actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-01-11 20:35:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor the rules tests to be able to configure the analyzer config per test sample

Browse source 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2019-06-25 10:29:19 +02:00
parent 36a82ea85e
commit ed9934fa48
3 changed files with 82 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
analyzer.go
View file

@ -92,6 +92,11 @@ func NewAnalyzer(conf Config, tests bool, logger *log.Logger) *Analyzer {
} }
} }
// SetConfig upates the analyzer configuration
func (gosec *Analyzer) SetConfig(conf Config) {
gosec.config = conf
}
// LoadRules instantiates all the rules to be used when analyzing source // LoadRules instantiates all the rules to be used when analyzing source
// packages // packages
func (gosec *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) { func (gosec *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {

15
rules/rules_test.go
View file

@ -12,18 +12,13 @@ import (
"github.com/securego/gosec/testutils" "github.com/securego/gosec/testutils"
) )
type option struct {
name gosec.GlobalOption
value string
}
var _ = Describe("gosec rules", func() { var _ = Describe("gosec rules", func() {
var ( var (
logger *log.Logger logger *log.Logger
config gosec.Config config gosec.Config
analyzer *gosec.Analyzer analyzer *gosec.Analyzer
runner func(string, []testutils.CodeSample, ...option) runner func(string, []testutils.CodeSample)
buildTags []string buildTags []string
tests bool tests bool
) )
@ -32,13 +27,11 @@ var _ = Describe("gosec rules", func() {
logger, _ = testutils.NewLogger() logger, _ = testutils.NewLogger()
config = gosec.NewConfig() config = gosec.NewConfig()
analyzer = gosec.NewAnalyzer(config, tests, logger) analyzer = gosec.NewAnalyzer(config, tests, logger)
runner = func(rule string, samples []testutils.CodeSample, options ...option) { runner = func(rule string, samples []testutils.CodeSample) {
for _, o := range options {
config.SetGlobal(o.name, o.value)
}
analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, rule)).Builders()) analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, rule)).Builders())
for n, sample := range samples { for n, sample := range samples {
analyzer.Reset() analyzer.Reset()
analyzer.SetConfig(sample.Config)
pkg := testutils.NewTestPackage() pkg := testutils.NewTestPackage()
defer pkg.Close() defer pkg.Close()
for i, code := range sample.Code { for i, code := range sample.Code {
@ -75,7 +68,7 @@ var _ = Describe("gosec rules", func() {
}) })
It("should detect errors not being checked in audit mode", func() { It("should detect errors not being checked in audit mode", func() {
runner("G104", testutils.SampleCodeG104Audit, option{name: gosec.Audit, value: "enabled"}) runner("G104", testutils.SampleCodeG104Audit)
}) })
It("should detect of big.Exp function", func() { It("should detect of big.Exp function", func() {

143
testutils/source.go
View file

@ -1,9 +1,12 @@
package testutils package testutils
import "github.com/securego/gosec"
// CodeSample encapsulates a snippet of source code that compiles, and how many errors should be detected // CodeSample encapsulates a snippet of source code that compiles, and how many errors should be detected
type CodeSample struct { type CodeSample struct {
Code []string Code []string
Errors int Errors int
Config gosec.Config
} }
var ( var (
@ -15,7 +18,7 @@ func main() {
username := "admin" username := "admin"
password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
fmt.Println("Doing something with: ", username, password) fmt.Println("Doing something with: ", username, password)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
// Entropy check should not report this error by default // Entropy check should not report this error by default
package main package main
import "fmt" import "fmt"
@ -23,21 +26,21 @@ func main() {
username := "admin" username := "admin"
password := "secret" password := "secret"
fmt.Println("Doing something with: ", username, password) fmt.Println("Doing something with: ", username, password)
