Documentation ¶
Index ¶
- func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)
- func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewDeferredClosing(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
- type RuleDefinition
- type RuleFilter
- type RuleList
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewArchive ¶
NewArchive creates a new rule which detects the file traversal when extracting zip archives
func NewBadTempFile ¶
NewBadTempFile detects direct writes to predictable path in temporary directory
func NewBindsToAllNetworkInterfaces ¶
NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.
func NewBlacklistedImportCGI ¶
NewBlacklistedImportCGI fails if CGI is imported
func NewBlacklistedImportDES ¶
NewBlacklistedImportDES fails if DES is imported
func NewBlacklistedImportMD5 ¶
NewBlacklistedImportMD5 fails if MD5 is imported
func NewBlacklistedImportRC4 ¶
NewBlacklistedImportRC4 fails if DES is imported
func NewBlacklistedImportSHA1 ¶
NewBlacklistedImportSHA1 fails if SHA1 is imported
func NewBlacklistedImports ¶
func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)
NewBlacklistedImports reports when a blacklisted import is being used. Typically when a deprecated technology is being used.
func NewDecompressionBombCheck ¶
NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb
func NewDeferredClosing ¶
NewDeferredClosing detects unsafe defer of error returning methods
func NewFilePerms ¶
NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.
func NewHardcodedCredentials ¶
NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.
func NewIntegerOverflowCheck ¶
NewIntegerOverflowCheck detects if there is potential Integer OverFlow
func NewIntermediateTLSCheck ¶
NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool
func NewMkdirPerms ¶
NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.
func NewModernTLSCheck ¶
NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool
func NewNoErrorCheck ¶
NewNoErrorCheck detects if the returned error is unchecked
func NewOldTLSCheck ¶
NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool
func NewPprofCheck ¶
NewPprofCheck detects when the profiling endpoint is automatically exposed
func NewReadFile ¶
NewReadFile detects cases where we read files
func NewSQLStrConcat ¶
NewSQLStrConcat looks for cases where we are building SQL strings via concatenation
func NewSQLStrFormat ¶
NewSQLStrFormat looks for cases where we're building SQL query strings using format strings
func NewSSHHostKey ¶
NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.
func NewSSRFCheck ¶
NewSSRFCheck detects cases where HTTP requests are sent
func NewSubproc ¶
NewSubproc detects cases where we are forking out to an external process
func NewTemplateCheck ¶
NewTemplateCheck constructs the template check rule. This rule is used to find use of templates where HTML/JS escaping is not being used
func NewUsesWeakCryptography ¶
NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*
func NewUsingUnsafe ¶
NewUsingUnsafe rule detects the use of the unsafe package. This is only really useful for auditing purposes.
func NewWeakKeyStrength ¶
NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
func NewWeakRandCheck ¶
NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
Types ¶
type RuleDefinition ¶
type RuleDefinition struct { ID string Description string Create gosec.RuleBuilder }
RuleDefinition contains the description of a rule and a mechanism to create it.
type RuleFilter ¶
RuleFilter can be used to include or exclude a rule depending on the return value of the function
func NewRuleFilter ¶
func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter
NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.
type RuleList ¶
type RuleList map[string]RuleDefinition
RuleList is a mapping of rule ID's to rule definitions