-
Notifications
You must be signed in to change notification settings - Fork 9k
/
AWSAT002.go
59 lines (47 loc) · 1.32 KB
/
AWSAT002.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// Package AWSAT002 defines an Analyzer that checks for
// hardcoded AMI IDs
package AWSAT002
import (
"go/ast"
"go/token"
"regexp"
"github.com/bflad/tfproviderlint/passes/commentignore"
"golang.org/x/tools/go/analysis"
"golang.org/x/tools/go/analysis/passes/inspect"
"golang.org/x/tools/go/ast/inspector"
)
const Doc = `check for hardcoded AMI IDs
The AWSAT002 analyzer reports hardcoded AMI IDs. AMI IDs are region dependent and tests will fail in any region or partition other than where the AMI was created.
`
const analyzerName = "AWSAT002"
var Analyzer = &analysis.Analyzer{
Name: analyzerName,
Doc: Doc,
Requires: []*analysis.Analyzer{
commentignore.Analyzer,
inspect.Analyzer,
},
Run: run,
}
func run(pass *analysis.Pass) (interface{}, error) {
ignorer := pass.ResultOf[commentignore.Analyzer].(*commentignore.Ignorer)
inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
nodeFilter := []ast.Node{
(*ast.BasicLit)(nil),
}
re := regexp.MustCompile("ami-[0-9a-z]{8,17}")
inspect.Preorder(nodeFilter, func(n ast.Node) {
x := n.(*ast.BasicLit)
if ignorer.ShouldIgnore(analyzerName, x) {
return
}
if x.Kind != token.STRING {
return
}
if !re.MatchString(x.Value) {
return
}
pass.Reportf(x.ValuePos, "%s: AMI IDs should not be hardcoded", analyzerName)
})
return nil, nil
}