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
import "fmt" import "fmt"
var password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" var password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() { func main() {
username := "admin" username := "admin"
fmt.Println("Doing something with: ", username, password) fmt.Println("Doing something with: ", username, password)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import "fmt" import "fmt"
const password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" const password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
func main() { func main() {
username := "admin" username := "admin"
fmt.Println("Doing something with: ", username, password) fmt.Println("Doing something with: ", username, password)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import "fmt" import "fmt"
const ( const (
@ -46,12 +49,12 @@ const (
) )
func main() { func main() {
fmt.Println("Doing something with: ", username, password) fmt.Println("Doing something with: ", username, password)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
var password string var password string
func init() { func init() {
password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
const ( const (
ATNStateSomethingElse = 1 ATNStateSomethingElse = 1
@ -59,14 +62,14 @@ const (
) )
func main() { func main() {
println(ATNStateTokenStart) println(ATNStateTokenStart)
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
const ( const (
ATNStateTokenStart = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" ATNStateTokenStart = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
) )
func main() { func main() {
println(ATNStateTokenStart) println(ATNStateTokenStart)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG102 code snippets for network binding // SampleCodeG102 code snippets for network binding
SampleCodeG102 = []CodeSample{ SampleCodeG102 = []CodeSample{
@ -83,7 +86,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
defer l.Close() defer l.Close()
}`}, 1}, }`}, 1, gosec.NewConfig()},
// Bind to all networks implicitly (default if host omitted) // Bind to all networks implicitly (default if host omitted)
{[]string{` {[]string{`
@ -98,7 +101,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
defer l.Close() defer l.Close()
}`}, 1}, }`}, 1, gosec.NewConfig()},
// Bind to all networks indirectly through a parsing function // Bind to all networks indirectly through a parsing function
{[]string{` {[]string{`
package main package main
@ -116,7 +119,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
defer l.Close() defer l.Close()
}`}, 1}, }`}, 1, gosec.NewConfig()},
// Bind to all networks indirectly through a parsing function // Bind to all networks indirectly through a parsing function
{[]string{` {[]string{`
package main package main
@ -134,7 +137,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
defer l.Close() defer l.Close()
}`}, 1}, }`}, 1, gosec.NewConfig()},
{[]string{` {[]string{`
package main package main
import ( import (
@ -149,7 +152,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
defer l.Close() defer l.Close()
}`}, 1}, }`}, 1, gosec.NewConfig()},
} }
// SampleCodeG103 find instances of unsafe blocks for auditing purposes // SampleCodeG103 find instances of unsafe blocks for auditing purposes
SampleCodeG103 = []CodeSample{ SampleCodeG103 = []CodeSample{
@ -171,7 +174,7 @@ func main() {
addressHolder := uintptr(unsafe.Pointer(intPtr)) + unsafe.Sizeof(intArray[0]) addressHolder := uintptr(unsafe.Pointer(intPtr)) + unsafe.Sizeof(intArray[0])
intPtr = (*int)(unsafe.Pointer(addressHolder)) intPtr = (*int)(unsafe.Pointer(addressHolder))
fmt.Printf("\nintPtr=%p, *intPtr=%d.\n\n", intPtr, *intPtr) fmt.Printf("\nintPtr=%p, *intPtr=%d.\n\n", intPtr, *intPtr)
}`}, 3}} }`}, 3, gosec.NewConfig()}}
// SampleCodeG104 finds errors that aren't being handled // SampleCodeG104 finds errors that aren't being handled
SampleCodeG104 = []CodeSample{ SampleCodeG104 = []CodeSample{
@ -184,7 +187,7 @@ func test() (int,error) {
