Commit graph

899 commits

Author SHA1 Message Date
Grant Murphy
0bc4d4808d Add an experimental way to whitelist calls
A call list is a way of grouping a number of packages and function calls
into a blacklist or whitelist. Could be useful to exclude certain
functions from results or looking for a specific set of functions.
2016-11-06 11:07:50 -08:00
Tommy Murphy
afb84ff20c
rand: use a MatchCallByPackage helper 2016-11-06 12:31:12 -05:00
Grant Murphy
8a473c7e4b Merge pull request #69 from GoASTScanner/helpers
Split out MatchCallByObject into two functions
2016-11-04 15:13:06 -07:00
Grant Murphy
0fef3ad40a Split out MatchCallByObject into two functions
Allows direct call to GetCallObject.
2016-11-04 14:39:22 -07:00
Grant Murphy
ce2c3283d9 Merge pull request #68 from GoASTScanner/command_line_fixes
Command line fixes
2016-11-04 11:42:45 -07:00
Grant Murphy
f71ade6702 Update usage to indicate html is supported 2016-11-04 11:38:25 -07:00
Grant Murphy
d72cee8663 Add quiet mode
When -quiet is specified on the command line we will only show issues
when issues were found.

Fixes #55
2016-11-04 11:38:00 -07:00
Grant Murphy
9fa0b726a0 Merge pull request #67 from GoASTScanner/use_types
Add MatchCall helper that utilizes type checker
2016-11-04 11:28:23 -07:00
Grant Murphy
c4057545ae Add MatchCall helper that utilizes type checker
This introduces a helper function that will significantly reduce the
number of false positives that occur due to the use of regexp based
call matching.

It resolves the object related to a CallExpr and checks that against the
supplied package and identifier name. If both of these match the
returned value is the CallExpr and Object.
2016-11-04 11:20:28 -07:00
Grant Murphy
9e2abd500f Merge pull request #66 from csstaub/cs/html-output
Add support for HTML output
2016-11-03 21:15:17 -07:00
Grant Murphy
aadcf8dbdb Merge pull request #60 from tam7t/fix-rand
rand: resolve math/rand package
2016-11-03 21:14:21 -07:00
Tommy Murphy
4ff59153ec
rand: refactor to use types package 2016-11-03 23:08:03 -04:00
Tommy Murphy
75e0e1aa42 rand: resolve math/rand package 2016-11-03 19:21:12 -04:00
Grant Murphy
068e8a85ad Merge pull request #65 from GoASTScanner/sql_fix
Confirmed correct behavior for SQL tests
2016-11-02 19:20:07 -07:00
Grant Murphy
d60a2b4ebb Confirmed correct behavior for SQL tests
Closes #64
2016-11-02 17:46:59 -07:00
Grant Murphy
853b097922 Merge pull request #63 from GoASTScanner/travis_ci
Add go vet to travis-ci
2016-11-02 17:15:46 -07:00
Grant Murphy
686927c894 Address go vet failure in SQL rule 2016-11-02 17:12:23 -07:00
Grant Murphy
344ebd1ab6 Add go vet to travis-ci 2016-11-02 17:03:24 -07:00
Grant Murphy
65d572f193 Merge pull request #62 from GoASTScanner/correct_imports
Updated imports to new repository location.
2016-11-02 16:58:28 -07:00
Grant Murphy
74b6633ee0 Updated imports to new repository location. 2016-11-02 16:54:20 -07:00
Grant Murphy
b8ce40e193 Remove debugging println 2016-11-02 16:25:13 -07:00
Grant Murphy
4cd269f3a6 Merge pull request #58 from levigross/master
Make sure to exit 1 if we find an issue
2016-10-31 15:09:43 -07:00
Levi Gross
9c3c102127 Fixed comment 2016-10-31 10:16:03 -04:00
Levi Gross
b92fa02ff4 Make sure to exit 1 if we find an issue
Signed-off-by: Levi Gross <levi@levigross.com>
2016-10-29 20:22:08 -04:00
Grant Murphy
fadc6d443d Merge pull request #52 from gcmurphy/use_glob
Refactor path matching logic
2016-10-26 18:22:22 +02:00
Grant Murphy
b8e78c644b Merge pull request #56 from s7v7nislands/fix_unsafe
Fix unsafe
2016-10-25 01:19:16 -07:00
s7v7nislands
eedb0c279d fix fmt 2016-10-25 12:08:59 +08:00
s7v7nislands
92dda9cc3b fix unsafe check 2016-10-25 11:57:05 +08:00
Cedric Staub
911c69646d Add support for HTML output 2016-10-21 13:18:56 -07:00
Grant Murphy
59fbf7446d Refactor path matching logic
Effectively using filepath.Glob to build a set of files and directories
to exclude from the scan.

