Commit graph

33 commits

Author SHA1 Message Date
Dmitry Golushko
a5982fb6a6
Fix for G402. Check package path instead of package name (#838) 2022-07-28 08:51:30 +02:00
Cosmin Cojocar
2fad8a4193 Resolve the TLS min version when is declarted in the same package but in a different file 2022-01-26 19:27:26 +01:00
Cosmin Cojocar
1fbcf10e18 Add a test for tls min version defined in a different file 2022-01-26 19:27:26 +01:00
Cosmin Cojocar
55c6ceaaa6
Fix crash when parsing the TLS min version value (#724) 2021-11-09 21:59:53 +01:00
Nanik
9535c9e3e1
fix: add variable assignment checking as part of MinVersion (#669)
* fix: add variable assignment checking as part of MinVersion

* fix: add more code to allow assignment with const

* fix: rework the code and add more test cases for MinVersion

* fix: format linting issue using gofumpt
2021-07-27 22:03:59 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build 2021-05-31 10:44:12 +02:00
Chris Bandy
27a5ffb5c8
Quiet warnings about integer truncation (#586)
Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the
int16 fields of rules.insecureConfigTLS are too small. GetInt()
interprets integer literals as fitting within 64-bits, so simplify
things by using int64.
2021-03-03 10:05:33 +01:00
Cosmin Cojocar
897c203e62
Reset the state of TLS rule after each version check (#570)
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-11 10:52:16 +01:00
Jeff Widman
9fe0b2e21a
Fix typo (#547) 2020-12-11 09:34:38 +01:00
Cosmin Cojocar
55d368f2e5 Improve the TLS version checking
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:21:14 +02:00
Cosmin Cojocar
c6e10af40f Handle properly the gosec module version v2
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org (#214) 2018-07-19 17:40:28 +10:00
jonmcclintock
2115402409 Add the rule ID to issues (#188) 2018-03-12 18:18:44 +10:00
Jon McClintock
1429033aca Add support for #excluding specific rules 2018-03-02 23:44:51 +00:00
Grant Murphy
c6183b4d5c
Add nil pointer check to rule. (#181)
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174
2018-02-28 04:29:25 +10:00
cosmincojocar
edb362fc9d Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)
* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions
2018-02-21 15:59:18 +10:00
Grant Murphy
9a2bec1cd0
Merge pull request #149 from GoASTScanner/experimental
Fix nil pointer dereference in complit types
2018-01-05 22:20:21 +10:00
Grant Murphy
b6f85d50da Fix nil pointer dereference in complit types 2018-01-05 22:19:08 +10:00
Grant Murphy
3520a5ae85
Merge pull request #146 from GoASTScanner/experimental
Merge experimental / refactor
2018-01-05 22:08:59 +10:00
Grant Murphy
e925d3c347 Migrated old test cases. 2017-12-28 16:54:10 +10:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c fix hound-ci errors 2017-12-13 17:39:00 +10:00
Cosmin Cojocar
c36954f04a Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 16:00:56 +02:00
Grant Murphy
6943f9e5e4 Major rework of codebase
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
  on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00
Grant Murphy
bf78d027a9 Restructure and introduce a standalone config 2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Cosmin Cojocar
2262f5d474 Add a check for PreferServerCipherSuites flag of tls.Config 2017-03-15 15:05:44 +01:00
Grant Murphy
bf103da519 Allow rules to register against multiple ast nodes
Update the AddRule interface to allow rules to register interest in
multiple ast.Nodes. Adds more flexibility to how rules can work, and was
needed to fix the hard coded credentials test specifically.
2016-11-13 12:55:31 -08:00
Grant Murphy
74b6633ee0 Updated imports to new repository location. 2016-11-02 16:54:20 -07:00
Tim Kelsey
713949fe69 Rule selection rules
This makes the following changes:
- riles are identified by an ID
- include / exclude list now work
- rules are selected based on these lists
- blacklist rules are broken out into methods
- rule constructors now take the config map
- config file can be used to select rules
- CLI options embelish config selection options
2016-08-11 10:45:51 +01:00
Grant Murphy
cee5fad4c3 Fix incorrect regexp matches
There are some cases where the '.' character would also match any
character and could lead to incorrect results. For example the
regular expression -  `^ioutils.WriteFile$' would match
ioutils.WriteFile, but also ioutils_WriteFile.

Additionally made sure that all regexp were declared using raw
strings to avoid any unnecesary string escaping that potentially
make the regexp difficult to read.
2016-07-30 13:29:33 -07:00
Tim Kelsey
4f3d620d37 Initial public release 2016-07-20 15:56:32 +01:00