Replace gas with gosec everywhere in the project

dangolbeeker · Jul 19, 2018 · 893b87b · 893b87b
1 parent da26f64
commit 893b87b
Show file tree

Hide file tree

Showing 52 changed files with 387 additions and 390 deletions.
diff --git a/.github/issue_template.md b/.github/issue_template.md
@@ -2,7 +2,7 @@
 
 ### Steps to reproduce the behavior
 
-### Gas version
+### gosec version
 
 ### Go version (output of 'go version')
 

diff --git a/.travis.yml b/.travis.yml
@@ -11,7 +11,7 @@ install:
   - go get -u github.com/onsi/ginkgo/ginkgo
   - go get -u github.com/onsi/gomega
   - go get -u golang.org/x/crypto/ssh
-  - go get -u github.com/securego/gas/cmd/gas/...
+  - go get -u github.com/securego/gosec/cmd/gosec/...
   - go get -v -t ./...
   - export PATH=$PATH:$HOME/gopath/bin
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM golang:1.9.4-alpine3.7
 
-ENV BIN=gas
+ENV BIN=gosec
 
 COPY build/*-linux-amd64 /go/bin/$BIN
 COPY docker-entrypoint.sh /usr/local/bin

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 GIT_TAG?= $(shell git describe --always --tags)
 BUILD_DATE = $(shell date +%Y-%m-%d)
-BIN = gas
-BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gas/ &
+BIN = gosec
+BUILD_CMD = go build -ldflags "-X main.Version=${VERSION} -X main.GitTag=${GIT_TAG} -X main.BuildDate=${BUILD_DATE}" -o build/$(BIN)-$(VERSION)-$${GOOS}-$${GOARCH} ./cmd/gosec/ &
 FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
 IMAGE_REPO = docker.io
 
@@ -13,12 +13,12 @@ test: bootstrap
 	test -z '$(FMT_CMD)'
 	go vet $(go list ./... | grep -v /vendor/)
 	golint -set_exit_status $(shell go list ./... | grep -v vendor)
-	gas ./...
+	gosec ./...
 	ginkgo -r -v
 bootstrap:
 	dep ensure
 build:
-	go build -o $(BIN) ./cmd/gas/
+	go build -o $(BIN) ./cmd/gosec/
 clean:
 	rm -rf build vendor
 	rm -f release image bootstrap $(BIN)

diff --git a/analyzer.go b/analyzer.go
@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package gas holds the central scanning logic used by GAS
-package gas
+// Package gosec holds the central scanning logic used by gosec security scanner
+package gosec
 
 import (
 	"go/ast"
@@ -55,7 +55,7 @@ type Metrics struct {
 	NumFound int `json:"found"`
 }
 
-// Analyzer object is the main object of GAS. It has methods traverse an AST
+// Analyzer object is the main object of gosec. It has methods traverse an AST
 // and invoke the correct checking rules as on each node as required.
 type Analyzer struct {
 	ignoreNosec bool
@@ -74,7 +74,7 @@ func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
 		ignoreNoSec = setting == "true" || setting == "enabled"
 	}
 	if logger == nil {
-		logger = log.New(os.Stderr, "[gas]", log.LstdFlags)
+		logger = log.New(os.Stderr, "[gosec]", log.LstdFlags)
 	}
 	return &Analyzer{
 		ignoreNosec: ignoreNoSec,
@@ -89,15 +89,15 @@ func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
 
 // LoadRules instantiates all the rules to be used when analyzing source
 // packages
-func (gas *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
+func (gosec *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
 	for id, def := range ruleDefinitions {
-		r, nodes := def(id, gas.config)
-		gas.ruleset.Register(r, nodes...)
+		r, nodes := def(id, gosec.config)
+		gosec.ruleset.Register(r, nodes...)
 	}
 }
 
 // Process kicks off the analysis process for a given package
-func (gas *Analyzer) Process(buildTags []string, packagePaths ...string) error {
+func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error {
 	ctx := build.Default
 	ctx.BuildTags = append(ctx.BuildTags, buildTags...)
 	packageConfig := loader.Config{
@@ -111,10 +111,10 @@ func (gas *Analyzer) Process(buildTags []string, packagePaths ...string) error {
 			return err
 		}
 		if _, err := os.Stat(abspath); os.IsNotExist(err) {
-			gas.logger.Printf("Skipping: %s. Path doesn't exist.", abspath)
+			gosec.logger.Printf("Skipping: %s. Path doesn't exist.", abspath)
 			continue
 		}
-		gas.logger.Println("Searching directory:", abspath)
+		gosec.logger.Println("Searching directory:", abspath)
 
