forked from securego/gosec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
issue_test.go
137 lines (123 loc) · 3.62 KB
/
issue_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
package gosec_test
import (
"go/ast"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/securego/gosec/v2"
"github.com/securego/gosec/v2/rules"
"github.com/securego/gosec/v2/testutils"
)
var _ = Describe("Issue", func() {
Context("when creating a new issue", func() {
It("should create a code snippet from the specified ast.Node", func() {
var target *ast.BasicLit
source := `package main
const foo = "bar"
func main(){
println(foo)
}
`
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if node, ok := n.(*ast.BasicLit); ok {
target = node
return false
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
issue := gosec.NewIssue(ctx, target, "TEST", "", gosec.High, gosec.High)
Expect(issue).ShouldNot(BeNil())
Expect(issue.Code).Should(MatchRegexp(`"bar"`))
Expect(issue.Line).Should(Equal("2"))
Expect(issue.Col).Should(Equal("16"))
Expect(issue.Cwe).Should(BeNil())
})
It("should return an error if specific context is not able to be obtained", func() {
Skip("Not implemented")
})
It("should construct file path based on line and file information", func() {
var target *ast.AssignStmt
source := `package main
import "fmt"
func main() {
username := "admin"
password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
fmt.Println("Doing something with: ", username, password)
}`
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if node, ok := n.(*ast.AssignStmt); ok {
if id, ok := node.Lhs[0].(*ast.Ident); ok && id.Name == "password" {
target = node
}
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
// Use hardcodeded rule to check assignment
cfg := gosec.NewConfig()
rule, _ := rules.NewHardcodedCredentials("TEST", cfg)
issue, err := rule.Match(target, ctx)
Expect(err).ShouldNot(HaveOccurred())
Expect(issue).ShouldNot(BeNil())
Expect(issue.FileLocation()).Should(MatchRegexp("foo.go:5"))
})
It("should provide accurate line and file information", func() {
Skip("Not implemented")
})
It("should provide accurate line and file information for multi-line statements", func() {
var target *ast.CallExpr
source := `
package main
import (
"net"
)
func main() {
_, _ := net.Listen("tcp",
"0.0.0.0:2000")
}
`
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", source)
ctx := pkg.CreateContext("foo.go")
v := testutils.NewMockVisitor()
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if node, ok := n.(*ast.CallExpr); ok {
target = node
}
return true
}
v.Context = ctx
ast.Walk(v, ctx.Root)
Expect(target).ShouldNot(BeNil())
cfg := gosec.NewConfig()
rule, _ := rules.NewBindsToAllNetworkInterfaces("TEST", cfg)
issue, err := rule.Match(target, ctx)
Expect(err).ShouldNot(HaveOccurred())
Expect(issue).ShouldNot(BeNil())
Expect(issue.File).Should(MatchRegexp("foo.go"))
Expect(issue.Line).Should(MatchRegexp("7-8"))
Expect(issue.Col).Should(Equal("10"))
})
It("should maintain the provided severity score", func() {
Skip("Not implemented")
})
It("should maintain the provided confidence score", func() {
Skip("Not implemented")
})
})
})