1
0
mirror of https://github.com/securego/gosec.git synced 2025-01-22 03:09:59 +02:00

565 Commits

Author SHA1 Message Date
Grant Murphy
423a303712 Merge pull request #81 from GoASTScanner/experimental
Incorrect rule mapping in rulelist
2016-11-08 09:22:18 -08:00
Grant Murphy
97dcc72a8b Incorrect rule mapping in rulelist 2016-11-08 08:48:45 -08:00
Grant Murphy
7dd3032823 Merge pull request #76 from GoASTScanner/experimental
Fix alias logic
2016-11-07 20:13:48 -08:00
Grant Murphy
be96ef273d Fix alias logic 2016-11-07 20:10:30 -08:00
Grant Murphy
c833bfae02 Merge branch 'tam7t-rand-pkg-helper' 2016-11-07 20:04:40 -08:00
Grant Murphy
e0db3f404a Merge branch 'rand-pkg-helper' of git://github.com/tam7t/gas into tam7t-rand-pkg-helper 2016-11-07 20:03:51 -08:00
Grant Murphy
9f54d257fe Merge pull request #75 from GoASTScanner/experimental
Track package imports and aliases
2016-11-07 19:40:26 -08:00
Grant Murphy
20f2a98ce8 Ensure initialization only imports are ignored
Blacklisted imports should not report failures when a module is imported
for side-effects only using the blank identifier.

Closes #59
2016-11-07 09:28:37 -08:00
Grant Murphy
7a275fd0ad MatchCallByPackage updated to avoid GetCallObject
There seems to be an inconsistency in the way that the type.Info.Uses
map is populated by the type checker in Go 1.5 and the latest release.

It is possible to ascertain the package that relates to an object 1.7.x
release but this does not work for earlier Go versions.

To work around this limitation we now track imports, and monitor if they
are aliased or initalization only imports.
2016-11-07 09:13:20 -08:00
Grant Murphy
d16326051f Merge pull request #71 from GoASTScanner/call_list
Add an experimental way to whitelist/blacklist calls
2016-11-06 17:35:50 -08:00
Grant Murphy
238d1e0692 Merge pull request #73 from GoASTScanner/tools
Add some more useful debugging tools
2016-11-06 17:35:08 -08:00
Grant Murphy
b02c0fa2fc Add imports dumper 2016-11-06 12:15:32 -08:00
Grant Murphy
2c9d8fc461 Skip files if they don't exist 2016-11-06 12:04:52 -08:00
Grant Murphy
d20506048f Update to dump specific context information
Added output printers for comments, types, defs, and uses maps.
2016-11-06 11:59:24 -08:00
Grant Murphy
d8bf436007 Merge pull request #72 from GoASTScanner/tools
Add tool to inspect call objects in file
2016-11-06 11:22:27 -08:00
Grant Murphy
14e6635ca6 Add tool to inspect call objects in file 2016-11-06 11:17:10 -08:00
Grant Murphy
0bc4d4808d Add an experimental way to whitelist calls
A call list is a way of grouping a number of packages and function calls
into a blacklist or whitelist. Could be useful to exclude certain
functions from results or looking for a specific set of functions.
2016-11-06 11:07:50 -08:00
Tommy Murphy
afb84ff20c
rand: use a MatchCallByPackage helper 2016-11-06 12:31:12 -05:00
Grant Murphy
8a473c7e4b Merge pull request #69 from GoASTScanner/helpers
Split out MatchCallByObject into two functions
2016-11-04 15:13:06 -07:00
Grant Murphy
0fef3ad40a Split out MatchCallByObject into two functions
Allows direct call to GetCallObject.
2016-11-04 14:39:22 -07:00
Grant Murphy
ce2c3283d9 Merge pull request #68 from GoASTScanner/command_line_fixes
Command line fixes
2016-11-04 11:42:45 -07:00
Grant Murphy
f71ade6702 Update usage to indicate html is supported 2016-11-04 11:38:25 -07:00
Grant Murphy
d72cee8663 Add quiet mode
When -quiet is specified on the command line we will only show issues
when issues were found.

