Grant Murphy
5012c34d48
Handle inbalanced declaration of constants
...
The following code would create a panic condition:
const foo, bar = "some thing"
Fixes #84
2016-11-14 13:57:55 -08:00
Grant Murphy
a3fcd96f57
Update hardcoded credentials rule for GenDecls
...
The hardcoded credentials rule will now also examine GenDecls so will
work with global vars and constants.
Fixes #74
2016-11-13 12:57:59 -08:00
Grant Murphy
bf103da519
Allow rules to register against multiple ast nodes
...
Update the AddRule interface to allow rules to register interest in
multiple ast.Nodes. Adds more flexibility to how rules can work, and was
needed to fix the hard coded credentials test specifically.
2016-11-13 12:55:31 -08:00
Grant Murphy
c6587df4a5
Merge pull request #82 from GoASTScanner/experimental
...
Ensure os.OpenFile file permissions are checked
2016-11-12 18:03:20 -08:00
Grant Murphy
1d732b8ae3
Ensure os.OpenFile file permissions are checked
...
In addition configuration file may be used to set the permission level.
Closes #53
2016-11-12 17:57:20 -08:00
Grant Murphy
423a303712
Merge pull request #81 from GoASTScanner/experimental
...
Incorrect rule mapping in rulelist
2016-11-08 09:22:18 -08:00
Grant Murphy
97dcc72a8b
Incorrect rule mapping in rulelist
2016-11-08 08:48:45 -08:00
Grant Murphy
7dd3032823
Merge pull request #76 from GoASTScanner/experimental
...
Fix alias logic
2016-11-07 20:13:48 -08:00
Grant Murphy
be96ef273d
Fix alias logic
2016-11-07 20:10:30 -08:00
Grant Murphy
c833bfae02
Merge branch 'tam7t-rand-pkg-helper'
2016-11-07 20:04:40 -08:00
Grant Murphy
e0db3f404a
Merge branch 'rand-pkg-helper' of git://github.com/tam7t/gas into tam7t-rand-pkg-helper
2016-11-07 20:03:51 -08:00
Grant Murphy
9f54d257fe
Merge pull request #75 from GoASTScanner/experimental
...
Track package imports and aliases
2016-11-07 19:40:26 -08:00
Grant Murphy
20f2a98ce8
Ensure initialization only imports are ignored
...
Blacklisted imports should not report failures when a module is imported
for side-effects only using the blank identifier.
Closes #59
2016-11-07 09:28:37 -08:00
Grant Murphy
7a275fd0ad
MatchCallByPackage updated to avoid GetCallObject
...
There seems to be an inconsistency in the way that the type.Info.Uses
map is populated by the type checker in Go 1.5 and the latest release.
It is possible to ascertain the package that relates to an object 1.7.x
release but this does not work for earlier Go versions.
To work around this limitation we now track imports, and monitor if they
are aliased or initalization only imports.
2016-11-07 09:13:20 -08:00
Grant Murphy
d16326051f
Merge pull request #71 from GoASTScanner/call_list
...
Add an experimental way to whitelist/blacklist calls
2016-11-06 17:35:50 -08:00
Grant Murphy
238d1e0692
Merge pull request #73 from GoASTScanner/tools
...
Add some more useful debugging tools
2016-11-06 17:35:08 -08:00
Grant Murphy
b02c0fa2fc
Add imports dumper
2016-11-06 12:15:32 -08:00
Grant Murphy
2c9d8fc461
Skip files if they don't exist
2016-11-06 12:04:52 -08:00
Grant Murphy
d20506048f
Update to dump specific context information
...
Added output printers for comments, types, defs, and uses maps.
2016-11-06 11:59:24 -08:00
Grant Murphy
d8bf436007
Merge pull request #72 from GoASTScanner/tools
...
Add tool to inspect call objects in file
2016-11-06 11:22:27 -08:00
Grant Murphy
14e6635ca6
Add tool to inspect call objects in file
2016-11-06 11:17:10 -08:00
Grant Murphy
0bc4d4808d
Add an experimental way to whitelist calls
...
A call list is a way of grouping a number of packages and function calls
into a blacklist or whitelist. Could be useful to exclude certain
functions from results or looking for a specific set of functions.
