mirror of
https://github.com/securego/gosec.git
synced 2025-07-17 01:12:33 +02:00
Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule
This commit is contained in:
@ -21,6 +21,7 @@ import (
|
||||
// RuleDefinition contains the description of a rule and a mechanism to
|
||||
// create it.
|
||||
type RuleDefinition struct {
|
||||
ID string
|
||||
Description string
|
||||
Create gas.RuleBuilder
|
||||
}
|
||||
@ -29,10 +30,10 @@ type RuleDefinition struct {
|
||||
type RuleList map[string]RuleDefinition
|
||||
|
||||
// Builders returns all the create methods for a given rule list
|
||||
func (rl RuleList) Builders() []gas.RuleBuilder {
|
||||
builders := make([]gas.RuleBuilder, 0, len(rl))
|
||||
func (rl RuleList) Builders() map[string]gas.RuleBuilder {
|
||||
builders := make(map[string]gas.RuleBuilder)
|
||||
for _, def := range rl {
|
||||
builders = append(builders, def.Create)
|
||||
builders[def.ID] = def.Create
|
||||
}
|
||||
return builders
|
||||
}
|
||||
@ -58,46 +59,50 @@ func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter {
|
||||
|
||||
// Generate the list of rules to use
|
||||
func Generate(filters ...RuleFilter) RuleList {
|
||||
rules := map[string]RuleDefinition{
|
||||
rules := []RuleDefinition{
|
||||
// misc
|
||||
"G101": {"Look for hardcoded credentials", NewHardcodedCredentials},
|
||||
"G102": {"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
|
||||
"G103": {"Audit the use of unsafe block", NewUsingUnsafe},
|
||||
"G104": {"Audit errors not checked", NewNoErrorCheck},
|
||||
"G105": {"Audit the use of big.Exp function", NewUsingBigExp},
|
||||
"G106": {"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
|
||||
{"G101", "Look for hardcoded credentials", NewHardcodedCredentials},
|
||||
{"G102", "Bind to all interfaces", NewBindsToAllNetworkInterfaces},
|
||||
{"G103", "Audit the use of unsafe block", NewUsingUnsafe},
|
||||
{"G104", "Audit errors not checked", NewNoErrorCheck},
|
||||
{"G105", "Audit the use of big.Exp function", NewUsingBigExp},
|
||||
{"G106", "Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
|
||||
|
||||
// injection
|
||||
"G201": {"SQL query construction using format string", NewSQLStrFormat},
|
||||
"G202": {"SQL query construction using string concatenation", NewSQLStrConcat},
|
||||
"G203": {"Use of unescaped data in HTML templates", NewTemplateCheck},
|
||||
"G204": {"Audit use of command execution", NewSubproc},
|
||||
{"G201", "SQL query construction using format string", NewSQLStrFormat},
|
||||
{"G202", "SQL query construction using string concatenation", NewSQLStrConcat},
|
||||
{"G203", "Use of unescaped data in HTML templates", NewTemplateCheck},
|
||||
{"G204", "Audit use of command execution", NewSubproc},
|
||||
|
||||
// filesystem
|
||||
"G301": {"Poor file permissions used when creating a directory", NewMkdirPerms},
|
||||
"G302": {"Poor file permisions used when creation file or using chmod", NewFilePerms},
|
||||
"G303": {"Creating tempfile using a predictable path", NewBadTempFile},
|
||||
"G304": {"File path provided as taint input", NewReadFile},
|
||||
{"G301", "Poor file permissions used when creating a directory", NewMkdirPerms},
|
||||
{"G302", "Poor file permisions used when creation file or using chmod", NewFilePerms},
|
||||
{"G303", "Creating tempfile using a predictable path", NewBadTempFile},
|
||||
{"G304", "File path provided as taint input", NewReadFile},
|
||||
|
||||
// crypto
|
||||
"G401": {"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
|
||||
"G402": {"Look for bad TLS connection settings", NewIntermediateTLSCheck},
|
||||
"G403": {"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
|
||||
"G404": {"Insecure random number source (rand)", NewWeakRandCheck},
|
||||
{"G401", "Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
|
||||
{"G402", "Look for bad TLS connection settings", NewIntermediateTLSCheck},
|
||||
{"G403", "Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
|
||||
{"G404", "Insecure random number source (rand)", NewWeakRandCheck},
|
||||
|
||||
// blacklist
|
||||
"G501": {"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
|
||||
"G502": {"Import blacklist: crypto/des", NewBlacklistedImportDES},
|
||||
"G503": {"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
|
||||
"G504": {"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
|
||||
{"G501", "Import blacklist: crypto/md5", NewBlacklistedImportMD5},
|
||||
{"G502", "Import blacklist: crypto/des", NewBlacklistedImportDES},
|
||||
{"G503", "Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
|
||||
{"G504", "Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
|
||||
}
|
||||
|
||||
for rule := range rules {
|
||||
ruleMap := make(map[string]RuleDefinition)
|
||||
|
||||
RULES:
|
||||
for _, rule := range rules {
|
||||
for _, filter := range filters {
|
||||
if filter(rule) {
|
||||
delete(rules, rule)
|
||||
if filter(rule.ID) {
|
||||
continue RULES
|
||||
}
|
||||
}
|
||||
ruleMap[rule.ID] = rule
|
||||
}
|
||||
return rules
|
||||
return ruleMap
|
||||
}
|
||||
|
Reference in New Issue
Block a user