From bd8a79aca2ccb7ceb5f444f6e3fe4d05451cdb97 Mon Sep 17 00:00:00 2001 From: Ian Cardoso Date: Mon, 10 Jan 2022 15:05:19 -0300 Subject: [PATCH] engine:chore - update to new engine Signed-off-by: Ian Cardoso --- cmd/app/main.go | 1 - go.mod | 4 +- go.sum | 167 +--- internal/services/custom_rules/custom_rule.go | 6 +- internal/services/custom_rules/service.go | 6 +- internal/services/engines/csharp/rules.go | 296 +++---- .../services/engines/csharp/rules_test.go | 42 +- internal/services/engines/dart/rules.go | 68 +- internal/services/engines/dart/rules_test.go | 332 ++++---- internal/services/engines/java/rules.go | 600 +++++++------- internal/services/engines/java/rules_test.go | 750 ++++++++++-------- internal/services/engines/javascript/rules.go | 212 ++--- .../services/engines/javascript/rules_test.go | 321 +++++--- internal/services/engines/jvm/rules.go | 160 ++-- internal/services/engines/kubernetes/rules.go | 36 +- .../services/engines/kubernetes/rules_test.go | 23 +- .../services/engines/leaks/rule_manager.go | 2 +- internal/services/engines/leaks/rules.go | 112 +-- internal/services/engines/leaks/rules_test.go | 541 +++++++------ internal/services/engines/nginx/rules.go | 16 +- internal/services/engines/nginx/rules_test.go | 80 +- internal/services/engines/rules.go | 18 +- internal/services/engines/rules_test.go | 4 +- internal/services/engines/swift/rules.go | 96 +-- internal/services/engines/swift/rules_test.go | 41 +- .../formatters/default_engine_formatter.go | 24 +- .../default_engine_formatter_test.go | 6 +- internal/utils/testutil/rules_test_generic.go | 27 +- 28 files changed, 2088 insertions(+), 1903 deletions(-) diff --git a/cmd/app/main.go b/cmd/app/main.go index 6b32121f9..a45a21d3c 100644 --- a/cmd/app/main.go +++ b/cmd/app/main.go @@ -85,7 +85,6 @@ horusec start -p="/home/user/projects/my-project" cobra.OnInitialize(func() { engine.SetLogLevel(cfg.LogLevel) }) - if err := rootCmd.Execute(); err != nil { os.Exit(1) } diff --git a/go.mod b/go.mod index a79014899..7a1bcef5b 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/ZupIT/horusec-devkit v1.0.21 - github.com/ZupIT/horusec-engine v0.3.6 + github.com/ZupIT/horusec-engine v0.3.7-0.20220112184418-f2d0d1a367f5 github.com/bmatcuk/doublestar/v4 v4.0.2 github.com/briandowns/spinner v1.18.0 github.com/docker/docker v20.10.9+incompatible @@ -52,6 +52,7 @@ require ( github.com/morikuni/aec v1.0.0 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/panjf2000/ants/v2 v2.4.7 // indirect github.com/pelletier/go-toml v1.9.4 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -62,6 +63,7 @@ require ( github.com/subosito/gotenv v1.2.0 // indirect golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 // indirect + golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/sys v0.0.0-20211210111614-af8b64212486 // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect diff --git a/go.sum b/go.sum index a961e944c..847af65b9 100644 --- a/go.sum +++ b/go.sum @@ -36,7 +36,6 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= @@ -65,7 +64,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= @@ -93,43 +91,29 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/ZupIT/horusec-devkit v1.0.17/go.mod h1:wTsXrXTD1YrChTQEng8EvVg+zL9nMUIQkhUG85sQwuQ= github.com/ZupIT/horusec-devkit v1.0.21 h1:vAY0/DV+EMdfSae6cu8lF0UpGrJe1uuMW3H/TDznvdE= github.com/ZupIT/horusec-devkit v1.0.21/go.mod h1:ZNpTXWcN0tG7jHokH12Zi94Y2iiV1qxslElvfSD/kDE= -github.com/ZupIT/horusec-engine v0.3.6 h1:m/kL9K8+OVAaYjagoDmNFFDEA3BnyJbcx0DfNYGyaDM= -github.com/ZupIT/horusec-engine v0.3.6/go.mod h1:s3SZQ9gXXlEcIagEuopZJga+Dw6RBFWMD7Rh5A+tIys= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/ZupIT/horusec-engine v0.3.7-0.20220112184418-f2d0d1a367f5 h1:a5lfncSNhDvej2yG0EOzjrtkKFGs7vzwWOed3UOElWI= +github.com/ZupIT/horusec-engine v0.3.7-0.20220112184418-f2d0d1a367f5/go.mod h1:2UnR/7fwhzqpvq8Bt9HYPNqISQlYLocsU0LvJLmNkck= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= -github.com/antchfx/xmlquery v1.3.6/go.mod h1:64w0Xesg2sTaawIdNqMB+7qaW/bSqkQm+ssPaCMWNnc= -github.com/antchfx/xpath v1.1.10/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk= -github.com/antchfx/xpath v1.2.0/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/auth0/go-jwt-middleware v1.0.1/go.mod h1:YSeUX3z6+TF2H+7padiEqNJ73Zy9vXW72U//IgN0BIM= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -137,7 +121,6 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmatcuk/doublestar/v4 v4.0.2 h1:X0krlUVAVmtr2cRoTqR8aDMrDqnB36ht8wpWTiQ3jsA= @@ -151,8 +134,6 @@ github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx2 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -174,7 +155,6 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -188,7 +168,6 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= @@ -275,7 +254,6 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= @@ -328,14 +306,9 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -354,8 +327,6 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -365,7 +336,6 @@ github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXt github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/cors v1.2.0/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= github.com/go-enry/go-enry/v2 v2.8.0 h1:KMW4mSG+8uUF6FaD3iPkFqyfC5tF8gRrsYImq6yhHzo= @@ -378,7 +348,6 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -407,7 +376,6 @@ github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/ github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gocarina/gocsv v0.0.0-20211203214250-4735fba0c1d9 h1:ptTza/LLPmfRtmz77X+6J61Wyf5e1hz5xYMvRk/hkE4= @@ -417,13 +385,10 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= @@ -465,7 +430,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -523,12 +487,8 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20210420193930-a4630ec28c79/go.mod h1:Opf9rtYVq0eTyX+aRVmRO9hE8ERAozcdrBxWG9Q6mkQ= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= @@ -542,12 +502,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -563,31 +519,24 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1: github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -599,7 +548,6 @@ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -607,14 +555,9 @@ github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgO github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA= github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE= github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s= -github.com/jackc/pgconn v1.4.0/go.mod h1:Y2O3ZDF0q4mMacyWV3AstPJpeHXWGEetiFttmq5lahk= -github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI= -github.com/jackc/pgconn v1.5.1-0.20200601181101-fa742c524853/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI= github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= -github.com/jackc/pgconn v1.8.1/go.mod h1:JV6m6b6jhjdmzchES0drzCcYcAHS1OPD5xu3OZ/lE2g= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.10.0/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= @@ -626,36 +569,22 @@ github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= -github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= -github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0= -github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkALtxZMCH411K+tKzNpwzCKU+AnPzBKZ+I+Po= -github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ= -github.com/jackc/pgtype v1.7.0/go.mod h1:ZnHF+rMePVqDKaOfJVI4Q8IVvAQMryDlDkZnKOI75BE= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.8.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= -github.com/jackc/pgx/v4 v4.5.0/go.mod h1:EpAKPLdnTorwmPUUsqrPxy5fphV18j9q3wrfRXgo+kA= -github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6fOLDxqtlyhe9UWgfIi9R8+8v8GKV5TRA/o= -github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg= -github.com/jackc/pgx/v4 v4.11.0/go.mod h1:i62xJgdrtVDsnL3U8ekyrQXEwGNTRoG7/8r+CIdYfcc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.13.0/go.mod h1:9P4X524sErlaxj0XSGZk7s+LD0eOyu1ZDUrrpznYDF0= github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= @@ -663,13 +592,11 @@ github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/ github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -703,17 +630,12 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/magefile/mage v1.12.1 h1:oGdAbhIUd6iKamKlDGVtU6XGdy5SgNuCWn7gCTgHDtU= github.com/magefile/mage v1.12.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -737,7 +659,6 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -754,13 +675,9 @@ github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT github.com/migueleliasweb/go-github-mock v0.0.5 h1:oCUwIPIknszT0DkjGT3VfILe1FgUDaNgEnj4w8mTZZA= github.com/migueleliasweb/go-github-mock v0.0.5/go.mod h1:gTpcHVcrBxK35OOQP3aGrgQypxvEoFTvtR0VGaEs2VM= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= @@ -786,28 +703,16 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= -github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= -github.com/neelance/sourcemap v0.0.0-20200213170602-2833bce08e4c/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -817,14 +722,12 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -851,35 +754,23 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/panjf2000/ants/v2 v2.4.7 h1:MZnw2JRyTJxFwtaMtUJcwE618wKD04POWk2gwwP4E2M= +github.com/panjf2000/ants/v2 v2.4.7/go.mod h1:f6F0NZVFsGCp5A7QW/Zj/m92atWwOkY0OIhFxRNFr4A= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pborman/ansi v1.0.0 h1:OqjHMhvlSuCCV5JT07yqPuJPQzQl+WXsiZ14gZsqOrQ= github.com/pborman/ansi v1.0.0/go.mod h1:SgWzwMAx1X/Ez7i90VqF8LRiQtx52pWDiQP+x3iGnzw= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -888,36 +779,28 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.31.