Merge pull request #41 from HewlettPackard/usage

Fix usage information

main.go

@@ -56,7 +56,10 @@ USAGE:
 	$ gas -fmt=json -out=results.json ./...
 
 	# Run a specific set of rules (by default all rules will be run):
-	$ gas -rule=sql -rule=sql ./...
+	$ gas -include=G101,G203,G401 ./...
+
+	# Run all rules except the provided
+	$ gas -exclude=G101 ./...
 
 `
 
@@ -140,10 +143,10 @@ func main() {
 	flag.Var(&excluded, "skip", "File pattern to exclude from scan")
 
 	incRules := ""
-	flag.StringVar(&incRules, "include", "", "comma sperated list of rules IDs to include, see rule list")
+	flag.StringVar(&incRules, "include", "", "Comma separated list of rules IDs to include. (see rule list)")
 
 	excRules := ""
-	flag.StringVar(&excRules, "exclude", "", "comma sperated list of rules IDs to exclude, see rule list")
+	flag.StringVar(&excRules, "exclude", "", "Comma separated list of rules IDs to exclude. (see rule list)")
 
 	// Custom commands / utilities to run instead of default analyzer
 	tools := newUtils()

rulelist.go

@@ -31,33 +31,33 @@ type RuleInfo struct {
 func GetFullRuleList() map[string]RuleInfo {
 	return map[string]RuleInfo{
 		// misc
-		"G101": RuleInfo{"hardcoded credentials", rules.NewHardcodedCredentials},
-		"G102": RuleInfo{"bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
-		"G103": RuleInfo{"use of unsafe block", rules.NewUsingUnsafe},
-		"G104": RuleInfo{"errors not checked", rules.NewTemplateCheck},
+		"G101": RuleInfo{"Look for hardcoded credentials", rules.NewHardcodedCredentials},
+		"G102": RuleInfo{"Bind to all interfaces", rules.NewBindsToAllNetworkInterfaces},
+		"G103": RuleInfo{"Audit the use of unsafe block", rules.NewUsingUnsafe},
+		"G104": RuleInfo{"Audit errors not checked", rules.NewTemplateCheck},
 
 		// injection
-		"G201": RuleInfo{"sql string format", rules.NewSqlStrFormat},
-		"G202": RuleInfo{"sql string concat", rules.NewSqlStrConcat},
-		"G203": RuleInfo{"unescaped templates", rules.NewTemplateCheck},
-		"G204": RuleInfo{"use of exec", rules.NewSubproc},
+		"G201": RuleInfo{"SQL query construction using format string", rules.NewSqlStrFormat},
+		"G202": RuleInfo{"SQL query construction using string concatenation", rules.NewSqlStrConcat},
+		"G203": RuleInfo{"Use of unescaped data in HTML templates", rules.NewTemplateCheck},
+		"G204": RuleInfo{"Audit use of command execution", rules.NewSubproc},
 
 		// filesystem
-		"G301": RuleInfo{"poor mkdir permissions", rules.NewMkdirPerms},
-		"G302": RuleInfo{"poor chmod permisions", rules.NewChmodPerms},
-		"G303": RuleInfo{"predicatable tempfile", rules.NewBadTempFile},
+		"G301": RuleInfo{"Poor file permissions used when creating a directory", rules.NewMkdirPerms},
+		"G302": RuleInfo{"Poor file permisions used with chmod", rules.NewChmodPerms},
+		"G303": RuleInfo{"Creating tempfile using a predictable path", rules.NewBadTempFile},
 
 		// crypto
-		"G401": RuleInfo{"weak crypto", rules.NewUsesWeakCryptography},
-		"G402": RuleInfo{"bad TLS options", rules.NewIntermediateTlsCheck},
-		"G403": RuleInfo{"bad RSA key length", rules.NewWeakKeyStrength},
-		"G404": RuleInfo{"poor random source (rand)", rules.NewWeakRandCheck},
+		"G401": RuleInfo{"Detect the usage of DES, RC4, or MD5", rules.NewUsesWeakCryptography},
+		"G402": RuleInfo{"Look for bad TLS connection settings", rules.NewIntermediateTlsCheck},
+		"G403": RuleInfo{"Ensure minimum RSA key length of 2048 bits", rules.NewWeakKeyStrength},
+		"G404": RuleInfo{"Insecure random number source (rand)", rules.NewWeakRandCheck},
 
 		// blacklist
-		"G501": RuleInfo{"blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
-		"G502": RuleInfo{"blacklist: crypto/des", rules.NewBlacklist_crypto_des},
-		"G503": RuleInfo{"blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
-		"G504": RuleInfo{"blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
+		"G501": RuleInfo{"Import blacklist: crypto/md5", rules.NewBlacklist_crypto_md5},
+		"G502": RuleInfo{"Import blacklist: crypto/des", rules.NewBlacklist_crypto_des},
+		"G503": RuleInfo{"Import blacklist: crypto/rc4", rules.NewBlacklist_crypto_rc4},
+		"G504": RuleInfo{"Import blacklist: net/http/cgi", rules.NewBlacklist_net_http_cgi},
 	}
 }