 		basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)
 		if err != nil {
@@ -135,31 +135,31 @@ func (gas *Analyzer) Process(buildTags []string, packagePaths ...string) error {
 	}
 
 	for _, pkg := range builtPackage.Created {
-		gas.logger.Println("Checking package:", pkg.String())
+		gosec.logger.Println("Checking package:", pkg.String())
 		for _, file := range pkg.Files {
-			gas.logger.Println("Checking file:", builtPackage.Fset.File(file.Pos()).Name())
-			gas.context.FileSet = builtPackage.Fset
-			gas.context.Config = gas.config
-			gas.context.Comments = ast.NewCommentMap(gas.context.FileSet, file, file.Comments)
-			gas.context.Root = file
-			gas.context.Info = &pkg.Info
-			gas.context.Pkg = pkg.Pkg
-			gas.context.Imports = NewImportTracker()
-			gas.context.Imports.TrackPackages(gas.context.Pkg.Imports()...)
-			ast.Walk(gas, file)
-			gas.stats.NumFiles++
-			gas.stats.NumLines += builtPackage.Fset.File(file.Pos()).LineCount()
+			gosec.logger.Println("Checking file:", builtPackage.Fset.File(file.Pos()).Name())
+			gosec.context.FileSet = builtPackage.Fset
+			gosec.context.Config = gosec.config
+			gosec.context.Comments = ast.NewCommentMap(gosec.context.FileSet, file, file.Comments)
+			gosec.context.Root = file
+			gosec.context.Info = &pkg.Info
+			gosec.context.Pkg = pkg.Pkg
+			gosec.context.Imports = NewImportTracker()
+			gosec.context.Imports.TrackPackages(gosec.context.Pkg.Imports()...)
+			ast.Walk(gosec, file)
+			gosec.stats.NumFiles++
+			gosec.stats.NumLines += builtPackage.Fset.File(file.Pos()).LineCount()
 		}
 	}
 	return nil
 }
 
 // ignore a node (and sub-tree) if it is tagged with a "#nosec" comment
-func (gas *Analyzer) ignore(n ast.Node) ([]string, bool) {
-	if groups, ok := gas.context.Comments[n]; ok && !gas.ignoreNosec {
+func (gosec *Analyzer) ignore(n ast.Node) ([]string, bool) {
+	if groups, ok := gosec.context.Comments[n]; ok && !gosec.ignoreNosec {
 		for _, group := range groups {
 			if strings.Contains(group.Text(), "#nosec") {
-				gas.stats.NumNosec++
+				gosec.stats.NumNosec++
 
 				// Pull out the specific rules that are listed to be ignored.
 				re := regexp.MustCompile("(G\\d{3})")
@@ -182,27 +182,27 @@ func (gas *Analyzer) ignore(n ast.Node) ([]string, bool) {
 	return nil, false
 }
 
-// Visit runs the GAS visitor logic over an AST created by parsing go code.
+// Visit runs the gosec visitor logic over an AST created by parsing go code.
 // Rule methods added with AddRule will be invoked as necessary.
-func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {
+func (gosec *Analyzer) Visit(n ast.Node) ast.Visitor {
 	// If we've reached the end of this branch, pop off the ignores stack.
 	if n == nil {
-		if len(gas.context.Ignores) > 0 {
-			gas.context.Ignores = gas.context.Ignores[1:]
+		if len(gosec.context.Ignores) > 0 {
+			gosec.context.Ignores = gosec.context.Ignores[1:]
 		}
-		return gas
+		return gosec
 	}
 
 	// Get any new rule exclusions.
-	ignoredRules, ignoreAll := gas.ignore(n)
+	ignoredRules, ignoreAll := gosec.ignore(n)
 	if ignoreAll {
 		return nil
 	}
 
 	// Now create the union of exclusions.
 	ignores := make(map[string]bool, 0)
-	if len(gas.context.Ignores) > 0 {
-		for k, v := range gas.context.Ignores[0] {
+	if len(gosec.context.Ignores) > 0 {
+		for k, v := range gosec.context.Ignores[0] {
 			ignores[k] = v
 		}
 	}
@@ -212,37 +212,37 @@ func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {
 	}
 
 	// Push the new set onto the stack.
-	gas.context.Ignores = append([]map[string]bool{ignores}, gas.context.Ignores...)
+	gosec.context.Ignores = append([]map[string]bool{ignores}, gosec.context.Ignores...)
 