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -929,7 +812,6 @@ github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -942,15 +824,11 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/sagikazarmark/crypt v0.4.0/go.mod h1:ALv2SRj7GxYV4HO9elxH9nS6M9gW+xDNxqmyJ6RfDFM= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= -github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= @@ -963,11 +841,9 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= -github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -980,7 +856,6 @@ github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= @@ -993,15 +868,11 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk= github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1020,7 +891,6 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14/go.mod h1:gxQT6pBGRuIGunNf/+tSOB5OHvguWi8Tbt82WOkf35E= github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w= -github.com/swaggo/http-swagger v1.1.1/go.mod h1:cKIcshBU9yEAnfWv6ZzVKSsEf8h5ozxB8/zHQWyOQ/8= github.com/swaggo/http-swagger v1.1.2/go.mod h1:mX5nhypDmoSt4iw2mc5aKXxRFvp1CLLcCiog2B9M+Ro= github.com/swaggo/swag v1.7.0/go.mod h1:BdPIL73gvS9NBsdi7M1JOxLvlbfvNRaBP8m6WT6Aajo= github.com/swaggo/swag v1.7.3/go.mod h1:zD8h6h4SPv7t3l+4BKdRquqW1ASWjKZgT6Qv9z3kNqI= @@ -1063,14 +933,11 @@ github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxt go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1104,10 +971,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1116,7 +981,6 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI= golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -1162,10 +1026,8 @@ golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1196,7 +1058,6 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -1214,7 +1075,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -1247,6 +1107,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1289,7 +1150,6 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1377,7 +1237,6 @@ golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1402,7 +1261,6 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1453,7 +1311,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1488,7 +1345,6 @@ google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3h google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -1502,7 +1358,6 @@ google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -1566,13 +1421,10 @@ google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -1628,11 +1480,9 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= @@ -1642,13 +1492,13 @@ gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -1657,10 +1507,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gorm.io/driver/postgres v1.1.0/go.mod h1:hXQIwafeRjJvUm+OMxcFWyswJ/vevcpPLlGocwAwuqw= gorm.io/driver/postgres v1.2.3/go.mod h1:pJV6RgYQPG47aM1f0QeOzFH9HxQc8JcmAgjRCgS0wjs= -gorm.io/gorm v1.21.9/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= -gorm.io/gorm v1.21.11/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= gorm.io/gorm v1.22.3/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= gorm.io/gorm v1.22.4/go.mod h1:1aeVC+pe9ZmvKZban/gW4QPra7PRoTEssyc922qCAkk= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= @@ -1668,7 +1515,6 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1710,4 +1556,3 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/internal/services/custom_rules/custom_rule.go b/internal/services/custom_rules/custom_rule.go index 702df6a93..308947747 100644 --- a/internal/services/custom_rules/custom_rule.go +++ b/internal/services/custom_rules/custom_rule.go @@ -151,9 +151,9 @@ func (r ruleIDValidator) Validate(value interface{}) error { func (r ruleIDValidator) valiteDuplicates(id string, rules []engine.Rule) error { for _, rule := range rules { - // Custom rules is converted to text.TextRule, so we only need - // to check duplicates in text.TextRule rules. - if r, ok := rule.(text.TextRule); ok { + // Custom rules is converted to text.Rule, so we only need + // to check duplicates in text.Rule rules. + if r, ok := rule.(*text.Rule); ok { if r.ID == id { return fmt.Errorf("duplicate rule id %s", id) } diff --git a/internal/services/custom_rules/service.go b/internal/services/custom_rules/service.go index 9f3e0f15b..01b618b86 100644 --- a/internal/services/custom_rules/service.go +++ b/internal/services/custom_rules/service.go @@ -84,7 +84,7 @@ func (s *Service) validateAndParseCustomRule(rule *CustomRule) { } s.customRules[rule.Language] = append( - s.customRules[rule.Language], s.parseCustomRuleToTextRule(rule), + s.customRules[rule.Language], s.parseCustomRuleToRule(rule), ) } @@ -102,8 +102,8 @@ func (s *Service) openCustomRulesJSONFile() (customRules []*CustomRule, err erro return customRules, json.Unmarshal(bytes, &customRules) } -func (s *Service) parseCustomRuleToTextRule(rule *CustomRule) text.TextRule { - return text.TextRule{ +func (s *Service) parseCustomRuleToRule(rule *CustomRule) engine.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: rule.ID, Name: rule.Name, diff --git a/internal/services/engines/csharp/rules.go b/internal/services/engines/csharp/rules.go index 09982c419..385e8ac2f 100644 --- a/internal/services/engines/csharp/rules.go +++ b/internal/services/engines/csharp/rules.go @@ -25,8 +25,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewCommandInjection() text.TextRule { - return text.TextRule{ +func NewCommandInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-1", Name: "Command Injection", @@ -43,8 +43,8 @@ func NewCommandInjection() text.TextRule { } } -func NewXPathInjection() text.TextRule { - return text.TextRule{ +func NewXPathInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-2", Name: "XPath Injection", @@ -61,8 +61,8 @@ func NewXPathInjection() text.TextRule { } } -func NewExternalEntityInjection() text.TextRule { - return text.TextRule{ +func NewExternalEntityInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-3", Name: "XML eXternal Entity Injection (XXE)", @@ -82,8 +82,8 @@ func NewExternalEntityInjection() text.TextRule { } } -func NewPathTraversal() text.TextRule { - return text.TextRule{ +func NewPathTraversal() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-4", Name: "Path Traversal", @@ -100,8 +100,8 @@ func NewPathTraversal() text.TextRule { } } -func NewSQLInjectionWebControls() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWebControls() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-5", Name: "SQL Injection WebControls", @@ -117,8 +117,8 @@ func NewSQLInjectionWebControls() text.TextRule { } } -func NewWeakCipherOrCBCOrECBMode() text.TextRule { - return text.TextRule{ +func NewWeakCipherOrCBCOrECBMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-6", Name: "Weak Cipher Mode", @@ -137,8 +137,8 @@ func NewWeakCipherOrCBCOrECBMode() text.TextRule { } } -func NewFormsAuthenticationCookielessMode() text.TextRule { - return text.TextRule{ +func NewFormsAuthenticationCookielessMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-7", Name: "Forms Authentication Cookieless Mode", @@ -154,8 +154,8 @@ func NewFormsAuthenticationCookielessMode() text.TextRule { } } -func NewFormsAuthenticationCrossAppRedirects() text.TextRule { - return text.TextRule{ +func NewFormsAuthenticationCrossAppRedirects() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-8", Name: "Forms Authentication Cross App Redirects", @@ -172,8 +172,8 @@ func NewFormsAuthenticationCrossAppRedirects() text.TextRule { } } -func NewFormsAuthenticationWeakCookieProtection() text.TextRule { - return text.TextRule{ +func NewFormsAuthenticationWeakCookieProtection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-9", Name: "Forms Authentication Weak Cookie Protection", @@ -190,8 +190,8 @@ func NewFormsAuthenticationWeakCookieProtection() text.TextRule { } } -func NewFormsAuthenticationWeakTimeout() text.TextRule { - return text.TextRule{ +func NewFormsAuthenticationWeakTimeout() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-10", Name: "Forms Authentication Weak Timeout", @@ -208,8 +208,8 @@ func NewFormsAuthenticationWeakTimeout() text.TextRule { } } -func NewHeaderCheckingDisabled() text.TextRule { - return text.TextRule{ +func NewHeaderCheckingDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-11", Name: "Header Checking Disabled", @@ -225,8 +225,8 @@ func NewHeaderCheckingDisabled() text.TextRule { } } -func NewVersionHeaderEnabled() text.TextRule { - return text.TextRule{ +func NewVersionHeaderEnabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-12", Name: "Version Header Enabled", @@ -242,8 +242,8 @@ func NewVersionHeaderEnabled() text.TextRule { } } -func NewEventValidationDisabled() text.TextRule { - return text.TextRule{ +func NewEventValidationDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-13", Name: "Event Validation Disabled", @@ -259,8 +259,8 @@ func NewEventValidationDisabled() text.TextRule { } } -func NewWeakSessionTimeout() text.TextRule { - return text.TextRule{ +func NewWeakSessionTimeout() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-14", Name: "Weak Session Timeout", @@ -276,8 +276,8 @@ func NewWeakSessionTimeout() text.TextRule { } } -func NewStateServerMode() text.TextRule { - return text.TextRule{ +func NewStateServerMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-15", Name: "Weak Session Timeout", @@ -293,8 +293,8 @@ func NewStateServerMode() text.TextRule { } } -func NewJwtSignatureValidationDisabled() text.TextRule { - return text.TextRule{ +func NewJwtSignatureValidationDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-16", Name: "Jwt Signature Validation Disabled", @@ -312,8 +312,8 @@ func NewJwtSignatureValidationDisabled() text.TextRule { } } -func NewInsecureHttpCookieTransport() text.TextRule { - return text.TextRule{ +func NewInsecureHttpCookieTransport() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-17", Name: "Insecure Http Cookie Transport", @@ -329,8 +329,8 @@ func NewInsecureHttpCookieTransport() text.TextRule { } } -func NewHttpCookieAccessibleViaScript() text.TextRule { - return text.TextRule{ +func NewHttpCookieAccessibleViaScript() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-18", Name: "Http Cookie Accessible Via Script", @@ -346,8 +346,8 @@ func NewHttpCookieAccessibleViaScript() text.TextRule { } } -func NewDirectoryListingEnabled() text.TextRule { - return text.TextRule{ +func NewDirectoryListingEnabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-19", Name: "Directory Listing Enabled", @@ -363,8 +363,8 @@ func NewDirectoryListingEnabled() text.TextRule { } } -func NewLdapAuthenticationDisabled() text.TextRule { - return text.TextRule{ +func NewLdapAuthenticationDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-20", Name: "Ldap Authentication Disabled", @@ -380,8 +380,8 @@ func NewLdapAuthenticationDisabled() text.TextRule { } } -func NewCertificateValidationDisabledAndMatch() text.TextRule { - return text.TextRule{ +func NewCertificateValidationDisabledAndMatch() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-21", Name: "Certificate Validation Disabled", @@ -397,8 +397,8 @@ func NewCertificateValidationDisabledAndMatch() text.TextRule { } } -func NewActionRequestValidationDisabled() text.TextRule { - return text.TextRule{ +func NewActionRequestValidationDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-22", Name: "Action Request Validation Disabled", @@ -414,8 +414,8 @@ func NewActionRequestValidationDisabled() text.TextRule { } } -func NewXmlDocumentExternalEntityExpansion() text.TextRule { - return text.TextRule{ +func NewXmlDocumentExternalEntityExpansion() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-23", Name: "Xml Document External Entity Expansion", @@ -431,8 +431,8 @@ func NewXmlDocumentExternalEntityExpansion() text.TextRule { } } -func NewLdapInjectionFilterAssignment() text.TextRule { - return text.TextRule{ +func NewLdapInjectionFilterAssignment() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-24", Name: "Ldap Injection Filter Assignment", @@ -449,8 +449,8 @@ func NewLdapInjectionFilterAssignment() text.TextRule { } } -func NewSqlInjectionDynamicNHibernateQuery() text.TextRule { - return text.TextRule{ +func NewSqlInjectionDynamicNHibernateQuery() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-25", Name: "Sql Injection: Dynamic NHibernate Query", @@ -466,8 +466,8 @@ func NewSqlInjectionDynamicNHibernateQuery() text.TextRule { } } -func NewLdapInjectionDirectorySearcher() text.TextRule { - return text.TextRule{ +func NewLdapInjectionDirectorySearcher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-26", Name: "Ldap Injection Directory Searcher", @@ -483,8 +483,8 @@ func NewLdapInjectionDirectorySearcher() text.TextRule { } } -func NewLdapInjectionPathAssignment() text.TextRule { - return text.TextRule{ +func NewLdapInjectionPathAssignment() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-27", Name: "Ldap Injection Path Assignment", @@ -500,8 +500,8 @@ func NewLdapInjectionPathAssignment() text.TextRule { } } -func NewLDAPInjection() text.TextRule { - return text.TextRule{ +func NewLDAPInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-28", Name: "LDAP Injection", @@ -517,8 +517,8 @@ func NewLDAPInjection() text.TextRule { } } -func NewSQLInjectionLinq() text.TextRule { - return text.TextRule{ +func NewSQLInjectionLinq() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-29", Name: "SQL Injection LINQ", @@ -533,8 +533,8 @@ func NewSQLInjectionLinq() text.TextRule { } } -func NewInsecureDeserialization() text.TextRule { - return text.TextRule{ +func NewInsecureDeserialization() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-30", Name: "Insecure Deserialization", @@ -550,8 +550,8 @@ func NewInsecureDeserialization() text.TextRule { } } -func NewSQLInjectionEnterpriseLibraryData() text.TextRule { - return text.TextRule{ +func NewSQLInjectionEnterpriseLibraryData() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-31", Name: "SQL Injection Enterprise Library Data", @@ -567,8 +567,8 @@ func NewSQLInjectionEnterpriseLibraryData() text.TextRule { } } -func NewCQLInjectionCassandra() text.TextRule { - return text.TextRule{ +func NewCQLInjectionCassandra() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-32", Name: "CQL Injection Cassandra", @@ -584,8 +584,8 @@ func NewCQLInjectionCassandra() text.TextRule { } } -func NewPasswordComplexity() text.TextRule { - return text.TextRule{ +func NewPasswordComplexity() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-33", Name: "Password Complexity", @@ -603,8 +603,8 @@ func NewPasswordComplexity() text.TextRule { } } -func NewCookieWithoutSSLFlag() text.TextRule { - return text.TextRule{ +func NewCookieWithoutSSLFlag() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-34", Name: "Cookie Without SSL Flag", @@ -622,8 +622,8 @@ func NewCookieWithoutSSLFlag() text.TextRule { } } -func NewCookieWithoutHttpOnlyFlag() text.TextRule { - return text.TextRule{ +func NewCookieWithoutHttpOnlyFlag() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-35", Name: "Cookie Without HttpOnly Flag", @@ -640,8 +640,8 @@ func NewCookieWithoutHttpOnlyFlag() text.TextRule { } } -func NewNoInputVariable() text.TextRule { - return text.TextRule{ +func NewNoInputVariable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-36", Name: "No input variable", @@ -657,8 +657,8 @@ func NewNoInputVariable() text.TextRule { } } -func NewIdentityWeakPasswordComplexity() text.TextRule { - return text.TextRule{ +func NewIdentityWeakPasswordComplexity() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-37", Name: "Identity Weak Password Complexity", @@ -679,8 +679,8 @@ func NewIdentityWeakPasswordComplexity() text.TextRule { } } -func NewNoLogSensitiveInformationInConsole() text.TextRule { - return text.TextRule{ +func NewNoLogSensitiveInformationInConsole() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-38", Name: "No Log Sensitive Information in console", @@ -695,8 +695,8 @@ func NewNoLogSensitiveInformationInConsole() text.TextRule { } } -func NewOutputCacheConflict() text.TextRule { - return text.TextRule{ +func NewOutputCacheConflict() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-39", Name: "OutputCache Conflict", @@ -711,8 +711,8 @@ func NewOutputCacheConflict() text.TextRule { } } -func NewOpenRedirect() text.TextRule { - return text.TextRule{ +func NewOpenRedirect() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-40", Name: "Open Redirect", @@ -727,8 +727,8 @@ func NewOpenRedirect() text.TextRule { } } -func NewRequestValidationDisabledAttribute() text.TextRule { - return text.TextRule{ +func NewRequestValidationDisabledAttribute() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-41", Name: "Request Validation Disabled (Attribute)", @@ -743,8 +743,8 @@ func NewRequestValidationDisabledAttribute() text.TextRule { } } -func NewSQLInjectionOLEDB() text.TextRule { - return text.TextRule{ +func NewSQLInjectionOLEDB() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-42", Name: "SQL Injection OLE DB", @@ -759,8 +759,8 @@ func NewSQLInjectionOLEDB() text.TextRule { } } -func NewRequestValidationDisabledConfigurationFile() text.TextRule { - return text.TextRule{ +func NewRequestValidationDisabledConfigurationFile() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-43", Name: "Request Validation Disabled (Configuration File)", @@ -775,8 +775,8 @@ func NewRequestValidationDisabledConfigurationFile() text.TextRule { } } -func NewSQLInjectionMsSQLDataProvider() text.TextRule { - return text.TextRule{ +func NewSQLInjectionMsSQLDataProvider() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-44", Name: "SQL Injection MsSQL Data Provider", @@ -791,8 +791,8 @@ func NewSQLInjectionMsSQLDataProvider() text.TextRule { } } -func NewRequestValidationIsEnabledOnlyForPages() text.TextRule { - return text.TextRule{ +func NewRequestValidationIsEnabledOnlyForPages() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-45", Name: "Request validation is enabled only for pages", @@ -807,8 +807,8 @@ func NewRequestValidationIsEnabledOnlyForPages() text.TextRule { } } -func NewSQLInjectionEntityFramework() text.TextRule { - return text.TextRule{ +func NewSQLInjectionEntityFramework() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-46", Name: "SQL Injection Entity Framework", @@ -823,8 +823,8 @@ func NewSQLInjectionEntityFramework() text.TextRule { } } -func NewViewStateNotEncrypted() text.TextRule { - return