2018-07-19 18:42:25 +02:00
|
|
|
package gosec
|
2017-04-28 14:46:26 -07:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
)
|
|
|
|
|
2017-12-14 10:04:22 +10:00
|
|
|
const (
|
|
|
|
// Globals are applicable to all rules and used for general
|
2018-07-19 18:42:25 +02:00
|
|
|
// configuration settings for gosec.
|
2017-12-14 10:04:22 +10:00
|
|
|
Globals = "global"
|
|
|
|
)
|
|
|
|
|
2019-01-14 12:37:40 +01:00
|
|
|
// GlobalOption defines the name of the global options
|
|
|
|
type GlobalOption string
|
|
|
|
|
|
|
|
const (
|
|
|
|
// Nosec global option for #nosec directive
|
|
|
|
Nosec GlobalOption = "nosec"
|
2021-08-18 13:00:38 +02:00
|
|
|
// ShowIgnored defines whether nosec issues are counted as finding or not
|
|
|
|
ShowIgnored GlobalOption = "show-ignored"
|
2019-01-14 12:37:40 +01:00
|
|
|
// Audit global option which indicates that gosec runs in audit mode
|
|
|
|
Audit GlobalOption = "audit"
|
2019-09-04 05:20:43 -03:00
|
|
|
// NoSecAlternative global option alternative for #nosec directive
|
|
|
|
NoSecAlternative GlobalOption = "#nosec"
|
2021-12-21 06:43:50 +08:00
|
|
|
// ExcludeRules global option for some rules should not be load
|
|
|
|
ExcludeRules GlobalOption = "exclude"
|
|
|
|
// IncludeRules global option for should be load
|
|
|
|
IncludeRules GlobalOption = "include"
|
2023-02-09 12:28:53 +01:00
|
|
|
// SSA global option to enable go analysis framework with SSA support
|
|
|
|
SSA GlobalOption = "ssa"
|
2019-01-14 12:37:40 +01:00
|
|
|
)
|
|
|
|
|
2023-05-25 11:54:26 +02:00
|
|
|
// NoSecTag returns the tag used to disable gosec for a line of code.
|
|
|
|
func NoSecTag(tag string) string {
|
|
|
|
return fmt.Sprintf("%s%s", "#", tag)
|
|
|
|
}
|
|
|
|
|
2017-04-28 14:46:26 -07:00
|
|
|
// Config is used to provide configuration and customization to each of the rules.
|
|
|
|
type Config map[string]interface{}
|
|
|
|
|
|
|
|
// NewConfig initializes a new configuration instance. The configuration data then
|
|
|
|
// needs to be loaded via c.ReadFrom(strings.NewReader("config data"))
|
|
|
|
// or from a *os.File.
|
|
|
|
func NewConfig() Config {
|
2017-07-19 15:17:00 -06:00
|
|
|
cfg := make(Config)
|
2019-01-14 12:37:40 +01:00
|
|
|
cfg[Globals] = make(map[GlobalOption]string)
|
2017-07-19 15:17:00 -06:00
|
|
|
return cfg
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
|
|
|
|
2019-10-08 09:44:17 +02:00
|
|
|
func (c Config) keyToGlobalOptions(key string) GlobalOption {
|
|
|
|
return GlobalOption(key)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Config) convertGlobals() {
|
|
|
|
if globals, ok := c[Globals]; ok {
|
|
|
|
if settings, ok := globals.(map[string]interface{}); ok {
|
|
|
|
validGlobals := map[GlobalOption]string{}
|
|
|
|
for k, v := range settings {
|
|
|
|
validGlobals[c.keyToGlobalOptions(k)] = fmt.Sprintf("%v", v)
|
|
|
|
}
|
|
|
|
c[Globals] = validGlobals
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-28 14:46:26 -07:00
|
|
|
// ReadFrom implements the io.ReaderFrom interface. This
|
|
|
|
// should be used with io.Reader to load configuration from
|
2021-05-31 10:44:12 +02:00
|
|
|
// file or from string etc.