func main() { func main() {
v, _ := test() v, _ := test()
fmt.Println(v) fmt.Println(v)
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"io/ioutil" "io/ioutil"
@ -206,7 +209,7 @@ func main() {
a() a()
b() b()
c() c()
}`}, 2}, {[]string{` }`}, 2, gosec.NewConfig()}, {[]string{`
package main package main
import "fmt" import "fmt"
func test() error { func test() error {
@ -215,7 +218,7 @@ func test() error {
func main() { func main() {
e := test() e := test()
fmt.Println(e) fmt.Println(e)
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
// +build go1.10 // +build go1.10
package main package main
@ -229,7 +232,7 @@ func main() {
}`, ` }`, `
package main package main
func dummy(){} func dummy(){}
`}, 0}} `}, 0, gosec.NewConfig()}}
// SampleCodeG104Audit finds errors that aren't being handled in audit mode // SampleCodeG104Audit finds errors that aren't being handled in audit mode
SampleCodeG104Audit = []CodeSample{ SampleCodeG104Audit = []CodeSample{
@ -242,7 +245,7 @@ func test() (int,error) {
func main() { func main() {
v, _ := test() v, _ := test()
fmt.Println(v) fmt.Println(v)
}`}, 1}, {[]string{` }`}, 1, gosec.Config{gosec.Globals: map[gosec.GlobalOption]string{gosec.Audit: "enabled"}}}, {[]string{`
package main package main
import ( import (
"io/ioutil" "io/ioutil"
@ -264,7 +267,7 @@ func main() {
a() a()
b() b()
c() c()
}`}, 3}, {[]string{` }`}, 3, gosec.Config{gosec.Globals: map[gosec.GlobalOption]string{gosec.Audit: "enabled"}}}, {[]string{`
package main package main
import "fmt" import "fmt"
func test() error { func test() error {
@ -273,7 +276,7 @@ func test() error {
func main() { func main() {
e := test() e := test()
fmt.Println(e) fmt.Println(e)
}`}, 0}, {[]string{` }`}, 0, gosec.Config{gosec.Globals: map[gosec.GlobalOption]string{gosec.Audit: "enabled"}}}, {[]string{`
// +build go1.10 // +build go1.10
package main package main
@ -287,7 +290,7 @@ func main() {
}`, ` }`, `
package main package main
func dummy(){} func dummy(){}
`}, 0}} `}, 0, gosec.Config{gosec.Globals: map[gosec.GlobalOption]string{gosec.Audit: "enabled"}}}}
// SampleCodeG105 - bignum overflow // SampleCodeG105 - bignum overflow
SampleCodeG105 = []CodeSample{{[]string{` SampleCodeG105 = []CodeSample{{[]string{`
package main package main
@ -303,7 +306,7 @@ func main() {
m := new(big.Int) m := new(big.Int)
m = m.SetUint64(0) m = m.SetUint64(0)
z = z.Exp(x, y, m) z = z.Exp(x, y, m)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG106 - ssh InsecureIgnoreHostKey // SampleCodeG106 - ssh InsecureIgnoreHostKey
SampleCodeG106 = []CodeSample{{[]string{` SampleCodeG106 = []CodeSample{{[]string{`
@ -313,7 +316,7 @@ import (
) )
func main() { func main() {
_ = ssh.InsecureIgnoreHostKey() _ = ssh.InsecureIgnoreHostKey()
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG107 - SSRF via http requests with variable url // SampleCodeG107 - SSRF via http requests with variable url
SampleCodeG107 = []CodeSample{{[]string{` SampleCodeG107 = []CodeSample{{[]string{`
@ -341,7 +344,7 @@ func main() {
panic(err) panic(err)
} }
fmt.Printf("%s", body) fmt.Printf("%s", body)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
@ -355,7 +358,7 @@ func main() {
fmt.Println(err) fmt.Println(err)
} }
fmt.Println(resp.Status) fmt.Println(resp.Status)
}`}, 0}} }`}, 0, gosec.NewConfig()}}
// SampleCodeG201 - SQL injection via format string // SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{ SampleCodeG201 = []CodeSample{
{[]string{` {[]string{`
@ -378,7 +381,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
// Format string false positive, safe string spec. // Format string false positive, safe string spec.
package main package main
import ( import (
@ -398,7 +401,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
// Format string false positive // Format string false positive
package main package main
import ( import (
@ -415,7 +418,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
// Format string false positive, quoted formatter argument. // Format string false positive, quoted formatter argument.
