Merge pull request securego#152 from ashanbrown/one-build

Do a single build for all packages
holyspectral · Jan 7, 2018 · b068284 · b068284
2 parents 085e0f6 + 22dc893
commit b068284
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 16 deletions.
diff --git a/analyzer.go b/analyzer.go
@@ -27,6 +27,8 @@ import (
 	"reflect"
 	"strings"
 
+	"path/filepath"
+
 	"golang.org/x/tools/go/loader"
 )
 
@@ -93,20 +95,25 @@ func (gas *Analyzer) LoadRules(ruleDefinitions ...RuleBuilder) {
 }
 
 // Process kicks off the analysis process for a given package
-func (gas *Analyzer) Process(packagePath string) error {
+func (gas *Analyzer) Process(packagePaths ...string) error {
+	packageConfig := loader.Config{Build: &build.Default, ParserMode: parser.ParseComments}
+	for _, packagePath := range packagePaths {
+		abspath, _ := filepath.Abs(packagePath)
+		gas.logger.Println("Searching directory:", abspath)
 
-	basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)
-	if err != nil {
-		return err
-	}
+		basePackage, err := build.Default.ImportDir(packagePath, build.ImportComment)
+		if err != nil {
+			return err
+		}
 
-	packageConfig := loader.Config{Build: &build.Default, ParserMode: parser.ParseComments}
-	var packageFiles []string
-	for _, filename := range basePackage.GoFiles {
-		packageFiles = append(packageFiles, path.Join(packagePath, filename))
+		var packageFiles []string
+		for _, filename := range basePackage.GoFiles {
+			packageFiles = append(packageFiles, path.Join(packagePath, filename))
+		}
+
+		packageConfig.CreateFromFilenames(basePackage.Name, packageFiles...)
 	}
 
-	packageConfig.CreateFromFilenames(basePackage.Name, packageFiles...)
 	builtPackage, err := packageConfig.Load()
 	if err != nil {
 		return err

diff --git a/analyzer_test.go b/analyzer_test.go
@@ -73,6 +73,28 @@ var _ = Describe("Analyzer", func() {
 			Expect(metrics.NumFiles).To(Equal(2))
 		})
 
+		It("should be able to analyze mulitple Go packages", func() {
+			analyzer.LoadRules(rules.Generate().Builders()...)
+			pkg1 := testutils.NewTestPackage()
+			pkg2 := testutils.NewTestPackage()
+			defer pkg1.Close()
+			defer pkg2.Close()
+			pkg1.AddFile("foo.go", `
+				package main
+				func main(){
+				}`)
+			pkg2.AddFile("bar.go", `
+				package main
+				func bar(){
+				}`)
+			pkg1.Build()
+			pkg2.Build()
+			err := analyzer.Process(pkg1.Path, pkg2.Path)
+			Expect(err).ShouldNot(HaveOccurred())
+			_, metrics := analyzer.Report()
+			Expect(metrics.NumFiles).To(Equal(2))
+		})
+
 		It("should find errors when nosec is not in use", func() {
 
 			// Rule for MD5 weak crypto usage

diff --git a/cmd/gas/main.go b/cmd/gas/main.go
@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"log"
 	"os"
-	"path/filepath"
 	"regexp"
 	"sort"
 	"strings"
@@ -202,19 +201,19 @@ func main() {
 
 	vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
 
+	var packages []string
 	// Iterate over packages on the import paths
 	for _, pkg := range gotool.ImportPaths(flag.Args()) {
 
 		// Skip vendor directory
 		if vendor.MatchString(pkg) {
 			continue
 		}
+		packages = append(packages, pkg)
+	}
 
-		abspath, _ := filepath.Abs(pkg)
-		logger.Println("Searching directory:", abspath)
-		if err := analyzer.Process(pkg); err != nil {
-			logger.Fatal(err)
-		}
+	if err := analyzer.Process(packages...); err != nil {
+		logger.Fatal(err)
 	}
 
 	// Collect the results