gosec: github.com/securego/gosec/rules Index | Files

package rules

import "github.com/securego/gosec/rules"


Package Files

archive.go bad_defer.go bind.go blocklist.go decompression-bomb.go errors.go fileperms.go hardcoded_credentials.go implicit_aliasing.go integer_overflow.go pprof.go rand.go readfile.go rsa.go rulelist.go sql.go ssh.go ssrf.go subproc.go tempfiles.go templates.go tls.go tls_config.go unsafe.go weakcrypto.go

func NewArchive Uses

func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives

func NewBadTempFile Uses

func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBadTempFile detects direct writes to predictable path in temporary directory

func NewBindsToAllNetworkInterfaces Uses

func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

func NewBlocklistedImportCGI Uses

func NewBlocklistedImportCGI(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlocklistedImportCGI fails if CGI is imported

func NewBlocklistedImportDES Uses

func NewBlocklistedImportDES(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlocklistedImportDES fails if DES is imported

func NewBlocklistedImportMD5 Uses

func NewBlocklistedImportMD5(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlocklistedImportMD5 fails if MD5 is imported

func NewBlocklistedImportRC4 Uses

func NewBlocklistedImportRC4(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlocklistedImportRC4 fails if DES is imported

func NewBlocklistedImportSHA1 Uses

func NewBlocklistedImportSHA1(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewBlocklistedImportSHA1 fails if SHA1 is imported

func NewBlocklistedImports Uses

func NewBlocklistedImports(id string, conf gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node)

NewBlocklistedImports reports when a blocklisted import is being used. Typically when a deprecated technology is being used.

func NewDecompressionBombCheck Uses

func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb

func NewDeferredClosing Uses

func NewDeferredClosing(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewDeferredClosing detects unsafe defer of error returning methods

func NewFilePerms Uses

func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

func NewHardcodedCredentials Uses

func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

func NewImplicitAliasing Uses

func NewImplicitAliasing(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...}

func NewIntegerOverflowCheck Uses

func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewIntegerOverflowCheck detects if there is potential Integer OverFlow

func NewIntermediateTLSCheck Uses

func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewMkdirPerms Uses

func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

func NewModernTLSCheck Uses

func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewNoErrorCheck Uses

func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewNoErrorCheck detects if the returned error is unchecked

func NewOldTLSCheck Uses

func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool

func NewPprofCheck Uses

func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewPprofCheck detects when the profiling endpoint is automatically exposed

func NewReadFile Uses

func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewReadFile detects cases where we read files

func NewSQLStrConcat Uses

func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation

func NewSQLStrFormat Uses

func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings

func NewSSHHostKey Uses

func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

func NewSSRFCheck Uses

func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSSRFCheck detects cases where HTTP requests are sent

func NewSubproc Uses

func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewSubproc detects cases where we are forking out to an external process

func NewTemplateCheck Uses

func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewTemplateCheck constructs the template check rule. This rule is used to find use of templates where HTML/JS escaping is not being used

func NewUsesWeakCryptography Uses

func NewUsesWeakCryptography(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*

func NewUsingUnsafe Uses

func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewUsingUnsafe rule detects the use of the unsafe package. This is only really useful for auditing purposes.

func NewWeakKeyStrength Uses

func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits

func NewWeakRandCheck Uses

func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure

func NewWritePerms Uses

func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node)

NewWritePerms creates a rule to detect file Writes with bad permissions.

type RuleDefinition Uses

type RuleDefinition struct {
    ID          string
    Description string
    Create      gosec.RuleBuilder

RuleDefinition contains the description of a rule and a mechanism to create it.

type RuleFilter Uses

type RuleFilter func(string) bool

RuleFilter can be used to include or exclude a rule depending on the return value of the function

func NewRuleFilter Uses

func NewRuleFilter(action bool, ruleIDs ...string) RuleFilter

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

type RuleList Uses

type RuleList map[string]RuleDefinition

RuleList is a mapping of rule ID's to rule definitions

func Generate Uses

func Generate(filters ...RuleFilter) RuleList

Generate the list of rules to use

func (RuleList) Builders Uses

func (rl RuleList) Builders() map[string]gosec.RuleBuilder

Builders returns all the create methods for a given rule list

Package rules imports 10 packages (graph). Updated 2020-09-15. Refresh now. Tools for package owners.