Merge pull request securego#170 from cosmincojocar/build_more_checks

Update the build file with more checks
ccojocar · Feb 11, 2018 · d48668e · d48668e
2 parents 777b706 + 7355f0a
commit d48668e
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 26 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,17 +1,25 @@
 language: go
-before_script:
-  - go vet $(go list ./... | grep -v /vendor/)
+
 go:
   - 1.7
   - 1.8
   - 1.9
   - tip
+
 install:
+  - go get -u github.com/golang/lint/golint
   - go get -v github.com/onsi/ginkgo/ginkgo
   - go get -v github.com/onsi/gomega
   - go get -v golang.org/x/crypto/ssh
+  - go get github.com/GoASTScanner/gas/cmd/gas/...
   - go get -v -t ./...
   - export PATH=$PATH:$HOME/gopath/bin
 
+before_script:
+  - test -z "$(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)"
+  - test -z "$(golint . |  tee /dev/stderr)"
+  - go vet $(go list ./... | grep -v /vendor/)
+  - gas ./...
+
 script: ginkgo -r
 
diff --git a/analyzer.go b/analyzer.go
@@ -102,7 +102,10 @@ func (gas *Analyzer) Process(packagePaths ...string) error {
 		AllowErrors: true,
 	}
 	for _, packagePath := range packagePaths {
-		abspath, _ := filepath.Abs(packagePath)
+		abspath, err := filepath.Abs(packagePath)
+		if err != nil {
+			return err
+		}
 		gas.logger.Println("Searching directory:", abspath)
 
 		basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)

diff --git a/import_tracker_test.go b/import_tracker_test.go
@@ -15,7 +15,7 @@ var _ = Describe("ImportTracker", func() {
 	})
 	Context("when I have a valid go package", func() {
 		It("should record all import specs", func() {
-            Expect(source).To(Equal(source))
+			Expect(source).To(Equal(source))
 			Skip("Not implemented")
 		})
 

diff --git a/issue.go b/issue.go
@@ -76,7 +76,7 @@ func codeSnippet(file *os.File, start int64, end int64, n ast.Node) (string, err
 	}
 
 	size := (int)(end - start) // Go bug, os.File.Read should return int64 ...
-	file.Seek(start, 0)
+	file.Seek(start, 0)        // #nosec
 
 	buf := make([]byte, size)
 	if nread, err := file.Read(buf); err != nil || nread != size {

diff --git a/rules/rulelist.go b/rules/rulelist.go
@@ -60,35 +60,35 @@ func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter {
 func Generate(filters ...RuleFilter) RuleList {
 	rules := map[string]RuleDefinition{
 		// misc
-		"G101": RuleDefinition{"Look for hardcoded credentials", NewHardcodedCredentials},
-		"G102": RuleDefinition{"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
-		"G103": RuleDefinition{"Audit the use of unsafe block", NewUsingUnsafe},
-		"G104": RuleDefinition{"Audit errors not checked", NewNoErrorCheck},
-		"G105": RuleDefinition{"Audit the use of big.Exp function", NewUsingBigExp},
-		"G106": RuleDefinition{"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
+		"G101": {"Look for hardcoded credentials", NewHardcodedCredentials},
+		"G102": {"Bind to all interfaces", NewBindsToAllNetworkInterfaces},
+		"G103": {"Audit the use of unsafe block", NewUsingUnsafe},
+		"G104": {"Audit errors not checked", NewNoErrorCheck},
+		"G105": {"Audit the use of big.Exp function", NewUsingBigExp},
+		"G106": {"Audit the use of ssh.InsecureIgnoreHostKey function", NewSSHHostKey},
 
 		// injection
-		"G201": RuleDefinition{"SQL query construction using format string", NewSQLStrFormat},
-		"G202": RuleDefinition{"SQL query construction using string concatenation", NewSQLStrConcat},
-		"G203": RuleDefinition{"Use of unescaped data in HTML templates", NewTemplateCheck},
-		"G204": RuleDefinition{"Audit use of command execution", NewSubproc},
+		"G201": {"SQL query construction using format string", NewSQLStrFormat},
+		"G202": {"SQL query construction using string concatenation", NewSQLStrConcat},
+		"G203": {"Use of unescaped data in HTML templates", NewTemplateCheck},
+		"G204": {"Audit use of command execution", NewSubproc},
 
 		// filesystem
-		"G301": RuleDefinition{"Poor file permissions used when creating a directory", NewMkdirPerms},
-		"G302": RuleDefinition{"Poor file permisions used when creation file or using chmod", NewFilePerms},
-		"G303": RuleDefinition{"Creating tempfile using a predictable path", NewBadTempFile},
+		"G301": {"Poor file permissions used when creating a directory", NewMkdirPerms},
+		"G302": {"Poor file permisions used when creation file or using chmod", NewFilePerms},
+		"G303": {"Creating tempfile using a predictable path", NewBadTempFile},
 
 		// crypto
-		"G401": RuleDefinition{"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
-		"G402": RuleDefinition{"Look for bad TLS connection settings", NewIntermediateTLSCheck},
-		"G403": RuleDefinition{"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
-		"G404": RuleDefinition{"Insecure random number source (rand)", NewWeakRandCheck},
+		"G401": {"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},
+		"G402": {"Look for bad TLS connection settings", NewIntermediateTLSCheck},
+		"G403": {"Ensure minimum RSA key length of 2048 bits", NewWeakKeyStrength},
+		"G404": {"Insecure random number source (rand)", NewWeakRandCheck},
 
 		// blacklist
-		"G501": RuleDefinition{"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
-		"G502": RuleDefinition{"Import blacklist: crypto/des", NewBlacklistedImportDES},
-		"G503": RuleDefinition{"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
-		"G504": RuleDefinition{"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
+		"G501": {"Import blacklist: crypto/md5", NewBlacklistedImportMD5},
+		"G502": {"Import blacklist: crypto/des", NewBlacklistedImportDES},
+		"G503": {"Import blacklist: crypto/rc4", NewBlacklistedImportRC4},
+		"G504": {"Import blacklist: net/http/cgi", NewBlacklistedImportCGI},
 	}
 
 	for rule := range rules {