Commit graph

968 commits

Author SHA1 Message Date
Grant Murphy
085e0f65af
Merge pull request #150 from GoASTScanner/experimental
Use explicit packages in call lists
2018-01-05 23:14:24 +10:00
Grant Murphy
aecbc873ef Use explicit packages in call lists
By allowing partial matches of selectors there are chances of collisions
such as those in issue #145, this removes it to expect explicit packages
for each rule.

Closes #145
2018-01-05 23:05:53 +10:00
Grant Murphy
9a2bec1cd0
Merge pull request #149 from GoASTScanner/experimental
Fix nil pointer dereference in complit types
2018-01-05 22:20:21 +10:00
Grant Murphy
b6f85d50da Fix nil pointer dereference in complit types 2018-01-05 22:19:08 +10:00
Grant Murphy
3520a5ae85
Merge pull request #146 from GoASTScanner/experimental
Merge experimental / refactor
2018-01-05 22:08:59 +10:00
Grant Murphy
867d3009e8 Fix lint issues 2018-01-05 21:56:42 +10:00
Grant Murphy
d452dcb20d Fix ginko invocation
The tests are running extremely slow at the moment, and these extra
options add to the problem.
2018-01-05 21:55:06 +10:00
Grant Murphy
4c49716f0e move utils to separate executable 2017-12-28 16:55:12 +10:00
Grant Murphy
e925d3c347 Migrated old test cases. 2017-12-28 16:54:10 +10:00
Grant Murphy
25d74c6b20 address review comments 2017-12-14 10:04:22 +10:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c fix hound-ci errors 2017-12-13 17:39:00 +10:00
Grant Murphy
97cde35f32 update travis-ci to use ginkgo tests 2017-12-13 16:38:15 +10:00
Grant Murphy
e3b6fd94c2 update readme to provide info regarding package level scans 2017-12-13 16:35:54 +10:00
Grant Murphy
02901b98fc actually skip tests until implementation exists 2017-12-13 16:35:28 +10:00
Grant Murphy
d4311c96e2 make it clear that these tests have not been implemented yet 2017-12-13 16:32:53 +10:00
Grant Murphy
67dc43293c use godep instead of glide 2017-12-13 16:32:12 +10:00
Jon McClintock
2b2999b48d Add tests for excludes with comments 2017-10-05 21:43:54 +00:00
Jon McClintock
37cada13f3 Add support for #excluding specific rules 2017-10-05 21:32:03 +00:00
Jon McClintock
7dfebaf91e Adjust SQL format-string rules to ignore inherently safe formats 2017-10-05 16:24:29 +00:00
Grant Murphy
27b2fd9cd3 Merge pull request #136 from lanzafame/experimental
output/formatter: Issue.Line was already a string
2017-10-05 00:02:19 +10:00
Grant Murphy
6de76c9261 Merge pull request #135 from cosmincojocar/update_mondern_tls_chipers
Add the CHACHA20 to good ciphers in modern tls check
2017-10-05 00:01:47 +10:00
Adrian Lanzafame
5a1133682a remove commited binary 2017-10-01 10:31:51 +10:00
Adrian Lanzafame
9c959ca0a9 Issue.Line is already a string 2017-10-01 10:31:39 +10:00
Grant Murphy
3caf7c3154 Add test cases 2017-09-16 10:12:27 +10:00
Cosmin Cojocar
c36954f04a Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 16:00:56 +02:00
Grant Murphy
f22c701483 Merge pull request #133 from awiens/master
Adding Docker container and updating README
2017-08-10 15:37:29 -04:00
Amber Wiens
b120a3ec3f Updating Dockerfile with requested changes 2017-08-09 13:00:19 -06:00
Amber Wiens
5f0f8f89a6 Adding Docker container and changing README 2017-08-03 11:50:58 -06:00
Grant Murphy
6943f9e5e4 Major rework of codebase
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
  on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00
Grant Murphy
f4b705a864 Use glide to manage vendored dependencies 2017-05-09 21:59:12 -07:00
Grant Murphy
026fe4c534 Simplify analyzer and command line interface
The analyzer now only handles packages rather than one off files. This
simplifies the CLI functionality significantly.
2017-05-09 21:26:53 -07:00
Grant Murphy
65b18da711 Hack to address circular dependency in rulelist 2017-05-09 21:26:12 -07:00
Grant Murphy
5160048ba6 Move rule definitions into own file 2017-05-09 21:24:43 -07:00
Grant Murphy
50bbc53a34 Isolate import tracking functionality 2017-05-09 21:23:37 -07:00
Grant Murphy
bf78d027a9 Restructure and introduce a standalone config 2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Grant Murphy
8df48f9769 Fix to reporting to use output formats 2017-04-25 17:57:12 -07:00
Grant Murphy
9b081744c9 Process via packages instead of files
Initial commit to change GAS to process packages rather than standalone
files. This is to address issues with type resolution for external
dependencies.

Uses golang.org/x/tools/go/loader to prepare analyzer input rather than
finding the individual files.
2017-04-25 16:01:28 -07:00
Grant Murphy
1beec25f77 Merge pull request #128 from cosmincojocar/improve_skip
Add support for partial path match in the skip option
2017-04-11 12:38:52 -07:00
Grant Murphy
e94e23200a Merge pull request #129 from cosmincojocar/big_exp
Add a rule which audits the use of math/big.Int.Exp function call
2017-04-11 12:36:57 -07:00
Cosmin Cojocar
7dc4638db8 Update the README 2017-04-10 19:40:27 +02:00
Cosmin Cojocar
5b71c2b05f Add a test for math/big.Int.Exp rule 2017-04-10 16:10:24 +02:00
Cosmin Cojocar
65b8e74ecd Add a rule for big.Exp function call 2017-04-10 14:25:48 +02:00
Cosmin Cojocar
3ae2762bb1 Add support for partial path match in the skip option 2017-04-10 11:18:02 +02:00
Grant Murphy
05738474a1 Merge pull request #125 from mockturtl/patch-1
BindsToAllNetworkInterfaces should check TLS also
2017-03-29 20:00:40 -07:00
mockturtl
b74c83e7e7 BindsToAllNetworkInterfaces should check TLS also 2017-03-28 13:24:22 -04:00
Grant Murphy
177fa7dde0 Merge pull request #122 from GoASTScanner/testfixes
Correct bad test cases and intermitent failure
2017-03-22 10:51:44 -07:00
Grant Murphy
622440f167 Correct bad test cases and intermitent failure
The filelist test was non-deterministic and causing intermittent
failures due to ordering. This change will ensure that the file list
returns an ordered list of files in the String() method now.

Additionally there were a number of test cases that the sample code
was incorrect, or would not compile. These have also been corrected.
2017-03-15 08:47:40 -07:00
Grant Murphy
5c302fb1b3 Merge pull request #121 from cosmincojocar/tls
Add a check for PreferServerCipherSuites flag of tls.Config
2017-03-15 08:38:07 -07:00