text.TextRule{ +func NewViewStateNotEncrypted() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-47", Name: "View State Not Encrypted", @@ -839,8 +839,8 @@ func NewViewStateNotEncrypted() text.TextRule { } } -func NewSQLInjectionNhibernate() text.TextRule { - return text.TextRule{ +func NewSQLInjectionNhibernate() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-48", Name: "SQL Injection Nhibernate", @@ -855,8 +855,8 @@ func NewSQLInjectionNhibernate() text.TextRule { } } -func NewViewStateMacDisabled() text.TextRule { - return text.TextRule{ +func NewViewStateMacDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-49", Name: "View State MAC Disabled", @@ -871,8 +871,8 @@ func NewViewStateMacDisabled() text.TextRule { } } -func NewSQLInjectionNpgsql() text.TextRule { - return text.TextRule{ +func NewSQLInjectionNpgsql() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-50", Name: "SQL Injection Npgsql", @@ -887,8 +887,8 @@ func NewSQLInjectionNpgsql() text.TextRule { } } -func NewCertificateValidationDisabled() text.TextRule { - return text.TextRule{ +func NewCertificateValidationDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-51", Name: "Certificate Validation Disabled", @@ -903,8 +903,8 @@ func NewCertificateValidationDisabled() text.TextRule { } } -func NewWeakCipherAlgorithm() text.TextRule { - return text.TextRule{ +func NewWeakCipherAlgorithm() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-52", Name: "Weak cipher algorithm", @@ -919,8 +919,8 @@ func NewWeakCipherAlgorithm() text.TextRule { } } -func NewNoUseHtmlRaw() text.TextRule { - return text.TextRule{ +func NewNoUseHtmlRaw() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-53", Name: "No use Html.Raw", @@ -935,8 +935,8 @@ func NewNoUseHtmlRaw() text.TextRule { } } -func NewNoLogSensitiveInformation() text.TextRule { - return text.TextRule{ +func NewNoLogSensitiveInformation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-54", Name: "No log sensitive information debug mode", @@ -951,8 +951,8 @@ func NewNoLogSensitiveInformation() text.TextRule { } } -func NewNoReturnStringConcatInController() text.TextRule { - return text.TextRule{ +func NewNoReturnStringConcatInController() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-55", Name: "No return string concat in controller", @@ -967,8 +967,8 @@ func NewNoReturnStringConcatInController() text.TextRule { } } -func NewSQLInjectionOdbcCommand() text.TextRule { - return text.TextRule{ +func NewSQLInjectionOdbcCommand() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-56", Name: "SQL Injection OdbcCommand", @@ -983,8 +983,8 @@ func NewSQLInjectionOdbcCommand() text.TextRule { } } -func NewWeakHashingFunctionMd5OrSha1() text.TextRule { - return text.TextRule{ +func NewWeakHashingFunctionMd5OrSha1() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-57", Name: "Weak hashing function md5 or sha1", @@ -1000,8 +1000,8 @@ func NewWeakHashingFunctionMd5OrSha1() text.TextRule { } } -func NewWeakHashingFunctionDESCrypto() text.TextRule { - return text.TextRule{ +func NewWeakHashingFunctionDESCrypto() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-58", Name: "Weak hashing function DES Crypto", @@ -1019,8 +1019,8 @@ func NewWeakHashingFunctionDESCrypto() text.TextRule { } } -func NewNoUseCipherMode() text.TextRule { - return text.TextRule{ +func NewNoUseCipherMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-59", Name: "No Use Cipher mode", @@ -1038,8 +1038,8 @@ func NewNoUseCipherMode() text.TextRule { } } -func NewDebugBuildEnabled() text.TextRule { - return text.TextRule{ +func NewDebugBuildEnabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-60", Name: "Debug Build Enabled", @@ -1054,8 +1054,8 @@ func NewDebugBuildEnabled() text.TextRule { } } -func NewVulnerablePackageReference() text.TextRule { - return text.TextRule{ +func NewVulnerablePackageReference() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-61", Name: "Vulnerable Package Reference", @@ -1070,8 +1070,8 @@ func NewVulnerablePackageReference() text.TextRule { } } -func NewCorsAllowOriginWildCard() text.TextRule { - return text.TextRule{ +func NewCorsAllowOriginWildCard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-62", Name: "Cors Allow Origin Wild Card", @@ -1086,8 +1086,8 @@ func NewCorsAllowOriginWildCard() text.TextRule { } } -func NewMissingAntiForgeryTokenAttribute() text.TextRule { - return text.TextRule{ +func NewMissingAntiForgeryTokenAttribute() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-63", Name: "Missing Anti Forgery Token Attribute", @@ -1102,8 +1102,8 @@ func NewMissingAntiForgeryTokenAttribute() text.TextRule { } } -func NewUnvalidatedWebFormsRedirect() text.TextRule { - return text.TextRule{ +func NewUnvalidatedWebFormsRedirect() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-64", Name: "Unvalidated Web Forms Redirect", @@ -1118,8 +1118,8 @@ func NewUnvalidatedWebFormsRedirect() text.TextRule { } } -func NewIdentityPasswordLockoutDisabled() text.TextRule { - return text.TextRule{ +func NewIdentityPasswordLockoutDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-65", Name: "Identity Password Lockout Disabled", @@ -1134,8 +1134,8 @@ func NewIdentityPasswordLockoutDisabled() text.TextRule { } } -func NewRawInlineExpression() text.TextRule { - return text.TextRule{ +func NewRawInlineExpression() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-66", Name: "Raw Inline Expression", @@ -1150,8 +1150,8 @@ func NewRawInlineExpression() text.TextRule { } } -func NewRawBindingExpression() text.TextRule { - return text.TextRule{ +func NewRawBindingExpression() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-67", Name: "Raw Binding Expression", @@ -1166,8 +1166,8 @@ func NewRawBindingExpression() text.TextRule { } } -func NewRawWriteLiteralMethod() text.TextRule { - return text.TextRule{ +func NewRawWriteLiteralMethod() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-68", Name: "Raw Write Literal Method", @@ -1182,8 +1182,8 @@ func NewRawWriteLiteralMethod() text.TextRule { } } -func NewUnencodedWebFormsProperty() text.TextRule { - return text.TextRule{ +func NewUnencodedWebFormsProperty() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-69", Name: "Unencoded Web Forms Property", @@ -1198,8 +1198,8 @@ func NewUnencodedWebFormsProperty() text.TextRule { } } -func NewUnencodedLabelText() text.TextRule { - return text.TextRule{ +func NewUnencodedLabelText() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-70", Name: "Unencoded Label Text", @@ -1214,8 +1214,8 @@ func NewUnencodedLabelText() text.TextRule { } } -func NewWeakRandomNumberGenerator() text.TextRule { - return text.TextRule{ +func NewWeakRandomNumberGenerator() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-71", Name: "Weak Random Number Generator", @@ -1230,8 +1230,8 @@ func NewWeakRandomNumberGenerator() text.TextRule { } } -func NewWeakRsaKeyLength() text.TextRule { - return text.TextRule{ +func NewWeakRsaKeyLength() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-72", Name: "Weak Rsa Key Length", @@ -1246,8 +1246,8 @@ func NewWeakRsaKeyLength() text.TextRule { } } -func NewXmlReaderExternalEntityExpansion() text.TextRule { - return text.TextRule{ +func NewXmlReaderExternalEntityExpansion() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-73", Name: "Xml Reader External Entity Expansion", @@ -1262,8 +1262,8 @@ func NewXmlReaderExternalEntityExpansion() text.TextRule { } } -func NewLdapInjectionDirectoryEntry() text.TextRule { - return text.TextRule{ +func NewLdapInjectionDirectoryEntry() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-CSHARP-74", Name: "Ldap Injection Directory Entry", diff --git a/internal/services/engines/csharp/rules_test.go b/internal/services/engines/csharp/rules_test.go index 29fc7582d..2d3d42927 100644 --- a/internal/services/engines/csharp/rules_test.go +++ b/internal/services/engines/csharp/rules_test.go @@ -15,6 +15,8 @@ package csharp import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,31 +25,36 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-CSHARP-1", - Rule: NewCommandInjection(), - Src: SampleVulnerableHSCSHARP1, + Name: "HS-CSHARP-1", + Rule: NewCommandInjection(), + Src: SampleVulnerableHSCSHARP1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-1", ".test")), Findings: []engine.Finding{ { CodeSample: "var p = new Process();", SourceLocation: engine.Location{ - Line: 2, - Column: 10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-1", ".test")), + Line: 2, + Column: 10, }, }, }, }, { - Name: "HS-CSHARP-2", - Rule: NewXPathInjection(), - Src: SampleVulnerableHSCSHARP2, + Name: "HS-CSHARP-2", + Rule: NewXPathInjection(), + Src: SampleVulnerableHSCSHARP2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-2", ".test")), Findings: []engine.Finding{ { CodeSample: "var doc = new XmlDocument {XmlResolver = null};", SourceLocation: engine.Location{ - Line: 2, - Column: 12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-2", ".test")), + Line: 2, + Column: 12, }, }, }, @@ -57,16 +64,19 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-CSHARP-1", - Rule: NewCommandInjection(), - Src: SampleSafeHSCSHARP1, + Name: "HS-CSHARP-1", + Rule: NewCommandInjection(), + Src: SampleSafeHSCSHARP1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-1", ".test")), }, { - Name: "HS-CSHARP-2", - Rule: NewXPathInjection(), - Src: