gosec: github.com/securego/gosec/rules Index | Files

package rules

import "github.com/securego/gosec/rules"


Package Files

archive.go big.go bind.go blacklist.go errors.go fileperms.go hardcoded_credentials.go rand.go readfile.go rsa.go rulelist.go sql.go ssh.go ssrf.go subproc.go tempfiles.go templates.go tls.go tls_config.go unsafe.go weakcrypto.go

func NewArchive Uses

func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewArchive creates a new rule which detects the file traversal when extracting zip archives

func NewBadTempFile Uses

func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBadTempFile detects direct writes to predictable path in temporary directory

func NewBindsToAllNetworkInterfaces Uses

func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

func NewBlacklistedImportCGI Uses

func NewBlacklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportCGI fails if CGI is imported

func NewBlacklistedImportDES Uses

func NewBlacklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportDES fails if DES is imported

func NewBlacklistedImportMD5 Uses

func NewBlacklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportMD5 fails if MD5 is imported

func NewBlacklistedImportRC4 Uses

func NewBlacklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportRC4 fails if DES is imported

func NewBlacklistedImportSHA1 Uses

func NewBlacklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlacklistedImportSHA1 fails if SHA1 is imported

func NewBlacklistedImports Uses

func NewBlacklistedImports(id string, conf gosec.Config, blacklist map[string]string) (gosec.Rule, []ast.Node)

NewBlacklistedImports reports when a blacklisted import is being used. Typically when a deprecated technology is being used.

func NewFilePerms Uses

func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

func NewHardcodedCredentials Uses

func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

func NewIntermediateTLSCheck Uses

func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewMkdirPerms Uses

func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

func NewModernTLSCheck Uses

func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewNoErrorCheck Uses

func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewNoErrorCheck detects if the returned error is unchecked

func NewOldTLSCheck Uses

func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewReadFile Uses

func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewReadFile detects cases where we read files

func NewSQLStrConcat Uses

func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation

func NewSQLStrFormat Uses

func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings

func NewSSHHostKey Uses

func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

func NewSSRFCheck Uses

func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSRFCheck detects cases where HTTP requests are sent

func NewSubproc Uses

func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSubproc detects cases where we are forking out to an external process

func NewTemplateCheck Uses

func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewTemplateCheck constructs the template check rule. This rule is used to find use of templates where HTML/JS escaping is not being used

func NewUsesWeakCryptography Uses

func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*

func NewUsingBigExp Uses

func NewUsingBigExp(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingBigExp detects issues with modulus == 0 for Bignum

func NewUsingUnsafe Uses

func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingUnsafe rule detects the use of the unsafe package. This is only really useful for auditing purposes.

func NewWeakKeyStrength Uses

func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits

func NewWeakRandCheck Uses

func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure

type RuleDefinition Uses

type RuleDefinition struct {
    ID          string
    Description string
    Create      gosec.RuleBuilder

RuleDefinition contains the description of a rule and a mechanism to create it.

type RuleFilter Uses

type RuleFilter func(string) bool

RuleFilter can be used to include or exclude a rule depending on the return value of the function

func NewRuleFilter Uses

func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

type RuleList Uses

type RuleList map[string]RuleDefinition

RuleList is a mapping of rule ID's to rule definitions

func Generate Uses

func Generate(filters ...RuleFilter) RuleList

Generate the list of rules to use

func (RuleList) Builders Uses

func (rl RuleList) Builders() map[string]gosec.RuleBuilder

Builders returns all the create methods for a given rule list

Package rules imports 8 packages (graph) and is imported by 1 packages. Updated 2019-07-01. Refresh now. Tools for package owners.