2016-11-06 11:07:50 -08:00
Tommy Murphy
afb84ff20c
rand: use a MatchCallByPackage helper
2016-11-06 12:31:12 -05:00
Grant Murphy
8a473c7e4b
Merge pull request #69 from GoASTScanner/helpers
...
Split out MatchCallByObject into two functions
2016-11-04 15:13:06 -07:00
Grant Murphy
0fef3ad40a
Split out MatchCallByObject into two functions
...
Allows direct call to GetCallObject.
2016-11-04 14:39:22 -07:00
Grant Murphy
ce2c3283d9
Merge pull request #68 from GoASTScanner/command_line_fixes
...
Command line fixes
2016-11-04 11:42:45 -07:00
Grant Murphy
f71ade6702
Update usage to indicate html is supported
2016-11-04 11:38:25 -07:00
Grant Murphy
d72cee8663
Add quiet mode
...
When -quiet is specified on the command line we will only show issues
when issues were found.
Fixes #55
2016-11-04 11:38:00 -07:00
Grant Murphy
9fa0b726a0
Merge pull request #67 from GoASTScanner/use_types
...
Add MatchCall helper that utilizes type checker
2016-11-04 11:28:23 -07:00
Grant Murphy
c4057545ae
Add MatchCall helper that utilizes type checker
...
This introduces a helper function that will significantly reduce the
number of false positives that occur due to the use of regexp based
call matching.
It resolves the object related to a CallExpr and checks that against the
supplied package and identifier name. If both of these match the
returned value is the CallExpr and Object.
2016-11-04 11:20:28 -07:00
Grant Murphy
9e2abd500f
Merge pull request #66 from csstaub/cs/html-output
...
Add support for HTML output
2016-11-03 21:15:17 -07:00
Grant Murphy
aadcf8dbdb
Merge pull request #60 from tam7t/fix-rand
...
rand: resolve math/rand package
2016-11-03 21:14:21 -07:00
Tommy Murphy
4ff59153ec
rand: refactor to use types package
2016-11-03 23:08:03 -04:00
Tommy Murphy
75e0e1aa42
rand: resolve math/rand package
2016-11-03 19:21:12 -04:00
Grant Murphy
068e8a85ad
Merge pull request #65 from GoASTScanner/sql_fix
...
Confirmed correct behavior for SQL tests
2016-11-02 19:20:07 -07:00
Grant Murphy
d60a2b4ebb
Confirmed correct behavior for SQL tests
...
Closes #64
2016-11-02 17:46:59 -07:00
Grant Murphy
853b097922
Merge pull request #63 from GoASTScanner/travis_ci
...
Add go vet to travis-ci
2016-11-02 17:15:46 -07:00
Grant Murphy
686927c894
Address go vet failure in SQL rule
2016-11-02 17:12:23 -07:00
Grant Murphy
344ebd1ab6
Add go vet to travis-ci
2016-11-02 17:03:24 -07:00
Grant Murphy
65d572f193
Merge pull request #62 from GoASTScanner/correct_imports
...
Updated imports to new repository location.
2016-11-02 16:58:28 -07:00
Grant Murphy
74b6633ee0
Updated imports to new repository location.
2016-11-02 16:54:20 -07:00
Grant Murphy
b8ce40e193
Remove debugging println
2016-11-02 16:25:13 -07:00
Grant Murphy
4cd269f3a6
Merge pull request #58 from levigross/master
...
Make sure to exit 1 if we find an issue
2016-10-31 15:09:43 -07:00
Levi Gross
9c3c102127
Fixed comment
2016-10-31 10:16:03 -04:00
Levi Gross
b92fa02ff4
Make sure to exit 1 if we find an issue
...
Signed-off-by: Levi Gross <levi@levigross.com>
2016-10-29 20:22:08 -04:00
Grant Murphy
fadc6d443d
Merge pull request #52 from gcmurphy/use_glob
...
Refactor path matching logic
2016-10-26 18:22:22 +02:00
Grant Murphy
b8e78c644b
Merge pull request #56 from s7v7nislands/fix_unsafe
...
Fix unsafe
2016-10-25 01:19:16 -07:00
s7v7nislands
eedb0c279d
fix fmt
2016-10-25 12:08:59 +08:00
s7v7nislands
92dda9cc3b
fix unsafe check
2016-10-25 11:57:05 +08:00
Cedric Staub
911c69646d
Add support for HTML output
2016-10-21 13:18:56 -07:00