Grant Murphy
3caf7c3154
Add test cases
2017-09-16 10:12:27 +10:00
Grant Murphy
6943f9e5e4
Major rework of codebase
...
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00
Grant Murphy
f4b705a864
Use glide to manage vendored dependencies
2017-05-09 21:59:12 -07:00
Grant Murphy
026fe4c534
Simplify analyzer and command line interface
...
The analyzer now only handles packages rather than one off files. This
simplifies the CLI functionality significantly.
2017-05-09 21:26:53 -07:00
Grant Murphy
65b18da711
Hack to address circular dependency in rulelist
2017-05-09 21:26:12 -07:00
Grant Murphy
5160048ba6
Move rule definitions into own file
2017-05-09 21:24:43 -07:00
Grant Murphy
50bbc53a34
Isolate import tracking functionality
2017-05-09 21:23:37 -07:00
Grant Murphy
bf78d027a9
Restructure and introduce a standalone config
2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0
Restructure to focus on lib rather than cli
2017-04-26 08:08:46 -07:00
Grant Murphy
8df48f9769
Fix to reporting to use output formats
2017-04-25 17:57:12 -07:00
Grant Murphy
9b081744c9
Process via packages instead of files
...
Initial commit to change GAS to process packages rather than standalone
files. This is to address issues with type resolution for external
dependencies.
Uses golang.org/x/tools/go/loader to prepare analyzer input rather than
finding the individual files.
2017-04-25 16:01:28 -07:00
Grant Murphy
1beec25f77
Merge pull request #128 from cosmincojocar/improve_skip
...
Add support for partial path match in the skip option
2017-04-11 12:38:52 -07:00
Grant Murphy
e94e23200a
Merge pull request #129 from cosmincojocar/big_exp
...
Add a rule which audits the use of math/big.Int.Exp function call
2017-04-11 12:36:57 -07:00
Cosmin Cojocar
7dc4638db8
Update the README
2017-04-10 19:40:27 +02:00
Cosmin Cojocar
5b71c2b05f
Add a test for math/big.Int.Exp rule
2017-04-10 16:10:24 +02:00
Cosmin Cojocar
65b8e74ecd
Add a rule for big.Exp function call
2017-04-10 14:25:48 +02:00
Cosmin Cojocar
3ae2762bb1
Add support for partial path match in the skip option
2017-04-10 11:18:02 +02:00
Grant Murphy
05738474a1
Merge pull request #125 from mockturtl/patch-1
...
BindsToAllNetworkInterfaces should check TLS also
2017-03-29 20:00:40 -07:00
mockturtl
b74c83e7e7
BindsToAllNetworkInterfaces should check TLS also
2017-03-28 13:24:22 -04:00
Grant Murphy
177fa7dde0
Merge pull request #122 from GoASTScanner/testfixes
...
Correct bad test cases and intermitent failure
2017-03-22 10:51:44 -07:00
Grant Murphy
622440f167
Correct bad test cases and intermitent failure
...
The filelist test was non-deterministic and causing intermittent
failures due to ordering. This change will ensure that the file list
returns an ordered list of files in the String() method now.
Additionally there were a number of test cases that the sample code
was incorrect, or would not compile. These have also been corrected.
2017-03-15 08:47:40 -07:00
Grant Murphy
5c302fb1b3
Merge pull request #121 from cosmincojocar/tls
...
Add a check for PreferServerCipherSuites flag of tls.Config
2017-03-15 08:38:07 -07:00
Cosmin Cojocar
2262f5d474
Add a check for PreferServerCipherSuites flag of tls.Config
2017-03-15 15:05:44 +01:00
Grant Murphy
1c8e7ff686
Merge pull request #118 from GoASTScanner/issue/117
...
Fix recursive case on Windows platforms
2017-01-27 09:22:21 -08:00
Grant Murphy
1c99e45d1c
Fix recursive case on Windows platforms
...
Closes #117
2017-01-27 09:16:36 -08:00
Grant Murphy
72caf3de41
Merge pull request #115 from GoASTScanner/bugfix
...
Temporarily disable typechecker fatal error
2017-01-14 15:25:58 -08:00
Grant Murphy
3e9b66a91a
Temporarily disable typechecker fatal error
...
