chore: Refactor Sample Code to Separate Files

Split the code in `source.go` to individual sample files, one per rule. This will help contributors submit samples for new rules, or improvements to existing rules. The cgo sample was all that was left after refactoring, which resulted in its own sample file. Sample code was also formatted to have some level of consistency. Each sample go "file" attempts to keep the formatting of `gofmt`, and each code sample is in its own section in the sample file. Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2025-07-15 01:04:43 +02:00 · 2023-11-25 17:51:38 -05:00
parent bc03d1c1bc
commit 0e2a61899a
38 changed files with 4461 additions and 4076 deletions
--- a/testutils/g402_samples.go
+++ b/testutils/g402_samples.go
@ -0,0 +1,298 @@
+package testutils
+
+import "github.com/securego/gosec/v2"
+
+var (
+	// SampleCodeG402 - TLS settings
+	SampleCodeG402 = []CodeSample{
+		{[]string{`
+// InsecureSkipVerify
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// InsecureSkipVerify from variable
+package main
+
+import (
+	"crypto/tls"
+)
+
+func main() {
+	var conf tls.Config
+	conf.InsecureSkipVerify = true
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{MinVersion: 0},
+	}
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func CaseNotError() *tls.Config {
+	var v uint16 = tls.VersionTLS13
+
+	return &tls.Config{
+		MinVersion: v,
+	}
+}
+
+func main() {
+    a := CaseNotError()
+	fmt.Printf("Debug: %v\n", a.MinVersion)
+}
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func CaseNotError() *tls.Config {
+	return &tls.Config{
+		MinVersion: tls.VersionTLS13,
+	}
+}
+
+func main() {
+    a := CaseNotError()
+	fmt.Printf("Debug: %v\n", a.MinVersion)
+}
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func CaseError() *tls.Config {
+	var v = &tls.Config{
+		MinVersion: 0,
+	}
+	return v
+}
+
+func main() {
+    a := CaseError()
+	fmt.Printf("Debug: %v\n", a.MinVersion)
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func CaseError() *tls.Config {
+	var v = &tls.Config{
+		MinVersion: getVersion(),
+	}
+	return v
+}
+
+func getVersion() uint16 {
+	return tls.VersionTLS12
+}
+
+func main() {
+    a := CaseError()
+	fmt.Printf("Debug: %v\n", a.MinVersion)
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// Insecure minimum version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+var theValue uint16 = 0x0304
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{MinVersion: theValue},
+	}
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+// Insecure max version
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{MaxVersion: 0},
+	}
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// Insecure ciphersuite selection
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			CipherSuites: []uint16{
+				tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			},
+		},
+	}
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+// secure max version when min version is specified
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			MaxVersion: 0, 
+			MinVersion: tls.VersionTLS13,
+		},
+	}
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
+}
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+package p0
+
+import "crypto/tls"
+
+func TlsConfig0() *tls.Config {
+	var v uint16 = 0
+	return &tls.Config{MinVersion: v}
+}
+`, `
+package p0
+
+import "crypto/tls"
+
+func TlsConfig1() *tls.Config {
+   return &tls.Config{MinVersion: 0x0304}
+}
+`}, 1, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+func main() {
+	cfg := tls.Config{
+		MinVersion: MinVer,
+	}
+	fmt.Println("tls min version", cfg.MinVersion)
+}
+`, `
+package main
+
+import "crypto/tls"
+
+const MinVer = tls.VersionTLS13
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"crypto/tls"
+	cryptotls "crypto/tls"
+)
+
+func main() {
+	_ = tls.Config{MinVersion: tls.VersionTLS12}
+	_ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12}
+}
+`}, 0, gosec.NewConfig()},
+	}
+)