
|
GIT TAG: %s
|
||||||
|
BUILD DATE: %s
|
||||||
|
|
||||||
USAGE:
|
USAGE:
|
||||||
|
|
||||||
# Check a single package
|
# Check a single package
|
||||||
|
@ -88,6 +92,7 @@ var (
|
||||||
// #nosec
|
// #nosec
|
||||||
func usage() {
|
func usage() {
|
||||||
|
|
||||||
|
usageText := fmt.Sprintf(usageText, Version, GitTag, BuildDate)
|
||||||
fmt.Fprintln(os.Stderr, usageText)
|
fmt.Fprintln(os.Stderr, usageText)
|
||||||
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
||||||
flag.PrintDefaults()
|
flag.PrintDefaults()
|
||||||
|
|
10
cmd/gas/version.go
Normal file
10
cmd/gas/version.go
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
// Version is the build version
|
||||||
|
var Version string
|
||||||
|
|
||||||
|
// GitTag is the git tag of the build
|
||||||
|
var GitTag string
|
||||||
|
|
||||||
|
// BuildDate is the date when the build was created
|
||||||
|
var BuildDate string
|
2
docker-entrypoint.sh
Executable file
2
docker-entrypoint.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
${BIN} "$@"
|
|
@ -32,9 +32,10 @@ var _ = Describe("gas rules", func() {
|
||||||
pkg := testutils.NewTestPackage()
|
pkg := testutils.NewTestPackage()
|
||||||
defer pkg.Close()
|
defer pkg.Close()
|
||||||
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
||||||
pkg.Build()
|
err := pkg.Build()
|
||||||
e := analyzer.Process(pkg.Path)
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
Expect(e).ShouldNot(HaveOccurred())
|
err = analyzer.Process(pkg.Path)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
issues, _ := analyzer.Report()
|
issues, _ := analyzer.Report()
|
||||||
if len(issues) != sample.Errors {
|
if len(issues) != sample.Errors {
|
||||||
fmt.Println(sample.Code)
|
fmt.Println(sample.Code)
|
||||||
|
|
10
rules/sql.go
10
rules/sql.go
|
@ -28,12 +28,12 @@ type sqlStatement struct {
|
||||||
patterns []*regexp.Regexp
|
patterns []*regexp.Regexp
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *sqlStatement) ID() string {
|
func (s *sqlStatement) ID() string {
|
||||||
return r.MetaData.ID
|
return s.MetaData.ID
|
||||||
}
|
}
|
||||||
|
|
||||||
// See if the string matches the patterns for the statement.
|
// See if the string matches the patterns for the statement.
|
||||||
func (s sqlStatement) MatchPatterns(str string) bool {
|
func (s *sqlStatement) MatchPatterns(str string) bool {
|
||||||
for _, pattern := range s.patterns {
|
for _, pattern := range s.patterns {
|
||||||
if !pattern.MatchString(str) {
|
if !pattern.MatchString(str) {
|
||||||
return false
|
return false
|
||||||
|
@ -46,8 +46,8 @@ type sqlStrConcat struct {
|
||||||
sqlStatement
|
sqlStatement
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *sqlStrConcat) ID() string {
|
func (s *sqlStrConcat) ID() string {
|
||||||
return r.MetaData.ID
|
return s.MetaData.ID
|
||||||
}
|
}
|
||||||
|
|
||||||
// see if we can figure out what it is
|
// see if we can figure out what it is
|
||||||
|
|
Loading…
Reference in a new issue