mirror of
https://github.com/securego/gosec.git
synced 2024-12-30 21:19:46 +02:00
Add test cases
This commit is contained in:
parent
6943f9e5e4
commit
3caf7c3154
10
issue.go
10
issue.go
@ -18,6 +18,7 @@ import (
|
||||
"fmt"
|
||||
"go/ast"
|
||||
"os"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
// Score type used by severity and confidence values
|
||||
@ -36,7 +37,7 @@ type Issue struct {
|
||||
What string `json:"details"` // Human readable explanation
|
||||
File string `json:"file"` // File name we found it in
|
||||
Code string `json:"code"` // Impacted code line
|
||||
Line int `json:"line"` // Line number in file
|
||||
Line string `json:"line"` // Line number in file
|
||||
}
|
||||
|
||||
// MetaData is embedded in all GAS rules. The Severity, Confidence and What message
|
||||
@ -85,7 +86,12 @@ func NewIssue(ctx *Context, node ast.Node, desc string, severity Score, confiden
|
||||
var code string
|
||||
fobj := ctx.FileSet.File(node.Pos())
|
||||
name := fobj.Name()
|
||||
line := fobj.Line(node.Pos())
|
||||
|
||||
start, end := fobj.Line(node.Pos()), fobj.Line(node.End())
|
||||
line := strconv.Itoa(start)
|
||||
if start != end {
|
||||
line = fmt.Sprintf("%d-%d", start, end)
|
||||
}
|
||||
|
||||
if file, err := os.Open(fobj.Name()); err == nil {
|
||||
defer file.Close()
|
||||
|
@ -1,6 +1,11 @@
|
||||
package gas_test
|
||||
|
||||
import (
|
||||
"go/ast"
|
||||
|
||||
"github.com/GoASTScanner/gas"
|
||||
"github.com/GoASTScanner/gas/rules"
|
||||
"github.com/GoASTScanner/gas/testutils"
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
)
|
||||
@ -8,9 +13,35 @@ import (
|
||||
var _ = Describe("Issue", func() {
|
||||
|
||||
Context("when creating a new issue", func() {
|
||||
It("should provide a code snippet for the specified ast.Node", func() {
|
||||
Expect(1).Should(Equal(2))
|
||||
Fail("Not implemented")
|
||||
It("should create a code snippet from the specified ast.Node", func() {
|
||||
var target *ast.BasicLit
|
||||
source := `package main
|
||||
const foo = "bar"
|
||||
func main(){
|
||||
println(foo)
|
||||
}
|
||||
`
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", source)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
v.Callback = func(n ast.Node, ctx *gas.Context) bool {
|
||||
if node, ok := n.(*ast.BasicLit); ok {
|
||||
target = node
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
v.Context = ctx
|
||||
ast.Walk(v, ctx.Root)
|
||||
Expect(target).ShouldNot(BeNil())
|
||||
|
||||
issue := gas.NewIssue(ctx, target, "", gas.High, gas.High)
|
||||
Expect(issue).ShouldNot(BeNil())
|
||||
Expect(issue.Code).Should(MatchRegexp(`"bar"`))
|
||||
Expect(issue.Line).Should(Equal(2))
|
||||
|
||||
})
|
||||
|
||||
It("should return an error if specific context is not able to be obtained", func() {
|
||||
@ -21,6 +52,40 @@ var _ = Describe("Issue", func() {
|
||||
Fail("Not implemented")
|
||||
})
|
||||
|
||||
It("should provide accurate line and file information for multi-line statements", func() {
|
||||
var target *ast.BinaryExpr
|
||||
|
||||
source := `package main
|
||||
import "os"
|
||||
func main(){`
|
||||
source += "q := `SELECT * FROM table WHERE` + \n os.Args[1] + `= ?` // nolint: gas\n"
|
||||
source += `println(q)}`
|
||||
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", source)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
v.Callback = func(n ast.Node, ctx *gas.Context) bool {
|
||||
if node, ok := n.(*ast.BinaryExpr); ok {
|
||||
target = node
|
||||
}
|
||||
return true
|
||||
}
|
||||
v.Context = ctx
|
||||
ast.Walk(v, ctx.Root)
|
||||
Expect(target).ShouldNot(BeNil())
|
||||
|
||||
// Use SQL rule to check binary expr
|
||||
cfg := gas.NewConfig()
|
||||
rule, _ := rules.NewSqlStrConcat(cfg)
|
||||
issue, err := rule.Match(target, ctx)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
Expect(issue).ShouldNot(BeNil())
|
||||
Expect(issue.File).Should(MatchRegexp("foo.go"))
|
||||
Expect(issue.Line).Should(MatchRegexp("3-4"))
|
||||
})
|
||||
|
||||
It("should maintain the provided severity score", func() {
|
||||
Fail("Not implemented")
|
||||
})
|
||||
@ -29,9 +94,6 @@ var _ = Describe("Issue", func() {
|
||||
Fail("Not implemented")
|
||||
})
|
||||
|
||||
It("should correctly record `unsafe` import as not considered a package", func() {
|
||||
Fail("Not implemented")
|
||||
})
|
||||
})
|
||||
|
||||
})
|
||||
|
@ -15,6 +15,7 @@ var _ = Describe("Resolve ast node to concrete value", func() {
|
||||
var basicLiteral *ast.BasicLit
|
||||
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", `package main; const foo = "bar"; func main(){}`)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
@ -34,6 +35,7 @@ var _ = Describe("Resolve ast node to concrete value", func() {
|
||||
It("should successfully resolve identifier", func() {
|
||||
var ident *ast.Ident
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", `package main; var foo string = "bar"; func main(){}`)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
@ -53,6 +55,7 @@ var _ = Describe("Resolve ast node to concrete value", func() {
|
||||
It("should successfully resolve assign statement", func() {
|
||||
var assign *ast.AssignStmt
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", `package main; const x = "bar"; func main(){ y := x; println(y) }`)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
@ -73,6 +76,7 @@ var _ = Describe("Resolve ast node to concrete value", func() {
|
||||
It("should successfully resolve a binary statement", func() {
|
||||
var target *ast.BinaryExpr
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("foo.go", `package main; const (x = "bar"; y = "baz"); func main(){ z := x + y; println(z) }`)
|
||||
ctx := pkg.CreateContext("foo.go")
|
||||
v := testutils.NewMockVisitor()
|
||||
|
@ -46,7 +46,7 @@ var _ = Describe("Rule", func() {
|
||||
What: `Some explanation of the thing`,
|
||||
File: "main.go",
|
||||
Code: `#include <stdio.h> int main(){ puts("hello world"); }`,
|
||||
Line: 42,
|
||||
Line: "42",
|
||||
},
|
||||
err: nil,
|
||||
callback: func(n ast.Node, ctx *gas.Context) bool { return true },
|
||||
|
@ -32,6 +32,7 @@ var _ = Describe("gas rules", func() {
|
||||
for n, sample := range samples {
|
||||
analyzer.Reset()
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
|
||||
pkg.Build()
|
||||
e := analyzer.Process(pkg.Path)
|
||||
|
Loading…
Reference in New Issue
Block a user