(ref: https://golang.org/pkg/path/filepath/#Glob)
2016-09-10 14:55:12 -07:00
Tim Kelsey
a4fd848bfc Merge pull request #49 from gcmurphy/master
Add godocs.org reference
2016-09-06 10:19:50 +01:00
Tim Kelsey
7f4bdd5957 Merge pull request #48 from gcmurphy/godoc
Fix typos in godocs
2016-09-06 10:19:33 +01:00
Grant Murphy
d05a2416a2 MatcMatchCompLit should be MatchCompList 2016-08-28 11:44:14 -07:00
Grant Murphy
b5a98c12a8 Add godocs.org bagdge 2016-08-28 11:36:53 -07:00
Grant Murphy
9ca975d56f Add gas to .gitignore 2016-08-28 11:35:58 -07:00
Grant Murphy
0ee8e1bbab Merge pull request #47 from gcmurphy/readme
Readme updates
2016-08-28 11:24:44 -07:00
Grant Murphy
0bce1770b5 Fix typos in godocs 2016-08-28 11:22:08 -07:00
Grant Murphy
bb42840644 Merge pull request #42 from HewlettPackard/code_docs
Adding some inline documentation  for godoc
2016-08-28 11:17:05 -07:00
Grant Murphy
e4b1e28f53 Merge pull request #46 from drewwells/feature/exclusions
prefix patterns with **/ to match subdirectories
2016-08-28 11:15:29 -07:00
Grant Murphy
a2b7f3e0a2 Add LICENSE information to README.md 2016-08-28 11:09:52 -07:00
Grant Murphy
929edb490a Update README.md to use rule ID's 2016-08-28 11:07:28 -07:00
Drew Wells
365ae31b3a prefix patterns with **/ to match subdirectories 2016-08-24 12:36:00 -05:00
Tim Kelsey
223cded656 Adding some inline documentation for godoc 2016-08-12 14:17:28 +01:00
Tim Kelsey
37205e9afa Merge pull request #41 from HewlettPackard/usage
Fix usage information
2016-08-11 16:54:36 +01:00
Grant Murphy
df373b8659 Fix usage information
Mostly a tidy up. Fixed a couple of spelling errors as well.
2016-08-11 05:14:19 -07:00
Grant Murphy
82947bb1a8 Merge pull request #39 from HewlettPackard/rule_selection
Rule selection rules
2016-08-11 04:58:25 -07:00
Tim Kelsey
713949fe69 Rule selection rules
This makes the following changes:
- riles are identified by an ID
- include / exclude list now work
- rules are selected based on these lists
- blacklist rules are broken out into methods
- rule constructors now take the config map
- config file can be used to select rules
- CLI options embelish config selection options
2016-08-11 10:45:51 +01:00
Grant Murphy
51ffe1ba7e Merge pull request #40 from dragonndev/master
Clarified output format options.
2016-08-10 14:59:19 -07:00
Grant Murphy
b29e45fa7e Merge pull request #38 from HewlettPackard/cli_docs
Updating docs for new CLI "skip" option
2016-08-10 14:58:09 -07:00
Matthew Lapworth
5b867f204b
Clarified output format options. 2016-08-10 11:43:02 -07:00