Commit graph

75 commits

Author SHA1 Message Date
Cosmin Cojocar
5ef2beeaa6 Track only the import from the file which is checked
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 19:34:57 +02:00
Cosmin Cojocar
b49c9532a8 Add a flag which allows to scan also the tests files
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
4dfaf0a997 Refactor the analyzer to process one package at the time
This avoids loading all packages in memory before running the checks.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-28 09:06:52 +02:00
Cosmin Cojocar
85221996b6 Improve logging in the analyser
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Naoya Yoshizawa
85d180848d Go modules support for 1.12 (#297)
* support go module

* fix implement and uncommented out tests

* includes test package

* remove test environment go1.10 or older
2019-04-25 09:25:32 +02:00
Martin Vrachev
62b5195dd9 Report for Golang errors (#284)
* Report for Golang errors

Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.

The real problem here is that the user will never know about the issue if he generates the output in a file.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
Cosmin Cojocar
f87af5fa72 Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274)
* Define more explicit the global options in the configuration

* Detect in audit mode the unhandled errors even thought they are explicitly ignored
2019-01-14 21:37:40 +10:00
Oleksandr Redko
3116b07de4 Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
Delon Wong Her Laang
d3f1980e7a Fix false positives for SQL string concatenation with constants from another file (#247)
* Allow for SQL concatenation of nodes that resolve to literals

If node.Y resolves to a literal, it will not be considered as an issue.

* Fix typo in comment.

* Go through all files in package to resolve that identifier

* Refactor code and added comments.

* Changed checking to not var or func.

* Allow for supporting code for test cases.

* Resolve merge conflict changes.
2018-09-28 10:46:59 +03:00
Cosmin Cojocar
4c6396b7d4 Derive the package from given files
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
cosmincojocar
4ae8c95b40 Add an option for Go build tags (#201)
* Add an option for Go build tags

* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
Grant Murphy
830cb81b29
Support package resolution and filepaths (#187)
* Support package resolution and filepaths

This change introduces the logic to resolve packages using gotool
and build packages from filepaths. It assumes that the packages
being scanned are located within the GOPATH.

If the GOPATH environment variable is not set the GOPATH is derived
as $HOME/go.

Relates to #184

* Fix build error

* Address unhandled error

* Fix formatting error

* Handle multiple paths on GOPATH
2018-04-16 15:46:39 +10:00
Jon McClintock
429ac07bbd Change the exclude syntax to be a part of #nosec 2018-03-08 19:01:00 +00:00
Jon McClintock
18700c276f Style tweak 2018-03-03 00:04:48 +00:00
Jon McClintock
1429033aca Add support for #excluding specific rules 2018-03-02 23:44:51 +00:00
Cosmin Cojocar
7355f0a119 Fix some gas warnings 2018-02-10 20:10:56 +01:00
Jon McClintock
f111d5de2c [Issue 159] Allow loader errors so that processing continues if there's a package loading problem. 2018-01-29 18:33:48 +00:00
Andrew S. Brown
22dc89384d Do a single build for all packages.
This is much faster because the loader can reuse packages.
2018-01-07 15:02:33 -08:00
Grant Murphy
25d74c6b20 address review comments 2017-12-14 10:04:22 +10:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
6943f9e5e4 Major rework of codebase
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
  on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00
Grant Murphy
026fe4c534 Simplify analyzer and command line interface
The analyzer now only handles packages rather than one off files. This
simplifies the CLI functionality significantly.
2017-05-09 21:26:53 -07:00
Grant Murphy
bf78d027a9 Restructure and introduce a standalone config 2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Renamed from core/analyzer.go (Browse further)