|
2017-04-28 14:46:26 -07:00
|
|
|
func (c Config) ReadFrom(r io.Reader) (int64, error) {
|
2022-08-08 10:37:43 +02:00
|
|
|
data, err := io.ReadAll(r)
|
2017-04-28 14:46:26 -07:00
|
|
|
if err != nil {
|
|
|
|
return int64(len(data)), err
|
|
|
|
}
|
2017-07-19 15:17:00 -06:00
|
|
|
if err = json.Unmarshal(data, &c); err != nil {
|
2017-04-28 14:46:26 -07:00
|
|
|
return int64(len(data)), err
|
|
|
|
}
|
2019-10-08 09:44:17 +02:00
|
|
|
c.convertGlobals()
|
2017-04-28 14:46:26 -07:00
|
|
|
return int64(len(data)), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// WriteTo implements the io.WriteTo interface. This should
|
|
|
|
// be used to save or print out the configuration information.
|
|
|
|
func (c Config) WriteTo(w io.Writer) (int64, error) {
|
|
|
|
data, err := json.Marshal(c)
|
|
|
|
if err != nil {
|
|
|
|
return int64(len(data)), err
|
|
|
|
}
|
|
|
|
return io.Copy(w, bytes.NewReader(data))
|
|
|
|
}
|
|
|
|
|
2017-07-19 15:17:00 -06:00
|
|
|
// Get returns the configuration section for the supplied key
|
|
|
|
func (c Config) Get(section string) (interface{}, error) {
|
|
|
|
settings, found := c[section]
|
|
|
|
if !found {
|
|
|
|
return nil, fmt.Errorf("Section %s not in configuration", section)
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
2017-07-19 15:17:00 -06:00
|
|
|
return settings, nil
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
|
|
|
|
2017-07-19 15:17:00 -06:00
|
|
|
// Set section in the configuration to specified value
|
|
|
|
func (c Config) Set(section string, value interface{}) {
|
|
|
|
c[section] = value
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetGlobal returns value associated with global configuration option
|
2019-01-14 12:37:40 +01:00
|
|
|
func (c Config) GetGlobal(option GlobalOption) (string, error) {
|
2017-12-14 10:04:22 +10:00
|
|
|
if globals, ok := c[Globals]; ok {
|
2019-01-14 12:37:40 +01:00
|
|
|
if settings, ok := globals.(map[GlobalOption]string); ok {
|
2017-07-19 15:17:00 -06:00
|
|
|
if value, ok := settings[option]; ok {
|
|
|
|
return value, nil
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
2017-07-19 15:17:00 -06:00
|
|
|
return "", fmt.Errorf("global setting for %s not found", option)
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
|
|
|
}
|
2017-07-19 15:17:00 -06:00
|
|
|
return "", fmt.Errorf("no global config options found")
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
|
|
|
|
2018-10-11 15:45:31 +03:00
|
|
|
// SetGlobal associates a value with a global configuration option
|
2019-01-14 12:37:40 +01:00
|
|
|
func (c Config) SetGlobal(option GlobalOption, value string) {
|
2017-12-14 10:04:22 +10:00
|
|
|
if globals, ok := c[Globals]; ok {
|
2019-01-14 12:37:40 +01:00
|
|
|
if settings, ok := globals.(map[GlobalOption]string); ok {
|
2017-07-19 15:17:00 -06:00
|
|
|
settings[option] = value
|
|
|
|
}
|
|
|
|
}
|
2017-04-28 14:46:26 -07:00
|
|
|
}
|
2019-01-14 12:37:40 +01:00
|
|
|
|
|
|
|
// IsGlobalEnabled checks if a global option is enabled
|
|
|
|
func (c Config) IsGlobalEnabled(option GlobalOption) (bool, error) {
|
|
|
|
value, err := c.GetGlobal(option)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return (value == "true" || value == "enabled"), nil
|
|
|
|
}
|