Fixes #55
2016-11-04 11:38:00 -07:00
Grant Murphy
9fa0b726a0 Merge pull request #67 from GoASTScanner/use_types
Add MatchCall helper that utilizes type checker
2016-11-04 11:28:23 -07:00
Grant Murphy
c4057545ae Add MatchCall helper that utilizes type checker
This introduces a helper function that will significantly reduce the
number of false positives that occur due to the use of regexp based
call matching.

It resolves the object related to a CallExpr and checks that against the
supplied package and identifier name. If both of these match the
returned value is the CallExpr and Object.
2016-11-04 11:20:28 -07:00
Grant Murphy
9e2abd500f Merge pull request #66 from csstaub/cs/html-output
Add support for HTML output
2016-11-03 21:15:17 -07:00
Grant Murphy
aadcf8dbdb Merge pull request #60 from tam7t/fix-rand
rand: resolve math/rand package
2016-11-03 21:14:21 -07:00
Tommy Murphy
4ff59153ec
rand: refactor to use types package 2016-11-03 23:08:03 -04:00
Tommy Murphy
75e0e1aa42 rand: resolve math/rand package 2016-11-03 19:21:12 -04:00
Grant Murphy
068e8a85ad Merge pull request #65 from GoASTScanner/sql_fix
Confirmed correct behavior for SQL tests
2016-11-02 19:20:07 -07:00
Grant Murphy
d60a2b4ebb Confirmed correct behavior for SQL tests
Closes #64
2016-11-02 17:46:59 -07:00
Grant Murphy
853b097922 Merge pull request #63 from GoASTScanner/travis_ci
Add go vet to travis-ci
2016-11-02 17:15:46 -07:00
Grant Murphy
686927c894 Address go vet failure in SQL rule 2016-11-02 17:12:23 -07:00
Grant Murphy
344ebd1ab6 Add go vet to travis-ci 2016-11-02 17:03:24 -07:00
Grant Murphy
65d572f193 Merge pull request #62 from GoASTScanner/correct_imports
Updated imports to new repository location.
2016-11-02 16:58:28 -07:00
Grant Murphy
74b6633ee0 Updated imports to new repository location. 2016-11-02 16:54:20 -07:00
Grant Murphy
b8ce40e193 Remove debugging println 2016-11-02 16:25:13 -07:00
Grant Murphy
4cd269f3a6 Merge pull request #58 from levigross/master
Make sure to exit 1 if we find an issue
2016-10-31 15:09:43 -07:00
Levi Gross
9c3c102127 Fixed comment 2016-10-31 10:16:03 -04:00
Levi Gross
b92fa02ff4 Make sure to exit 1 if we find an issue
Signed-off-by: Levi Gross <levi@levigross.com>
2016-10-29 20:22:08 -04:00
Grant Murphy
fadc6d443d Merge pull request #52 from gcmurphy/use_glob
Refactor path matching logic
2016-10-26 18:22:22 +02:00
Grant Murphy
b8e78c644b Merge pull request #56 from s7v7nislands/fix_unsafe
Fix unsafe
2016-10-25 01:19:16 -07:00
s7v7nislands
eedb0c279d fix fmt 2016-10-25 12:08:59 +08:00
s7v7nislands
92dda9cc3b fix unsafe check 2016-10-25 11:57:05 +08:00
Cedric Staub
911c69646d Add support for HTML output 2016-10-21 13:18:56 -07:00
Grant Murphy
59fbf7446d Refactor path matching logic
Effectively using filepath.Glob to build a set of files and directories
to exclude from the scan.

(ref: https://golang.org/pkg/path/filepath/#Glob)
2016-09-10 14:55:12 -07:00
Tim Kelsey
a4fd848bfc Merge pull request #49 from gcmurphy/master
Add godocs.org reference
2016-09-06 10:19:50 +01:00
Tim Kelsey
7f4bdd5957 Merge pull request #48 from gcmurphy/godoc
Fix typos in godocs
2016-09-06 10:19:33 +01:00
Grant Murphy
d05a2416a2 MatcMatchCompLit should be MatchCompList 2016-08-28 11:44:14 -07:00
Grant Murphy
b5a98c12a8 Add godocs.org bagdge 2016-08-28 11:36:53 -07:00