package main package main
import ( import (
@ -436,7 +439,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
// false positive // false positive
package main package main
import ( import (
@ -456,7 +459,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"fmt" "fmt"
@ -464,7 +467,7 @@ import (
func main(){ func main(){
fmt.Sprintln() fmt.Sprintln()
}`}, 0}} }`}, 0, gosec.NewConfig()}}
// SampleCodeG202 - SQL query string building via string concatenation // SampleCodeG202 - SQL query string building via string concatenation
SampleCodeG202 = []CodeSample{ SampleCodeG202 = []CodeSample{
@ -484,7 +487,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
// false positive // false positive
package main package main
import ( import (
@ -501,7 +504,7 @@ func main(){
panic(err) panic(err)
} }
defer rows.Close() defer rows.Close()
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"database/sql" "database/sql"
@ -519,7 +522,7 @@ func main(){
} }
defer rows.Close() defer rows.Close()
} }
`}, 0}, {[]string{` `}, 0, gosec.NewConfig()}, {[]string{`
package main package main
const gender = "M" const gender = "M"
`, ` `, `
@ -540,7 +543,7 @@ func main(){
} }
defer rows.Close() defer rows.Close()
} }
`}, 0}} `}, 0, gosec.NewConfig()}}
// SampleCodeG203 - Template checks // SampleCodeG203 - Template checks
SampleCodeG203 = []CodeSample{ SampleCodeG203 = []CodeSample{
@ -560,7 +563,7 @@ func main() {
"Body": template.HTML("<script>alert(1)</script>"), "Body": template.HTML("<script>alert(1)</script>"),
} }
t.Execute(os.Stdout, v) t.Execute(os.Stdout, v)
}`}, 0}, {[]string{ }`}, 0, gosec.NewConfig()}, {[]string{
` `
// Using a variable to initialize could potentially be dangerous. Under the // Using a variable to initialize could potentially be dangerous. Under the
// current model this will likely produce some false positives. // current model this will likely produce some false positives.
@ -578,7 +581,7 @@ func main() {
"Body": template.HTML(a), "Body": template.HTML(a),
} }
t.Execute(os.Stdout, v) t.Execute(os.Stdout, v)
}`}, 1}, {[]string{ }`}, 1, gosec.NewConfig()}, {[]string{
` `
package main package main
import ( import (
@ -594,7 +597,7 @@ func main() {
"Body": template.JS(a), "Body": template.JS(a),
} }
t.Execute(os.Stdout, v) t.Execute(os.Stdout, v)
}`}, 1}, {[]string{ }`}, 1, gosec.NewConfig()}, {[]string{
` `
package main package main
import ( import (
@ -610,7 +613,7 @@ func main() {
"Body": template.URL(a), "Body": template.URL(a),
} }
t.Execute(os.Stdout, v) t.Execute(os.Stdout, v)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG204 - Subprocess auditing // SampleCodeG204 - Subprocess auditing
SampleCodeG204 = []CodeSample{{[]string{` SampleCodeG204 = []CodeSample{{[]string{`
@ -618,7 +621,7 @@ package main
import "syscall" import "syscall"
func main() { func main() {
syscall.Exec("/bin/cat", []string{ "/etc/passwd" }, nil) syscall.Exec("/bin/cat", []string{ "/etc/passwd" }, nil)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"log" "log"
@ -633,7 +636,7 @@ func main() {
log.Printf("Waiting for command to finish...") log.Printf("Waiting for command to finish...")
err = cmd.Wait() err = cmd.Wait()
log.Printf("Command finished with error: %v", err) log.Printf("Command finished with error: %v", err)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"log" "log"
@ -646,7 +649,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
log.Printf("Command finished with error: %v", err) log.Printf("Command finished with error: %v", err)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"log" "log"
@ -663,7 +666,7 @@ func main() {
log.Printf("Waiting for command to finish...") log.Printf("Waiting for command to finish...")
