The highest tagged major version is v3-unstable.

rules

package

v3.0.0 Latest Latest Go to latest Published: Jan 29, 2019 License: MIT, Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/alecthomas/gometalinter

Links

Open Source Insights

Documentation ¶

Index ¶

func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)
func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewUsingBigExp(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)
type RuleDefinition
type RuleFilter
- func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter
type RuleList
- func Generate(filters ...RuleFilter) RuleList
- func (rl RuleList) Builders() map[string]gosec.RuleBuilder

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewArchive ¶

func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewArchive creates a new rule which detects the file traversal when extracting zip archives

func NewBadTempFile ¶

func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBadTempFile detects direct writes to predictable path in temporary directory

func NewBindsToAllNetworkInterfaces ¶

func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

func NewBlacklistedImportCGI ¶

func NewBlacklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportCGI fails if CGI is imported

func NewBlacklistedImportDES ¶

func NewBlacklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportDES fails if DES is imported

func NewBlacklistedImportMD5 ¶

func NewBlacklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportMD5 fails if MD5 is imported

func NewBlacklistedImportRC4 ¶

func NewBlacklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportRC4 fails if DES is imported

func NewBlacklistedImportSHA1 ¶

func NewBlacklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportSHA1 fails if SHA1 is imported

func NewBlacklistedImports ¶

func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)

NewBlacklistedImports reports when a blacklisted import is being used. Typically when a deprecated technology is being used.

func NewFilePerms ¶

func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

func NewHardcodedCredentials ¶

func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

func NewIntermediateTLSCheck ¶

func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewMkdirPerms ¶

func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

func NewModernTLSCheck ¶

func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewNoErrorCheck ¶

func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewNoErrorCheck detects if the returned error is unchecked

func NewOldTLSCheck ¶

func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewReadFile ¶

func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewReadFile detects cases where we read files

func NewSQLStrConcat ¶

func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation

func NewSQLStrFormat ¶

func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings

func NewSSHHostKey ¶

func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

func NewSSRFCheck ¶

func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSRFCheck detects cases where HTTP requests are sent

func NewSubproc ¶

func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSubproc detects cases where we are forking out to an external process

func NewTemplateCheck ¶

func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewTemplateCheck constructs the template check rule. This rule is used to find use of tempaltes where HTML/JS escaping is not being used

func NewUsesWeakCryptography ¶

func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*

func NewUsingBigExp ¶

func NewUsingBigExp(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingBigExp detects issues with modulus == 0 for Bignum

func NewUsingUnsafe ¶

func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingUnsafe rule detects the use of the unsafe package. This is only really useful for auditing purposes.

func NewWeakKeyStrength ¶

func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits

func NewWeakRandCheck ¶

func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure

Types ¶

type RuleDefinition ¶

type RuleDefinition struct {
	ID          string
	Description string
	Create      gosec.RuleBuilder
}

RuleDefinition contains the description of a rule and a mechanism to create it.

type RuleFilter ¶

type RuleFilter func(string) bool

RuleFilter can be used to include or exclude a rule depending on the return value of the function

func NewRuleFilter ¶

func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

type RuleList ¶

type RuleList map[string]RuleDefinition

RuleList is a mapping of rule ID's to rule definitions

func Generate ¶

func Generate(filters ...RuleFilter) RuleList

Generate the list of rules to use

func (RuleList) Builders ¶

func (rl RuleList) Builders() map[string]gosec.RuleBuilder

Builders returns all the create methods for a given rule list

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL