Skip to content

Commit

Permalink
Adding a config block to the analyzer, parsed from JSON
Browse files Browse the repository at this point in the history 
A CLI option can now be given to tell GAS it should parse data
from a JSON file. Fatal errors are given if the file is not
readable or is not valid JSON.
  • Loading branch information
Tim Kelsey committed Aug 1, 2016
1 parent 8261ee5 commit d4367de
Show file tree
Hide file tree
Showing 17 changed files with 75 additions and 48 deletions.
20 changes: 18 additions & 2 deletions core/analyzer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@
package core

import (
"encoding/json"
"go/ast"
"go/importer"
"go/parser"
"go/token"
"go/types"
"io/ioutil"
"log"
"os"
"reflect"
Expand Down Expand Up @@ -53,19 +55,33 @@ type Analyzer struct {
logger *log.Logger
Issues []Issue `json:"issues"`
Stats Metrics `json:"metrics"`
Config map[string]interface{}
}

func NewAnalyzer(ignoreNosec bool, logger *log.Logger) Analyzer {
func NewAnalyzer(ignoreNosec bool, conf *string, logger *log.Logger) Analyzer {
if logger == nil {
logger = log.New(os.Stdout, "[gas]", 0)
}
return Analyzer{
a := Analyzer{
ignoreNosec: ignoreNosec,
ruleset: make(RuleSet),
Issues: make([]Issue, 0),
context: Context{token.NewFileSet(), nil, nil, nil},
logger: logger,
Config: nil,
}

if conf != nil && *conf != "" { // if we have a config
if data, err := ioutil.ReadFile(*conf); err == nil {
if err := json.Unmarshal(data, &(a.Config)); err != nil {
logger.Fatal("Could not parse JSON config: ", *conf, ": ", err)
}
} else {
logger.Fatal("Could not read config file: ", *conf)
}
}

return a
}

func (gas *Analyzer) process(filename string, source interface{}) error {
Expand Down
4 changes: 3 additions & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ var flagFormat = flag.String("fmt", "text", "Set output format. Valid options ar
// output file
var flagOutput = flag.String("out", "", "Set output file for results")

var flagConfig = flag.String("conf", "", "Path to optional config file")

var usageText = `
GAS - Go AST Scanner
Expand Down Expand Up @@ -99,7 +101,7 @@ func main() {
}

// Setup analyzer
analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, logger)
analyzer := gas.NewAnalyzer(*flagIgnoreNoSec, flagConfig, logger)
if !rules.overwritten {
rules.useDefaults()
}
Expand Down
7 changes: 4 additions & 3 deletions rules/bind_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestBind0000(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBindsToAllNetworkInterfaces())

issues := gasTestRunner(`
Expand All @@ -41,7 +42,7 @@ func TestBind0000(t *testing.T) {
}

func TestBindEmptyHost(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBindsToAllNetworkInterfaces())

issues := gasTestRunner(`
Expand Down
6 changes: 3 additions & 3 deletions rules/errors_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestErrorsMulti(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck())

issues := gasTestRunner(
Expand All @@ -43,7 +43,7 @@ func TestErrorsMulti(t *testing.T) {
}

func TestErrorsSingle(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck())

issues := gasTestRunner(
Expand All @@ -65,7 +65,7 @@ func TestErrorsSingle(t *testing.T) {
}

func TestErrorsGood(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewNoErrorCheck())

issues := gasTestRunner(
Expand Down
7 changes: 4 additions & 3 deletions rules/fileperms_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestChmod(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewChmodPerms())

issues := gasTestRunner(`
Expand All @@ -35,7 +36,7 @@ func TestChmod(t *testing.T) {
}

func TestMkdir(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewMkdirPerms())

issues := gasTestRunner(`
Expand Down
5 changes: 3 additions & 2 deletions rules/hardcoded_credentials_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestHardcoded(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewHardcodedCredentials())