err = cmd.Wait() err = cmd.Wait()
log.Printf("Command finished with error: %v", err) log.Printf("Command finished with error: %v", err)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG301 - mkdir permission check // SampleCodeG301 - mkdir permission check
SampleCodeG301 = []CodeSample{{[]string{` SampleCodeG301 = []CodeSample{{[]string{`
@ -673,7 +676,7 @@ func main() {
os.Mkdir("/tmp/mydir", 0777) os.Mkdir("/tmp/mydir", 0777)
os.Mkdir("/tmp/mydir", 0600) os.Mkdir("/tmp/mydir", 0600)
os.MkdirAll("/tmp/mydir/mysubidr", 0775) os.MkdirAll("/tmp/mydir/mysubidr", 0775)
}`}, 2}} }`}, 2, gosec.NewConfig()}}
// SampleCodeG302 - file create / chmod permissions check // SampleCodeG302 - file create / chmod permissions check
SampleCodeG302 = []CodeSample{{[]string{` SampleCodeG302 = []CodeSample{{[]string{`
@ -684,7 +687,7 @@ func main() {
os.Chmod("/tmp/someotherfile", 0600) os.Chmod("/tmp/someotherfile", 0600)
os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0666) os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0666)
os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0600) os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0600)
}`}, 2}} }`}, 2, gosec.NewConfig()}}
// SampleCodeG303 - bad tempfile permissions & hardcoded shared path // SampleCodeG303 - bad tempfile permissions & hardcoded shared path
SampleCodeG303 = []CodeSample{{[]string{` SampleCodeG303 = []CodeSample{{[]string{`
@ -697,7 +700,7 @@ func main() {
file1, _ := os.Create("/tmp/demo1") file1, _ := os.Create("/tmp/demo1")
defer file1.Close() defer file1.Close()
ioutil.WriteFile("/tmp/demo2", []byte("This is some data"), 0644) ioutil.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
}`}, 2}} }`}, 2, gosec.NewConfig()}}
// SampleCodeG304 - potential file inclusion vulnerability // SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{{[]string{` SampleCodeG304 = []CodeSample{{[]string{`
@ -715,7 +718,7 @@ if err != nil {
} }
log.Print(body) log.Print(body)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
@ -739,7 +742,7 @@ func main() {
fmt.Fprintf(w, "%s", body) fmt.Fprintf(w, "%s", body)
}) })
log.Fatal(http.ListenAndServe(":3000", nil)) log.Fatal(http.ListenAndServe(":3000", nil))
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
@ -755,7 +758,7 @@ import (
log.Printf("Error: %v\n", err) log.Printf("Error: %v\n", err)
} }
log.Print(body) log.Print(body)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
@ -779,7 +782,7 @@ func main() {
fmt.Printf("Error: %v\n", err) fmt.Printf("Error: %v\n", err)
} }
fmt.Println(string(contents)) fmt.Println(string(contents))
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
@ -798,7 +801,7 @@ func main() {
log.Printf("Error: %v\n", err) log.Printf("Error: %v\n", err)
} }
log.Print(body) log.Print(body)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG305 - File path traversal when extracting zip archives // SampleCodeG305 - File path traversal when extracting zip archives
SampleCodeG305 = []CodeSample{{[]string{` SampleCodeG305 = []CodeSample{{[]string{`
@ -846,7 +849,7 @@ func unzip(archive, target string) error {
} }
return nil return nil
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package unzip package unzip
import ( import (
@ -892,7 +895,7 @@ func unzip(archive, target string) error {
} }
return nil return nil
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG401 - Use of weak crypto MD5 // SampleCodeG401 - Use of weak crypto MD5
SampleCodeG401 = []CodeSample{ SampleCodeG401 = []CodeSample{
@ -917,7 +920,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
fmt.Printf("%x", h.Sum(nil)) fmt.Printf("%x", h.Sum(nil))
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG401b - Use of weak crypto SHA1 // SampleCodeG401b - Use of weak crypto SHA1
SampleCodeG401b = []CodeSample{ SampleCodeG401b = []CodeSample{
@ -942,7 +945,7 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
fmt.Printf("%x", h.Sum(nil)) fmt.Printf("%x", h.Sum(nil))
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG402 - TLS settings // SampleCodeG402 - TLS settings
SampleCodeG402 = []CodeSample{{[]string{` SampleCodeG402 = []CodeSample{{[]string{`
@ -963,7 +966,7 @@ func main() {
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
} }
