Major rework of codebase

- Get rid of 'core' and move CLI to cmd/gas directory - Migrate (most) tests to use Ginkgo and testutils framework - GAS now expects package to reside in $GOPATH - GAS now can resolve dependencies for better type checking (if package on GOPATH) - Simplified public API
2025-07-15 01:04:43 +02:00 · 2017-07-19 15:17:00 -06:00
parent f4b705a864
commit 6943f9e5e4
51 changed files with 1189 additions and 2695 deletions
--- a/analyzer_test.go
+++ b/analyzer_test.go
@ -0,0 +1,113 @@
+package gas_test
+
+import (
+	"bytes"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+
+	"github.com/GoASTScanner/gas"
+	"github.com/GoASTScanner/gas/rules"
+
+	"github.com/GoASTScanner/gas/testutils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Analyzer", func() {
+
+	var (
+		analyzer *gas.Analyzer
+		logger   *log.Logger
+		output   *bytes.Buffer
+	)
+	BeforeEach(func() {
+		logger, output = testutils.NewLogger()
+		analyzer = gas.NewAnalyzer(nil, logger)
+	})
+
+	Context("when processing a package", func() {
+
+		It("should return an error if the package contains no Go files", func() {
+			analyzer.LoadRules(rules.Generate().Builders()...)
+			dir, err := ioutil.TempDir("", "empty")
+			defer os.RemoveAll(dir)
+			Expect(err).ShouldNot(HaveOccurred())
+			err = analyzer.Process(dir)
+			Expect(err).Should(HaveOccurred())
+			Expect(err.Error()).Should(MatchRegexp("no buildable Go source files"))
+		})
+
+		It("should return an error if the package fails to build", func() {
+			analyzer.LoadRules(rules.Generate().Builders()...)
+			pkg := testutils.NewTestPackage()
+			defer pkg.Close()
+			pkg.AddFile("wonky.go", `func main(){ println("forgot the package")}`)
+			pkg.Build()
+
+			err := analyzer.Process(pkg.Path)
+			Expect(err).Should(HaveOccurred())
+			Expect(err.Error()).Should(MatchRegexp(`expected 'package'`))
+
+		})
+
+		It("should find errors when nosec is not in use", func() {
+
+			// Rule for MD5 weak crypto usage
+			sample := testutils.SampleCodeG401[0]
+			source := sample.Code
+			analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, "G401")).Builders()...)
+
+			controlPackage := testutils.NewTestPackage()
+			defer controlPackage.Close()
+			controlPackage.AddFile("md5.go", source)
+			controlPackage.Build()
+			analyzer.Process(controlPackage.Path)
+			controlIssues, _ := analyzer.Report()
+			Expect(controlIssues).Should(HaveLen(sample.Errors))
+
+		})
+
+		It("should not report errors when a nosec comment is present", func() {
+			// Rule for MD5 weak crypto usage
+			sample := testutils.SampleCodeG401[0]
+			source := sample.Code
+			analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, "G401")).Builders()...)
+
+			nosecPackage := testutils.NewTestPackage()
+			defer nosecPackage.Close()
+			nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
+			nosecPackage.AddFile("md5.go", nosecSource)
+			nosecPackage.Build()
+
+			analyzer.Process(nosecPackage.Path)
+			nosecIssues, _ := analyzer.Report()
+			Expect(nosecIssues).Should(BeEmpty())
+		})
+	})
+
+	It("should be possible to overwrite nosec comments, and report issues", func() {
+
+		// Rule for MD5 weak crypto usage
+		sample := testutils.SampleCodeG401[0]
+		source := sample.Code
+
+		// overwrite nosec option
+		nosecIgnoreConfig := gas.NewConfig()
+		nosecIgnoreConfig.SetGlobal("nosec", "true")
+		customAnalyzer := gas.NewAnalyzer(nosecIgnoreConfig, logger)
+		customAnalyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, "G401")).Builders()...)
+
+		nosecPackage := testutils.NewTestPackage()
+		defer nosecPackage.Close()
+		nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
+		nosecPackage.AddFile("md5.go", nosecSource)
+		nosecPackage.Build()
+
+		customAnalyzer.Process(nosecPackage.Path)
+		nosecIssues, _ := customAnalyzer.Report()
+		Expect(nosecIssues).Should(HaveLen(sample.Errors))
+
+	})
+})