SampleSafeHSCSHARP2, + Name: "HS-CSHARP-2", + Rule: NewXPathInjection(), + Src: SampleSafeHSCSHARP2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-CSHARP-2", ".test")), }, } diff --git a/internal/services/engines/dart/rules.go b/internal/services/engines/dart/rules.go index cb63c921e..460e91ab7 100644 --- a/internal/services/engines/dart/rules.go +++ b/internal/services/engines/dart/rules.go @@ -25,8 +25,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewUsageLocalDataWithoutCryptography() text.TextRule { - return text.TextRule{ +func NewUsageLocalDataWithoutCryptography() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-1", Name: "Usage Local Data Without Cryptography", @@ -42,8 +42,8 @@ func NewUsageLocalDataWithoutCryptography() text.TextRule { } } -func NewNoSendSensitiveInformation() text.TextRule { - return text.TextRule{ +func NewNoSendSensitiveInformation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-2", Name: "No Send Sensitive Information in alternative channels (sms, mms, notifications)", @@ -59,8 +59,8 @@ func NewNoSendSensitiveInformation() text.TextRule { } } -func NewNoUseBiometricsTypeIOS() text.TextRule { - return text.TextRule{ +func NewNoUseBiometricsTypeIOS() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-3", Name: "No use biometrics types face or fingerprint for login in account", @@ -80,8 +80,8 @@ For more information checkout the OWSAP M4:2016 (https://owasp.org/www-project-m } } -func NewXmlReaderExternalEntityExpansion() text.TextRule { - return text.TextRule{ +func NewXmlReaderExternalEntityExpansion() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-4", Name: "Xml Reader External Entity Expansion", @@ -98,8 +98,8 @@ func NewXmlReaderExternalEntityExpansion() text.TextRule { } } -func NewNoUseConnectionWithoutSSL() text.TextRule { - return text.TextRule{ +func NewNoUseConnectionWithoutSSL() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-5", Name: "No use connection without SSL", @@ -116,8 +116,8 @@ func NewNoUseConnectionWithoutSSL() text.TextRule { } } -func NewSendSMS() text.TextRule { - return text.TextRule{ +func NewSendSMS() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-6", Name: "Send SMS", @@ -133,8 +133,8 @@ func NewSendSMS() text.TextRule { } } -func NewXSSAttack() text.TextRule { - return text.TextRule{ +func NewXSSAttack() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-7", Name: "Prevent XSS Attack", @@ -149,8 +149,8 @@ func NewXSSAttack() text.TextRule { } } -func NewNoLogSensitive() text.TextRule { - return text.TextRule{ +func NewNoLogSensitive() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-8", Name: "No Log Sensitive Information in console", @@ -167,8 +167,8 @@ func NewNoLogSensitive() text.TextRule { } } -func NewWeakHashingFunctionMd5OrSha1() text.TextRule { - return text.TextRule{ +func NewWeakHashingFunctionMd5OrSha1() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-9", Name: "Weak hashing function md5 or sha1", @@ -186,8 +186,8 @@ func NewWeakHashingFunctionMd5OrSha1() text.TextRule { } } -func NewNoUseSelfSignedCertificate() text.TextRule { - return text.TextRule{ +func NewNoUseSelfSignedCertificate() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-10", Name: "No Use Self Signed Certificate", @@ -203,8 +203,8 @@ func NewNoUseSelfSignedCertificate() text.TextRule { } } -func NewNoUseBiometricsTypeAndroid() text.TextRule { - return text.TextRule{ +func NewNoUseBiometricsTypeAndroid() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-11", Name: "No use biometrics types face or fingerprint for login in account", @@ -219,8 +219,8 @@ func NewNoUseBiometricsTypeAndroid() text.TextRule { } } -func NewNoListClipboardChanges() text.TextRule { - return text.TextRule{ +func NewNoListClipboardChanges() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-12", Name: "No List changes on the clipboard", @@ -235,8 +235,8 @@ func NewNoListClipboardChanges() text.TextRule { } } -func NewSQLInjection() text.TextRule { - return text.TextRule{ +func NewSQLInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-13", Name: "SQL Injection", @@ -251,8 +251,8 @@ func NewSQLInjection() text.TextRule { } } -func NewNoUseNSTemporaryDirectory() text.TextRule { - return text.TextRule{ +func NewNoUseNSTemporaryDirectory() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-14", Name: "No use NSTemporaryDirectory", @@ -267,8 +267,8 @@ func NewNoUseNSTemporaryDirectory() text.TextRule { } } -func NewNoUseCipherMode() text.TextRule { - return text.TextRule{ +func NewNoUseCipherMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-15", Name: "No Use Cipher mode", @@ -286,8 +286,8 @@ func NewNoUseCipherMode() text.TextRule { } } -func NewCorsAllowOriginWildCard() text.TextRule { - return text.TextRule{ +func NewCorsAllowOriginWildCard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-16", Name: "Cors Allow Origin Wild Card", @@ -302,8 +302,8 @@ func NewCorsAllowOriginWildCard() text.TextRule { } } -func NewUsingShellInterpreterWhenExecutingOSCommand() text.TextRule { - return text.TextRule{ +func NewUsingShellInterpreterWhenExecutingOSCommand() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-DART-17", Name: "Using shell interpreter when executing OS commands", diff --git a/internal/services/engines/dart/rules_test.go b/internal/services/engines/dart/rules_test.go index abd2f69ab..35d78206b 100644 --- a/internal/services/engines/dart/rules_test.go +++ b/internal/services/engines/dart/rules_test.go @@ -15,6 +15,8 @@ package dart import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,248 +25,284 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-DART-1", - Rule: NewUsageLocalDataWithoutCryptography(), - Src: SampleVulnerableHSDART1, + Name: "HS-DART-1", + Rule: NewUsageLocalDataWithoutCryptography(), + Src: SampleVulnerableHSDART1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-1", ".test")), Findings: []engine.Finding{ { CodeSample: "SharedPreferences prefs = await SharedPreferences.getInstance();", SourceLocation: engine.Location{ - Line: 8, - Column: 34, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-1", ".test")), + Line: 8, + Column: 34, }, }, }, }, { - Name: "HS-DART-2", - Rule: NewNoSendSensitiveInformation(), - Src: SampleVulnerableHSDART2, + Name: "HS-DART-2", + Rule: NewNoSendSensitiveInformation(), + Src: SampleVulnerableHSDART2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-2", ".test")), Findings: []engine.Finding{ { CodeSample: "_firebaseMessaging.configure(", SourceLocation: engine.Location{ - Line: 9, - Column: 5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-2", ".test")), + Line: 9, + Column: 5, }, }, }, }, { - Name: "HS-DART-3", - Rule: NewNoUseBiometricsTypeIOS(), - Src: SampleVulnerableHSDART3, + Name: "HS-DART-3", + Rule: NewNoUseBiometricsTypeIOS(), + Src: SampleVulnerableHSDART3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-3", ".test")), Findings: []engine.Finding{ { CodeSample: "await auth.getAvailableBiometrics();", SourceLocation: engine.Location{ - Line: 3, - Column: 15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-3", ".test")), + Line: 3, + Column: 15, }, }, }, }, { - Name: "HS-DART-4", - Rule: NewXmlReaderExternalEntityExpansion(), - Src: SampleVulnerableHSDART4, + Name: "HS-DART-4", + Rule: NewXmlReaderExternalEntityExpansion(), + Src: SampleVulnerableHSDART4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-4", ".test")), Findings: []engine.Finding{ { CodeSample: "final file = new File(FileFromUserInput);", SourceLocation: engine.Location{ - Line: 3, - Column: 13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-4", ".test")), + Line: 3, + Column: 13, }, }, }, }, { - Name: "HS-DART-5", - Rule: NewNoUseConnectionWithoutSSL(), - Src: SampleVulnerableHSDART5, + Name: "HS-DART-5", + Rule: NewNoUseConnectionWithoutSSL(), + Src: SampleVulnerableHSDART5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-5", ".test")), Findings: []engine.Finding{ { CodeSample: "return _HttpServer.bindSecure('http://my-api.com.br', port, context, backlog, v6Only, requestClientCertificate, shared);", SourceLocation: engine.Location{ - Line: 12, - Column: 22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-5", ".test")), + Line: 12, + Column: 22, }, }, }, }, { - Name: "HS-DART-6", - Rule: NewSendSMS(), - Src: SampleVulnerableHSDART6, + Name: "HS-DART-6", + Rule: NewSendSMS(), + Src: SampleVulnerableHSDART6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-6", ".test")), Findings: []engine.Finding{ { CodeSample: "import 'package:flutter_sms/flutter_sms.dart';", SourceLocation: engine.Location{ - Line: 1, - Column: 28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-6", ".test")), + Line: 1, + Column: 28, }, }, }, }, { - Name: "HS-DART-7", - Rule: NewXSSAttack(), - Src: SampleVulnerableHSDART7, + Name: "HS-DART-7", + Rule: NewXSSAttack(), + Src: SampleVulnerableHSDART7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-7", ".test")), Findings: []engine.Finding{ { CodeSample: "var element = new Element.html(sprintf(\"
%s