}`}, 1}, {[]string{ }`}, 1, gosec.NewConfig()}, {[]string{
` `
// Insecure minimum version // Insecure minimum version
package main package main
@ -981,7 +984,7 @@ func main() {
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
} }
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
// Insecure max version // Insecure max version
package main package main
import ( import (
@ -999,7 +1002,7 @@ func main() {
fmt.Println(err) fmt.Println(err)
} }
} }
`}, 1}, { `}, 1, gosec.NewConfig()}, {
[]string{` []string{`
// Insecure ciphersuite selection // Insecure ciphersuite selection
package main package main
@ -1020,7 +1023,7 @@ func main() {
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
} }
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG403 - weak key strength // SampleCodeG403 - weak key strength
SampleCodeG403 = []CodeSample{ SampleCodeG403 = []CodeSample{
@ -1038,7 +1041,7 @@ func main() {
fmt.Println(err) fmt.Println(err)
} }
fmt.Println(pvk) fmt.Println(pvk)
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG404 - weak random number // SampleCodeG404 - weak random number
SampleCodeG404 = []CodeSample{ SampleCodeG404 = []CodeSample{
@ -1048,13 +1051,13 @@ import "crypto/rand"
func main() { func main() {
good, _ := rand.Read(nil) good, _ := rand.Read(nil)
println(good) println(good)
}`}, 0}, {[]string{` }`}, 0, gosec.NewConfig()}, {[]string{`
package main package main
import "math/rand" import "math/rand"
func main() { func main() {
bad := rand.Int() bad := rand.Int()
println(bad) println(bad)
}`}, 1}, {[]string{` }`}, 1, gosec.NewConfig()}, {[]string{`
package main package main
import ( import (
"crypto/rand" "crypto/rand"
@ -1065,7 +1068,7 @@ func main() {
println(good) println(good)
i := mrand.Int31() i := mrand.Int31()
println(i) println(i)
}`}, 0}} }`}, 0, gosec.NewConfig()}}
// SampleCodeG501 - Blacklisted import MD5 // SampleCodeG501 - Blacklisted import MD5
SampleCodeG501 = []CodeSample{ SampleCodeG501 = []CodeSample{
@ -1080,7 +1083,7 @@ func main() {
for _, arg := range os.Args { for _, arg := range os.Args {
fmt.Printf("%x - %s\n", md5.Sum([]byte(arg)), arg) fmt.Printf("%x - %s\n", md5.Sum([]byte(arg)), arg)
} }
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG502 - Blacklisted import DES // SampleCodeG502 - Blacklisted import DES
SampleCodeG502 = []CodeSample{ SampleCodeG502 = []CodeSample{
@ -1108,7 +1111,7 @@ func main() {
stream := cipher.NewCFBEncrypter(block, iv) stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[des.BlockSize:], plaintext) stream.XORKeyStream(ciphertext[des.BlockSize:], plaintext)
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG503 - Blacklisted import RC4 // SampleCodeG503 - Blacklisted import RC4
SampleCodeG503 = []CodeSample{{[]string{` SampleCodeG503 = []CodeSample{{[]string{`
@ -1127,7 +1130,7 @@ func main() {
ciphertext := make([]byte, len(plaintext)) ciphertext := make([]byte, len(plaintext))
cipher.XORKeyStream(ciphertext, plaintext) cipher.XORKeyStream(ciphertext, plaintext)
fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext))
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG504 - Blacklisted import CGI // SampleCodeG504 - Blacklisted import CGI
SampleCodeG504 = []CodeSample{{[]string{` SampleCodeG504 = []CodeSample{{[]string{`
@ -1138,7 +1141,7 @@ import (
) )
func main() { func main() {
cgi.Serve(http.FileServer(http.Dir("/usr/share/doc"))) cgi.Serve(http.FileServer(http.Dir("/usr/share/doc")))
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCodeG505 - Blacklisted import SHA1 // SampleCodeG505 - Blacklisted import SHA1
SampleCodeG505 = []CodeSample{ SampleCodeG505 = []CodeSample{
{[]string{` {[]string{`
@ -1152,7 +1155,7 @@ func main() {
for _, arg := range os.Args { for _, arg := range os.Args {
fmt.Printf("%x - %s\n", sha1.Sum([]byte(arg)), arg) fmt.Printf("%x - %s\n", sha1.Sum([]byte(arg)), arg)
} }
}`}, 1}} }`}, 1, gosec.NewConfig()}}
// SampleCode601 - Go build tags // SampleCode601 - Go build tags
SampleCode601 = []CodeSample{{[]string{` SampleCode601 = []CodeSample{{[]string{`
// +build tag // +build tag
@ -1160,5 +1163,5 @@ func main() {
package main package main
func main() { func main() {
fmt.Println("no package imported error") fmt.Println("no package imported error")
}`}, 1}} }`}, 1, gosec.NewConfig()}}
) )