Initial commit to change GAS to process packages rather than standalone
files. This is to address issues with type resolution for external
dependencies.
Uses golang.org/x/tools/go/loader to prepare analyzer input rather than
finding the individual files.
It seems that the typechecker isn't considering the entire package
fileset in the current way that gas is processing projects. This leads
to cases where types that are defined in one file aren't known about
when gas is processing other files within that module.
A redesign is needed, this is a temporary fix to return to old
behaviour.
Related to #113
This commit fixes the nosec feature to check for '#nosec' instead
of 'nosec'. This should help reduce false positives associated
with comments that have 'nosec' in them somewhere.
Update the AddRule interface to allow rules to register interest in
multiple ast.Nodes. Adds more flexibility to how rules can work, and was
needed to fix the hard coded credentials test specifically.
There seems to be an inconsistency in the way that the type.Info.Uses
map is populated by the type checker in Go 1.5 and the latest release.
It is possible to ascertain the package that relates to an object 1.7.x
release but this does not work for earlier Go versions.
To work around this limitation we now track imports, and monitor if they
are aliased or initalization only imports.
This re-works the way that CLI options are passed through to the
analyzer so that they can act as overrides for config options. If
not given on the CLI, options will come from a config file. If no
file is used then a default value is chosen.
Two lists are also populated with tests to include or exclude.
These lists are not used for now but will eventually replace the
way we select test to run in a future patch to follow.
A CLI option can now be given to tell GAS it should parse data
from a JSON file. Fatal errors are given if the file is not
readable or is not valid JSON.
The logic around annotations (nosec) was broken, meaning they were
ignored by default and would not skip sub-blocks. This fixes the
problem and also adds a test to make sure it wont be broken in the
future. Closes#25