\", [content]));", SourceLocation: engine.Location{ - Line: 8, - Column: 19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-7", ".test")), + Line: 8, + Column: 19, }, }, }, }, { - Name: "HS-DART-8", - Rule: NewNoLogSensitive(), - Src: SampleVulnerableHSDART8, + Name: "HS-DART-8", + Rule: NewNoLogSensitive(), + Src: SampleVulnerableHSDART8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-8", ".test")), Findings: []engine.Finding{ { CodeSample: "print(sprintf(\"User identity is: %s\", [identity]));", SourceLocation: engine.Location{ - Line: 9, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-8", ".test")), + Line: 9, + Column: 1, }, }, { CodeSample: "_logger.info(sprintf(\"User identity is: %s\", [identity]));", SourceLocation: engine.Location{ - Line: 11, - Column: 2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-8", ".test")), + Line: 11, + Column: 2, }, }, }, }, { - Name: "HS-DART-9", - Rule: NewWeakHashingFunctionMd5OrSha1(), - Src: SampleVulnerableHSDART9, + Name: "HS-DART-9", + Rule: NewWeakHashingFunctionMd5OrSha1(), + Src: SampleVulnerableHSDART9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-9", ".test")), Findings: []engine.Finding{ { CodeSample: "var digest = md5.convert(content);", SourceLocation: engine.Location{ - Line: 11, - Column: 15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-9", ".test")), + Line: 11, + Column: 15, }, }, }, }, { - Name: "HS-DART-10", - Rule: NewNoUseSelfSignedCertificate(), - Src: SampleVulnerableHSDART10, + Name: "HS-DART-10", + Rule: NewNoUseSelfSignedCertificate(), + Src: SampleVulnerableHSDART10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-10", ".test")), Findings: []engine.Finding{ { CodeSample: "context.setTrustedCertificates(\"client.cer\");", SourceLocation: engine.Location{ - Line: 4, - Column: 8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-10", ".test")), + Line: 4, + Column: 8, }, }, }, }, { - Name: "HS-DART-11", - Rule: NewNoUseBiometricsTypeAndroid(), - Src: SampleVulnerableHSDART11, + Name: "HS-DART-11", + Rule: NewNoUseBiometricsTypeAndroid(), + Src: SampleVulnerableHSDART11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-11", ".test")), Findings: []engine.Finding{ { CodeSample: "authenticated = await auth.authenticateWithBiometrics(", SourceLocation: engine.Location{ - Line: 4, - Column: 29, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-11", ".test")), + Line: 4, + Column: 29, }, }, }, }, { - Name: "HS-DART-12", - Rule: NewNoListClipboardChanges(), - Src: SampleVulnerableHSDART12, + Name: "HS-DART-12", + Rule: NewNoListClipboardChanges(), + Src: SampleVulnerableHSDART12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-12", ".test")), Findings: []engine.Finding{ { CodeSample: "Map result = await SystemChannels.platform.invokeMethod('Clipboard.getData');", SourceLocation: engine.Location{ - Line: 4, - Column: 75, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-12", ".test")), + Line: 4, + Column: 75, }, }, }, }, { - Name: "HS-DART-13", - Rule: NewSQLInjection(), - Src: SampleVulnerableHSDART13, + Name: "HS-DART-13", + Rule: NewSQLInjection(), + Src: SampleVulnerableHSDART13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-13", ".test")), Findings: []engine.Finding{ { CodeSample: "List list = await database.rawQuery(\"SELECT * FROM Users WHERE username = '\" + username + \"';\");", SourceLocation: engine.Location{ - Line: 10, - Column: 34, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-13", ".test")), + Line: 10, + Column: 34, }, }, }, }, { - Name: "HS-DART-14", - Rule: NewNoUseNSTemporaryDirectory(), - Src: SampleVulnerableHSDART14, + Name: "HS-DART-14", + Rule: NewNoUseNSTemporaryDirectory(), + Src: SampleVulnerableHSDART14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-14", ".test")), Findings: []engine.Finding{ { CodeSample: "let temporaryDirectoryURL = URL(fileURLWithPath: NSTemporaryDirectory(), isDirectory: true);", SourceLocation: engine.Location{ - Line: 3, - Column: 49, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-14", ".test")), + Line: 3, + Column: 49, }, }, }, }, { - Name: "HS-DART-15", - Rule: NewNoUseCipherMode(), - Src: SampleVulnerableHSDART15, + Name: "HS-DART-15", + Rule: NewNoUseCipherMode(), + Src: SampleVulnerableHSDART15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-15", ".test")), Findings: []engine.Finding{ { CodeSample: "final encrypter = Encrypter(AES(key, mode: AESMode.cts));", SourceLocation: engine.Location{ - Line: 3, - Column: 43, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-15", ".test")), + Line: 3, + Column: 43, }, }, }, }, { - Name: "HS-DART-16", - Rule: NewCorsAllowOriginWildCard(), - Src: SampleVulnerableHSDART16, + Name: "HS-DART-16", + Rule: NewCorsAllowOriginWildCard(), + Src: SampleVulnerableHSDART16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-16", ".test")), Findings: []engine.Finding{ { CodeSample: `request.response.headers.add("Access-Control-Allow-Origin", "*");`, SourceLocation: engine.Location{ - Line: 9, - Column: 32, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-16", ".test")), + Line: 9, + Column: 32, }, }, }, }, { - Name: "HS-DART-17", - Rule: NewUsingShellInterpreterWhenExecutingOSCommand(), - Src: SampleVulnerableHSDART17, + Name: "HS-DART-17", + Rule: NewUsingShellInterpreterWhenExecutingOSCommand(), + Src: SampleVulnerableHSDART17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-17", ".test")), Findings: []engine.Finding{ { CodeSample: `var result = await Process.run("netcfg", [UserParams]);`, SourceLocation: engine.Location{ - Line: 4, - Column: 20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-17", ".test")), + Line: 4, + Column: 20, }, }, }, @@ -275,91 +313,109 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-DART-1", - Rule: NewUsageLocalDataWithoutCryptography(), - Src: SampleSafeHSDART1, + Name: "HS-DART-1", + Rule: NewUsageLocalDataWithoutCryptography(), + Src: SampleSafeHSDART1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-1", ".test")), }, { - Name: "HS-DART-2", - Rule: NewNoSendSensitiveInformation(), - Src: SampleSafeHSDART2, + Name: "HS-DART-2", + Rule: NewNoSendSensitiveInformation(), + Src: SampleSafeHSDART2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-2", ".test")), }, { - Name: "HS-DART-3", - Rule: NewNoUseBiometricsTypeIOS(), - Src: "", + Name: "HS-DART-3", + Rule: NewNoUseBiometricsTypeIOS(), + Src: "", + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-3", ".test")), }, { - Name: "HS-DART-4", - Rule: NewXmlReaderExternalEntityExpansion(), - Src: SampleSafeHSDART4, + Name: "HS-DART-4", + Rule: NewXmlReaderExternalEntityExpansion(), + Src: SampleSafeHSDART4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-4", ".test")), }, { - Name: "HS-DART-5", - Rule: NewNoUseConnectionWithoutSSL(), - Src: SampleSafeHSDART5, + Name: "HS-DART-5", + Rule: NewNoUseConnectionWithoutSSL(), + Src: SampleSafeHSDART5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-5", ".test")), }, { - Name: "HS-DART-6", - Rule: NewSendSMS(), - Src: "", + Name: "HS-DART-6", + Rule: NewSendSMS(), + Src: "", + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-6", ".test")), }, { - Name: "HS-DART-7", - Rule: NewXSSAttack(), - Src: SampleSafeHSDART7, + Name: "HS-DART-7", + Rule: NewXSSAttack(), + Src: SampleSafeHSDART7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-7", ".test")), }, { - Name: "HS-DART-8", - Rule: NewNoLogSensitive(), - Src: SampleSafeHSDART8, + Name: "HS-DART-8", + Rule: NewNoLogSensitive(), + Src: SampleSafeHSDART8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-8", ".test")), }, { - Name: "HS-DART-9", - Rule: NewWeakHashingFunctionMd5OrSha1(), - Src: SampleSafeHSDART9, + Name: "HS-DART-9", + Rule: NewWeakHashingFunctionMd5OrSha1(), + Src: SampleSafeHSDART9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-9", ".test")), }, { - Name: "HS-DART-10", - Rule: NewNoUseSelfSignedCertificate(), - Src: SampleSafeHSDART10, + Name: "HS-DART-10", + Rule: NewNoUseSelfSignedCertificate(), + Src: SampleSafeHSDART10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-10", ".test")), }, { - Name: "HS-DART-11", - Rule: NewNoUseBiometricsTypeAndroid(), - Src: SampleSafeHSDART11, + Name: "HS-DART-11", + Rule: NewNoUseBiometricsTypeAndroid(), + Src: SampleSafeHSDART11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-11", ".test")), }, { - Name: "HS-DART-12", - Rule: NewNoListClipboardChanges(), - Src: SampleSafeHSDART12, + Name: "HS-DART-12", + Rule: NewNoListClipboardChanges(), + Src: SampleSafeHSDART12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-12", ".test")), }, { - Name: "HS-DART-13", - Rule: NewSQLInjection(), - Src: SampleSafeHSDART13, + Name: "HS-DART-13", + Rule: NewSQLInjection(), + Src: SampleSafeHSDART13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-13", ".test")), }, { - Name: "HS-DART-14", - Rule: NewNoUseNSTemporaryDirectory(), - Src: SampleSafeHSDART14, + Name: "HS-DART-14", + Rule: NewNoUseNSTemporaryDirectory(), + Src: SampleSafeHSDART14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-14", ".test")), }, { - Name: "HS-DART-15", - Rule: NewNoUseCipherMode(), - Src: SampleSafeHSDART15, + Name: "HS-DART-15", + Rule: NewNoUseCipherMode(), + Src: SampleSafeHSDART15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-15", ".test")), }, { - Name: "HS-DART-16", - Rule: NewCorsAllowOriginWildCard(), - Src: SampleSafeHSDART16, + Name: "HS-DART-16", + Rule: NewCorsAllowOriginWildCard(), + Src: SampleSafeHSDART16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-16", ".test")), }, { - Name: "HS-DART-17", - Rule: NewUsingShellInterpreterWhenExecutingOSCommand(), - Src: SampleSafeHSDART17, + Name: "HS-DART-17", + Rule: NewUsingShellInterpreterWhenExecutingOSCommand(), + Src: SampleSafeHSDART17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-DART-17", ".test")), }, } diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go index 7fcc87c88..eebf6d8cf 100644 --- a/internal/services/engines/java/rules.go +++ b/internal/services/engines/java/rules.go @@ -25,8 +25,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewXMLParsingVulnerableToXXE() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXE() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-1", Name: "XML parsing vulnerable to XXE", @@ -43,8 +43,8 @@ func NewXMLParsingVulnerableToXXE() text.TextRule { } } -func NewXMLParsingVulnerableToXXEWithXMLInputFactory() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithXMLInputFactory() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-2", Name: "XML parsing vulnerable to XXE With XMLInputFactory", @@ -60,8 +60,8 @@ func NewXMLParsingVulnerableToXXEWithXMLInputFactory() text.TextRule { } } -func NewXMLParsingVulnerableToXXEWithDocumentBuilder() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithDocumentBuilder() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-3", Name: "XML parsing vulnerable to XXE With DocumentBuilder", @@ -78,8 +78,8 @@ func NewXMLParsingVulnerableToXXEWithDocumentBuilder() text.TextRule { } } -func NewXMLParsingVulnerableToXXEWithSAXParserFactory() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithSAXParserFactory() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-4", Name: "XML parsing vulnerable to XXE With SAXParserFactory", @@ -96,8 +96,8 @@ func NewXMLParsingVulnerableToXXEWithSAXParserFactory() text.TextRule { } } -func NewXMLParsingVulnerableToXXEWithTransformerFactory() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithTransformerFactory() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-5", Name: "XML parsing vulnerable to XXE With TransformerFactory", @@ -116,8 +116,8 @@ func NewXMLParsingVulnerableToXXEWithTransformerFactory() text.TextRule { // Deprecated: Repeated vulnerability, same as HS-JAVA-5 // -//func NewXMLParsingVulnerableToXXEWithSchemaFactory() text.TextRule { -// return text.TextRule{ +//func NewXMLParsingVulnerableToXXEWithSchemaFactory() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-6", // Name: "XML parsing vulnerable to XXE With TransformerFactory", @@ -132,8 +132,8 @@ func NewXMLParsingVulnerableToXXEWithTransformerFactory() text.TextRule { // } //} -func NewXMLParsingVulnerableToXXEWithDom4j() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithDom4j() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-7", Name: "XML parsing vulnerable to XXE With Dom4j", @@ -149,8 +149,8 @@ func NewXMLParsingVulnerableToXXEWithDom4j() text.TextRule { } } -func NewXMLParsingVulnerableToXXEWithJdom2() text.TextRule { - return text.TextRule{ +func NewXMLParsingVulnerableToXXEWithJdom2() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-8", Name: "XML parsing vulnerable to XXE With Jdom2", @@ -166,8 +166,8 @@ func NewXMLParsingVulnerableToXXEWithJdom2() text.TextRule { } } -func NewInsecureImplementationOfSSL() text.TextRule { - return text.TextRule{ +func NewInsecureImplementationOfSSL() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-9", Name: "Insecure Implementation of SSL", @@ -183,8 +183,8 @@ func NewInsecureImplementationOfSSL() text.TextRule { } } -func NewMessageDigestIsCustom() text.TextRule { - return text.TextRule{ +func NewMessageDigestIsCustom() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-10", Name: "Message digest is custom", @@ -201,8 +201,8 @@ func NewMessageDigestIsCustom() text.TextRule { } } -func NewTrustManagerThatAcceptAnyCertificatesClient() text.TextRule { - return text.TextRule{ +func NewTrustManagerThatAcceptAnyCertificatesClient() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-11", Name: "TrustManager that accept any certificates Client", @@ -219,8 +219,8 @@ func NewTrustManagerThatAcceptAnyCertificatesClient() text.TextRule { } } -func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections() text.TextRule { - return text.TextRule{ +func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-12", Name: "Server hostnames should be verified during SSL/TLS connections", @@ -237,8 +237,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections() text.TextRule { } } -func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail() text.TextRule { - return text.TextRule{ +func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-13", Name: "Server hostnames should be verified during SSL/TLS connections With SimpleEmail", @@ -254,8 +254,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail() } } -func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() text.TextRule { - return text.TextRule{ +func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-14", Name: "Server hostnames should be verified during SSL/TLS connections With Mail's", @@ -274,8 +274,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() text.Te // Deprecated: Repeated vulnerability, same as HS-JAVA-14 // -//func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithJakartaMail() text.TextRule { -// return text.TextRule{ +//func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithJakartaMail() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-15", // Name: "Server hostnames should be verified during SSL/TLS connections With Mail's", @@ -293,8 +293,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() text.Te // Deprecated: Repeated vulnerability, same as HS-JAVA-11 // -//func NewTrustManagerThatAcceptAnyCertificatesServer() text.TextRule { -// return text.TextRule{ +//func NewTrustManagerThatAcceptAnyCertificatesServer() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-16", // Name: "TrustManager that accept any certificates Server", @@ -313,8 +313,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() text.Te // Deprecated: Repeated vulnerability, same as HS-JAVA-11 // -//func NewTrustManagerThatAcceptAnyCertificatesIssuers() text.TextRule { -// return text.TextRule{ +//func NewTrustManagerThatAcceptAnyCertificatesIssuers() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-17", // Name: "TrustManager that accept any certificates Issuers", @@ -331,8 +331,8 @@ func NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail() text.Te // } //} -func NewWebViewLoadFilesFromExternalStorage() text.TextRule { - return text.TextRule{ +func NewWebViewLoadFilesFromExternalStorage() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-18", Name: "WebView Load Files From External Storage", @@ -348,8 +348,8 @@ func NewWebViewLoadFilesFromExternalStorage() text.TextRule { } } -func NewInsecureWebViewImplementation() text.TextRule { - return text.TextRule{ +func NewInsecureWebViewImplementation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-19", Name: "Insecure Web View Implementation", @@ -369,8 +369,8 @@ func NewInsecureWebViewImplementation() text.TextRule { // depend on what is stored, how it was stored and the sql cipher version, removed to avoid false positives. // reference: https://www.zetetic.net/blog/2019/08/14/defcon-sqlite-attacks/ // -//func NewNoUseSQLCipherAndMatch() text.TextRule { -// return text.TextRule{ +//func NewNoUseSQLCipherAndMatch() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-20", // Name: "No Use SQL Cipher", @@ -390,8 +390,8 @@ func NewInsecureWebViewImplementation() text.TextRule { // will only lead to false positives, leaks engine already does a search for hardcoded credentials. // reference: https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-6301?search=realm // -//func NewNoUseRealmDatabaseWithEncryptionKey() text.TextRule { -// return text.TextRule{ +//func NewNoUseRealmDatabaseWithEncryptionKey() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-21", // Name: "No Use Realm Database With Encryption Key", @@ -407,8 +407,8 @@ func NewInsecureWebViewImplementation() text.TextRule { // } //} -func NewNoUseWebviewDebuggingEnable() text.TextRule { - return text.TextRule{ +func NewNoUseWebviewDebuggingEnable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-22", Name: "No Use Webview Debugging Enable", @@ -424,8 +424,8 @@ func NewNoUseWebviewDebuggingEnable() text.TextRule { } } -func NewNoListenToClipboard() text.TextRule { - return text.TextRule{ +func NewNoListenToClipboard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-23", Name: "No Listen To Clipboard", @@ -441,8 +441,8 @@ func NewNoListenToClipboard() text.TextRule { } } -func NewNoCopyContentToClipboard() text.TextRule { - return text.TextRule{ +func NewNoCopyContentToClipboard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-24", Name: "No copy content to clipboard", @@ -458,8 +458,8 @@ func NewNoCopyContentToClipboard() text.TextRule { } } -func NewNoUseWebviewIgnoringSSL() text.TextRule { - return text.TextRule{ +func NewNoUseWebviewIgnoringSSL() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-25", Name: "No Use Webview Ignoring SSL", @@ -476,8 +476,8 @@ func NewNoUseWebviewIgnoringSSL() text.TextRule { } } -func NewSQLInjectionWithSqlUtil() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithSqlUtil() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-26", Name: "SQL Injection With SqlUtil", @@ -493,8 +493,8 @@ func NewSQLInjectionWithSqlUtil() text.TextRule { } // NewNoUseFridaServer Frida seems to be a pentest tool. I couldn't find an example similar to what our rule is looking for, so it's