 	// Track aliased and initialization imports
-	gas.context.Imports.TrackImport(n)
+	gosec.context.Imports.TrackImport(n)
 
-	for _, rule := range gas.ruleset.RegisteredFor(n) {
+	for _, rule := range gosec.ruleset.RegisteredFor(n) {
 		if _, ok := ignores[rule.ID()]; ok {
 			continue
 		}
-		issue, err := rule.Match(n, gas.context)
+		issue, err := rule.Match(n, gosec.context)
 		if err != nil {
-			file, line := GetLocation(n, gas.context)
+			file, line := GetLocation(n, gosec.context)
 			file = path.Base(file)
-			gas.logger.Printf("Rule error: %v => %s (%s:%d)\n", reflect.TypeOf(rule), err, file, line)
+			gosec.logger.Printf("Rule error: %v => %s (%s:%d)\n", reflect.TypeOf(rule), err, file, line)
 		}
 		if issue != nil {
-			gas.issues = append(gas.issues, issue)
-			gas.stats.NumFound++
+			gosec.issues = append(gosec.issues, issue)
+			gosec.stats.NumFound++
 		}
 	}
-	return gas
+	return gosec
 }
 
 // Report returns the current issues discovered and the metrics about the scan
-func (gas *Analyzer) Report() ([]*Issue, *Metrics) {
-	return gas.issues, gas.stats
+func (gosec *Analyzer) Report() ([]*Issue, *Metrics) {
+	return gosec.issues, gosec.stats
 }
 
 // Reset clears state such as context, issues and metrics from the configured analyzer
-func (gas *Analyzer) Reset() {
-	gas.context = &Context{}
-	gas.issues = make([]*Issue, 0, 16)
-	gas.stats = &Metrics{}
+func (gosec *Analyzer) Reset() {
+	gosec.context = &Context{}
+	gosec.issues = make([]*Issue, 0, 16)
+	gosec.stats = &Metrics{}
 }
diff --git a/analyzer_test.go b/analyzer_test.go
@@ -1,29 +1,29 @@
-package gas_test
+package gosec_test
 
 import (
 	"io/ioutil"
 	"log"
 	"os"
 	"strings"
 
-	"github.com/securego/gas"
-	"github.com/securego/gas/rules"
+	"github.com/securego/gosec"
+	"github.com/securego/gosec/rules"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
-	"github.com/securego/gas/testutils"
+	"github.com/securego/gosec/testutils"
 )
 
 var _ = Describe("Analyzer", func() {
 
 	var (
-		analyzer  *gas.Analyzer
+		analyzer  *gosec.Analyzer
 		logger    *log.Logger
 		buildTags []string
 	)
 	BeforeEach(func() {
 		logger, _ = testutils.NewLogger()
-		analyzer = gas.NewAnalyzer(nil, logger)
+		analyzer = gosec.NewAnalyzer(nil, logger)
 	})
 
 	Context("when processing a package", func() {
@@ -200,9 +200,9 @@ var _ = Describe("Analyzer", func() {
 		source := sample.Code
 
 		// overwrite nosec option
-		nosecIgnoreConfig := gas.NewConfig()
+		nosecIgnoreConfig := gosec.NewConfig()
 		nosecIgnoreConfig.SetGlobal("nosec", "true")
-		customAnalyzer := gas.NewAnalyzer(nosecIgnoreConfig, logger)
+		customAnalyzer := gosec.NewAnalyzer(nosecIgnoreConfig, logger)
 		customAnalyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, "G401")).Builders())
 
 		nosecPackage := testutils.NewTestPackage()

diff --git a/call_list.go b/call_list.go
@@ -11,7 +11,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package gas
+package gosec
 
 import (
 	"go/ast"

diff --git a/call_list_test.go b/call_list_test.go
@@ -1,20 +1,20 @@
-package gas_test
+package gosec_test
 
 import (
 	"go/ast"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
-	"github.com/securego/gas"
-	"github.com/securego/gas/testutils"
+	"github.com/securego/gosec"
+	"github.com/securego/gosec/testutils"
 )
 
 var _ = Describe("call list", func() {
 	var (
-		calls gas.CallList
+		calls gosec.CallList
 	)
 	BeforeEach(func() {
-		calls = gas.NewCallList()
+		calls = gosec.NewCallList()
 	})
 
 	It("should not return any matches when empty", func() {
@@ -72,7 +72,7 @@ var _ = Describe("call list", func() {
 		matched := 0
 		v := testutils.NewMockVisitor()
 		v.Context = ctx
-		v.Callback = func(n ast.Node, ctx *gas.Context) bool {
+		v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
 			if _, ok := n.(*ast.CallExpr); ok && calls.ContainsCallExpr(n, ctx) != nil {
 				matched++
 			}

diff --git a/cmd/gas/filelist.go → cmd/gosec/filelist.go b/cmd/gas/filelist.go → cmd/gosec/filelist.go