183765e6d4
$ git cherry --abbrev -v 8afd9cbb6cfb 66fb7fc33547 + 63b25c1 Fix typo in README (#235) + 419c929 G107 - SSRF (#236) + 145f1a0 Removed wrapping feature (#238) + ec32ce6 Support Go 1.11 (#239) + 762ff3a Allow quoted strings to be used to format SQL queries (#240) + 7f6509a Update README.md (#246) + 5f98926 Refactor Dockerfile (#245) + d3f1980 Fix false positives for SQL string concatenation with constants from another file (#247) + 64d58c2 Refactor the test code sample to support multiple files per sample + 1ecd47e bump Dockerfile golang from 1.10 to 1.11 + 027dc2b This fixes the html template when using '-fmt=html' - resolves HTML escaping issues within the template - resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats + 8c09a83 Add install.sh script + 97bc137 Add CI Installation steps and correct markdown lint errors + 3116b07 Fix typos in comments and rulelist (#256) + 443f84f Fix golint link (#263) + 4180994 Make G201 ignore CallExpr with no args (#262) + 9b966a4 add test case for strings.Builder G104 whitelist inclusion + adb4222 whitelist strings.Builder method in rule G104 + ae82798 Fix the WriteSring test by handling the error + 2695567 Build the code sample for string builder only fron Go 1.10 onwards + f14f17f Add a helper function which extracts the string parameters values of a call expression + 9b32fca Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call + 24e3094 Extend the bind rule to handle the case when the net.Listen address in provided from a const + 72e95e8 Geneate and upload the test coverage report to codecove.io + 12400f9 Update README with the code coverage batch + 14ed63d Do not flag the unhandled errors which are explicitly ignored + f87af5f Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274) + 5d33e6e Update the README with some details about the configuration file + b662615 Fix typo + a966ff7 Fix -conf example in README.md + 04ce7ba add a no-fail flag + e2752bc revert to default GOPATH if necessary (#279) - c04360f make API + 66fb7fc Replace import paths
108 lines
2.9 KiB
Go
108 lines
2.9 KiB
Go
package gosec
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
)
|
|
|
|
const (
|
|
// Globals are applicable to all rules and used for general
|
|
// configuration settings for gosec.
|
|
Globals = "global"
|
|
)
|
|
|
|
// GlobalOption defines the name of the global options
|
|
type GlobalOption string
|
|
|
|
const (
|
|
// Nosec global option for #nosec directive
|
|
Nosec GlobalOption = "nosec"
|
|
// Audit global option which indicates that gosec runs in audit mode
|
|
Audit GlobalOption = "audit"
|
|
)
|
|
|
|
// Config is used to provide configuration and customization to each of the rules.
|
|
type Config map[string]interface{}
|
|
|
|
// NewConfig initializes a new configuration instance. The configuration data then
|
|
// needs to be loaded via c.ReadFrom(strings.NewReader("config data"))
|
|
// or from a *os.File.
|
|
func NewConfig() Config {
|
|
cfg := make(Config)
|
|
cfg[Globals] = make(map[GlobalOption]string)
|
|
return cfg
|
|
}
|
|
|
|
// ReadFrom implements the io.ReaderFrom interface. This
|
|
// should be used with io.Reader to load configuration from
|
|
//file or from string etc.
|
|
func (c Config) ReadFrom(r io.Reader) (int64, error) {
|
|
data, err := ioutil.ReadAll(r)
|
|
if err != nil {
|
|
return int64(len(data)), err
|
|
}
|
|
if err = json.Unmarshal(data, &c); err != nil {
|
|
return int64(len(data)), err
|
|
}
|
|
return int64(len(data)), nil
|
|
}
|
|
|
|
// WriteTo implements the io.WriteTo interface. This should
|
|
// be used to save or print out the configuration information.
|
|
func (c Config) WriteTo(w io.Writer) (int64, error) {
|
|
data, err := json.Marshal(c)
|
|
if err != nil {
|
|
return int64(len(data)), err
|
|
}
|
|
return io.Copy(w, bytes.NewReader(data))
|
|
}
|
|
|
|
// Get returns the configuration section for the supplied key
|
|
func (c Config) Get(section string) (interface{}, error) {
|
|
settings, found := c[section]
|
|
if !found {
|
|
return nil, fmt.Errorf("Section %s not in configuration", section)
|
|
}
|
|
return settings, nil
|
|
}
|
|
|
|
// Set section in the configuration to specified value
|
|
func (c Config) Set(section string, value interface{}) {
|
|
c[section] = value
|
|
}
|
|
|
|
// GetGlobal returns value associated with global configuration option
|
|
func (c Config) GetGlobal(option GlobalOption) (string, error) {
|
|
if globals, ok := c[Globals]; ok {
|
|
if settings, ok := globals.(map[GlobalOption]string); ok {
|
|
if value, ok := settings[option]; ok {
|
|
return value, nil
|
|
}
|
|
return "", fmt.Errorf("global setting for %s not found", option)
|
|
}
|
|
}
|
|
return "", fmt.Errorf("no global config options found")
|
|
|
|
}
|
|
|
|
// SetGlobal associates a value with a global configuration option
|
|
func (c Config) SetGlobal(option GlobalOption, value string) {
|
|
if globals, ok := c[Globals]; ok {
|
|
if settings, ok := globals.(map[GlobalOption]string); ok {
|
|
settings[option] = value
|
|
}
|
|
}
|
|
}
|
|
|
|
// IsGlobalEnabled checks if a global option is enabled
|
|
func (c Config) IsGlobalEnabled(option GlobalOption) (bool, error) {
|
|
value, err := c.GetGlobal(option)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return (value == "true" || value == "enabled"), nil
|
|
}
|