It seems that the typechecker isn't considering the entire package
fileset in the current way that gas is processing projects. This leads
to cases where types that are defined in one file aren't known about
when gas is processing other files within that module.
A redesign is needed, this is a temporary fix to return to old
behaviour.
Related to #113
2017-01-14 15:21:55 -08:00
Grant Murphy
f6aeaa8dec
Merge pull request #114 from GoASTScanner/feature
...
Consider entropy when warning on hardcoded credentials
2017-01-14 14:46:19 -08:00
Grant Murphy
4099783722
Go 1.5 does not support width precision specifier
2017-01-14 14:39:22 -08:00
Grant Murphy
4b70300e15
Exclude vendor directory from go vet
2017-01-14 14:03:31 -08:00
Grant Murphy
aaddac5e4b
Add the zxcvbn library to vendor list
2017-01-14 13:48:53 -08:00
Grant Murphy
9bc02396e8
Introduce entropy checking of string
...
This will hopefully reduce the number of false positives when it comes
to hard coded credentials. The zxcvbn library is used to calculate the
entropy of the string. By default the first 16 characters are considered
as doing the entropy check for strings much longer than that introduces
a fairly significant performance hit.
2017-01-14 13:45:34 -08:00
Grant Murphy
cc52ef5b26
Merge pull request #112 from GoASTScanner/bugfix
...
Report a failure and exit if type checking fails
2017-01-13 13:34:33 -08:00
Grant Murphy
a7ec9ccc63
Backport test case for 1.5
...
Go 1.5 does not have a rand.Read function so need to adjust test
definitions accordingly.
2017-01-13 13:31:22 -08:00
Grant Murphy
f9868aa8c8
Fix additional test case
2017-01-13 12:46:16 -08:00
Grant Murphy
ab4867bc76
Fix test cases with invalid sample code
2017-01-13 12:40:49 -08:00
Grant Murphy
d3f0a08f0d
Report a failure and exit if type checking fails
...
Type checking failures were previously not reported and the file was
silently ignored. This change will report the error and halt further
processing.
2017-01-13 11:27:17 -08:00
Grant Murphy
bc21a39c66
Merge pull request #110 from GoASTScanner/bugfix
...
Improve specitivity of error message for GenDecl
2017-01-11 10:25:58 -08:00
Grant Murphy
d1303fee0b
Improve specitivity of error message for GenDecl
2017-01-11 10:12:11 -08:00
Grant Murphy
0545d13d8a
Merge pull request #109 from GoASTScanner/bugfix
...
Ensure hardcoded credentials check only considers constant strings
2017-01-11 10:03:53 -08:00
Grant Murphy
1e736c8838
Fix test case (invalid sample code)
2017-01-11 09:51:25 -08:00
Grant Murphy
d1e67fc995
Ensure hardcoded credentials only examines strings
...
The hardcoded credentials test should only consider assignment of const strings.
Related to issue #108
2017-01-11 09:43:05 -08:00
Grant Murphy
d4f9b88cbf
Merge pull request #104 from endophage/help_fix
...
updating skip cli help and readme description
2016-12-13 15:00:18 -08:00
David Lawrence
5f1c2df44a
updating skip cli help and readme description
2016-12-13 14:36:51 -08:00
Grant Murphy
c68ed64f6c
Merge pull request #102 from GoASTScanner/bugfix
...
Reduce logging messages a tad
2016-12-02 15:43:33 -08:00
Grant Murphy
94ac200d79
Tests broken if logger is not initialized
2016-12-02 15:39:01 -08:00
Grant Murphy
1ba8b93565
Reduce logging messages a tad
...
Only need to log if we're skipping a file or if we're processing it.
Should also use the [gas] prefix to aid filtering.
2016-12-02 15:34:12 -08:00
Grant Murphy
465338b05b
Merge pull request #101 from GoASTScanner/bugfix
...
Recreate fileset each time we process a file
2016-12-02 15:25:32 -08:00
Grant Murphy
191750f44c
Recreate fileset each time we process a file
...
Some files were being counted multiple times here and giving a skewed
result for line numbers processed.
Closes #100
2016-12-02 15:21:13 -08:00
Grant Murphy
b5308ff621
Merge pull request #98 from endophage/recursive
...
adding support for arbitrary paths with ellipses
2016-12-02 14:21:02 -08:00