issues := gasTestRunner(
Expand Down
2 changes: 1 addition & 1 deletion rules/httpoxy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestHttpoxy(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewHttpoxyTest())

issues := gasTestRunner(`
Expand Down
4 changes: 2 additions & 2 deletions rules/nosec_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestNosec(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc())

issues := gasTestRunner(
Expand All @@ -39,7 +39,7 @@ func TestNosec(t *testing.T) {
}

func TestNosecBlock(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc())

issues := gasTestRunner(
Expand Down
4 changes: 2 additions & 2 deletions rules/rand_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestRandOk(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakRandCheck())

issues := gasTestRunner(
Expand All @@ -38,7 +38,7 @@ func TestRandOk(t *testing.T) {
}

func TestRandBad(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakRandCheck())

issues := gasTestRunner(
Expand Down
5 changes: 3 additions & 2 deletions rules/rsa_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestRSAKeys(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewWeakKeyStrength())

issues := gasTestRunner(
Expand Down
12 changes: 6 additions & 6 deletions rules/sql_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestSQLInjectionViaConcatenation(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat())

source := `
Expand All @@ -48,7 +48,7 @@ func TestSQLInjectionViaConcatenation(t *testing.T) {
}

func TestSQLInjectionViaIntepolation(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrFormat())

source := `
Expand Down Expand Up @@ -77,7 +77,7 @@ func TestSQLInjectionViaIntepolation(t *testing.T) {
}

func TestSQLInjectionFalsePositiveA(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat())

Expand Down Expand Up @@ -112,7 +112,7 @@ func TestSQLInjectionFalsePositiveA(t *testing.T) {
}

func TestSQLInjectionFalsePositiveB(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat())

Expand Down Expand Up @@ -147,7 +147,7 @@ func TestSQLInjectionFalsePositiveB(t *testing.T) {
}

func TestSQLInjectionFalsePositiveC(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat())

Expand Down Expand Up @@ -182,7 +182,7 @@ func TestSQLInjectionFalsePositiveC(t *testing.T) {
}

func TestSQLInjectionFalsePositiveD(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSqlStrConcat())
analyzer.AddRule(NewSqlStrFormat())

Expand Down
9 changes: 5 additions & 4 deletions rules/subproc_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestSubprocess(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc())

issues := gasTestRunner(`
Expand All @@ -46,7 +47,7 @@ func TestSubprocess(t *testing.T) {
}

func TestSubprocessVar(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc())

issues := gasTestRunner(`
Expand All @@ -73,7 +74,7 @@ func TestSubprocessVar(t *testing.T) {
}

func TestSubprocessPath(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewSubproc())

issues := gasTestRunner(`
Expand Down
5 changes: 3 additions & 2 deletions rules/tempfiles_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestTempfiles(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewBadTempFile())

source := `
Expand Down
11 changes: 6 additions & 5 deletions rules/templates_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@
package rules

import (
gas "github.com/HewlettPackard/gas/core"
"testing"

gas "github.com/HewlettPackard/gas/core"
)

func TestTemplateCheckSafe(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck())

source := `
Expand All @@ -47,7 +48,7 @@ func TestTemplateCheckSafe(t *testing.T) {
}

func TestTemplateCheckBadHTML(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck())

source := `
Expand Down Expand Up @@ -75,7 +76,7 @@ func TestTemplateCheckBadHTML(t *testing.T) {
}

func TestTemplateCheckBadJS(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck())

source := `
Expand Down Expand Up @@ -103,7 +104,7 @@ func TestTemplateCheckBadJS(t *testing.T) {
}

func TestTemplateCheckBadURL(t *testing.T) {
analyzer := gas.NewAnalyzer(false, nil)
analyzer := gas.NewAnalyzer(false, nil, nil)
analyzer.AddRule(NewTemplateCheck())

source := `
Expand Down
Loading

0 comments on commit d4367de

Please sign in to comment.