remains without tests. -func NewNoUseFridaServer() text.TextRule { - return text.TextRule{ +func NewNoUseFridaServer() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-27", Name: "No Use Frida Server", @@ -511,8 +511,8 @@ func NewNoUseFridaServer() text.TextRule { } // NewNoUseSSLPinningLib not really sure about this vulnerability, needs to be revised in the future. -func NewNoUseSSLPinningLib() text.TextRule { - return text.TextRule{ +func NewNoUseSSLPinningLib() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-28", Name: "No Use SSL Pinning Lib", @@ -528,8 +528,8 @@ func NewNoUseSSLPinningLib() text.TextRule { } } -func NewNoUseDexGuardAppDebuggable() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardAppDebuggable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-29", Name: "DexGuard Debug Detection", @@ -545,8 +545,8 @@ func NewNoUseDexGuardAppDebuggable() text.TextRule { } } -func NewNoUseDexGuardDebuggerConnected() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardDebuggerConnected() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-30", Name: "No Use DexGuard Debugger Connected", @@ -562,8 +562,8 @@ func NewNoUseDexGuardDebuggerConnected() text.TextRule { } } -func NewNoUseDexGuardEmulatorDetection() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardEmulatorDetection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-31", Name: "No Use DexGuard Emulator Detection", @@ -579,8 +579,8 @@ func NewNoUseDexGuardEmulatorDetection() text.TextRule { } } -func NewNoUseDexGuardWithDebugKey() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardWithDebugKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-32", Name: "No Use DexGuard With Debug Key", @@ -596,8 +596,8 @@ func NewNoUseDexGuardWithDebugKey() text.TextRule { } } -func NewNoUseDexGuardRoot() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardRoot() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-33", Name: "No Use DexGuard Root", @@ -613,8 +613,8 @@ func NewNoUseDexGuardRoot() text.TextRule { } } -func NewNoUseDexGuard() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-34", Name: "No Use DexGuard", @@ -630,8 +630,8 @@ func NewNoUseDexGuard() text.TextRule { } } -func NewNoUseDexGuardInSigner() text.TextRule { - return text.TextRule{ +func NewNoUseDexGuardInSigner() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-35", Name: "No Use DexGuard in signer", @@ -647,8 +647,8 @@ func NewNoUseDexGuardInSigner() text.TextRule { } } -func NewNoUsePackageWithTamperDetection() text.TextRule { - return text.TextRule{ +func NewNoUsePackageWithTamperDetection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-36", Name: "No use package with tamper detection.", @@ -664,8 +664,8 @@ func NewNoUsePackageWithTamperDetection() text.TextRule { } } -func NewLoadAndManipulateDexFiles() text.TextRule { - return text.TextRule{ +func NewLoadAndManipulateDexFiles() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-37", Name: "Load and Manipulate Dex Files", @@ -681,8 +681,8 @@ func NewLoadAndManipulateDexFiles() text.TextRule { } } -func NewObfuscation() text.TextRule { - return text.TextRule{ +func NewObfuscation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-38", Name: "Obfuscation", @@ -698,8 +698,8 @@ func NewObfuscation() text.TextRule { } } -func NewExecuteOSCommand() text.TextRule { - return text.TextRule{ +func NewExecuteOSCommand() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-39", Name: "Execute OS Command", @@ -716,8 +716,8 @@ func NewExecuteOSCommand() text.TextRule { } } -func NewTCPServerSocket() text.TextRule { - return text.TextRule{ +func NewTCPServerSocket() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-40", Name: "TCP Server Socket", @@ -733,8 +733,8 @@ func NewTCPServerSocket() text.TextRule { } } -func NewTCPSocket() text.TextRule { - return text.TextRule{ +func NewTCPSocket() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-41", Name: "TCP Socket", @@ -750,8 +750,8 @@ func NewTCPSocket() text.TextRule { } } -func NewUDPDatagramPacket() text.TextRule { - return text.TextRule{ +func NewUDPDatagramPacket() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-42", Name: "UDP Datagram Packet", @@ -767,8 +767,8 @@ func NewUDPDatagramPacket() text.TextRule { } } -func NewUDPDatagramSocket() text.TextRule { - return text.TextRule{ +func NewUDPDatagramSocket() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-43", Name: "UDP Datagram Socket", @@ -784,8 +784,8 @@ func NewUDPDatagramSocket() text.TextRule { } } -func NewWebViewScriptInterface() text.TextRule { - return text.TextRule{ +func NewWebViewScriptInterface() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-44", Name: "WebView Script Interface", @@ -801,8 +801,8 @@ func NewWebViewScriptInterface() text.TextRule { } } -func NewGetCellInformation() text.TextRule { - return text.TextRule{ +func NewGetCellInformation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-45", Name: "Get Cell Information", @@ -818,8 +818,8 @@ func NewGetCellInformation() text.TextRule { } } -func NewGetCellLocation() text.TextRule { - return text.TextRule{ +func NewGetCellLocation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-46", Name: "Get Cell Location", @@ -835,8 +835,8 @@ func NewGetCellLocation() text.TextRule { } } -func NewGetSubscriberID() text.TextRule { - return text.TextRule{ +func NewGetSubscriberID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-47", Name: "Get Subscriber ID", @@ -852,8 +852,8 @@ func NewGetSubscriberID() text.TextRule { } } -func NewGetDeviceID() text.TextRule { - return text.TextRule{ +func NewGetDeviceID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-48", Name: "Get Device ID", @@ -869,8 +869,8 @@ func NewGetDeviceID() text.TextRule { } } -func NewGetSoftwareVersion() text.TextRule { - return text.TextRule{ +func NewGetSoftwareVersion() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-49", Name: "Get Software Version, IMEI/SV etc", @@ -886,8 +886,8 @@ func NewGetSoftwareVersion() text.TextRule { } } -func NewGetSIMSerialNumber() text.TextRule { - return text.TextRule{ +func NewGetSIMSerialNumber() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-50", Name: "Get SIM Serial Number", @@ -903,8 +903,8 @@ func NewGetSIMSerialNumber() text.TextRule { } } -func NewGetSIMProviderDetails() text.TextRule { - return text.TextRule{ +func NewGetSIMProviderDetails() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-51", Name: "Get SIM Provider Details", @@ -920,8 +920,8 @@ func NewGetSIMProviderDetails() text.TextRule { } } -func NewGetSIMOperatorName() text.TextRule { - return text.TextRule{ +func NewGetSIMOperatorName() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-52", Name: "Get SIM Operator Name", @@ -937,8 +937,8 @@ func NewGetSIMOperatorName() text.TextRule { } } -func NewQueryDatabaseOfSMSContacts() text.TextRule { - return text.TextRule{ +func NewQueryDatabaseOfSMSContacts() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-53", Name: "Query Database of SMS, Contacts etc.", @@ -955,8 +955,8 @@ func NewQueryDatabaseOfSMSContacts() text.TextRule { } // Deprecated: the javax package is deprecated in the Jakarta EE newest version. We'll use jakarta package. -func NewPotentialPathTraversal() text.TextRule { - return text.TextRule{ +func NewPotentialPathTraversal() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-54", Name: "Potential Path Traversal (file read)", @@ -972,8 +972,8 @@ func NewPotentialPathTraversal() text.TextRule { } } -func NewJakartaAndPotentialPathTraversal() text.TextRule { - return text.TextRule{ +func NewJakartaAndPotentialPathTraversal() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-55", Name: "Potential Path Traversal (file read)", @@ -989,8 +989,8 @@ func NewJakartaAndPotentialPathTraversal() text.TextRule { } } -func NewPotentialPathTraversalUsingScalaAPI() text.TextRule { - return text.TextRule{ +func NewPotentialPathTraversalUsingScalaAPI() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-56", Name: "Potential Path Traversal Using scala API (file read)", @@ -1005,8 +1005,8 @@ func NewPotentialPathTraversalUsingScalaAPI() text.TextRule { } } -func NewSMTPHeaderInjection() text.TextRule { - return text.TextRule{ +func NewSMTPHeaderInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-57", Name: "SMTP Header Injection", @@ -1023,8 +1023,8 @@ func NewSMTPHeaderInjection() text.TextRule { } } -func NewInsecureSMTPSSLConnection() text.TextRule { - return text.TextRule{ +func NewInsecureSMTPSSLConnection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-58", Name: "Insecure SMTP SSL connection", @@ -1040,8 +1040,8 @@ func NewInsecureSMTPSSLConnection() text.TextRule { } } -func NewPersistentCookieUsage() text.TextRule { - return text.TextRule{ +func NewPersistentCookieUsage() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-59", Name: "Persistent Cookie Usage", @@ -1057,8 +1057,8 @@ func NewPersistentCookieUsage() text.TextRule { } } -func NewAnonymousLDAPBind() text.TextRule { - return text.TextRule{ +func NewAnonymousLDAPBind() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-60", Name: "Anonymous LDAP bind", @@ -1074,8 +1074,8 @@ func NewAnonymousLDAPBind() text.TextRule { } } -func NewLDAPEntryPoisoning() text.TextRule { - return text.TextRule{ +func NewLDAPEntryPoisoning() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-61", Name: "LDAP Entry Poisoning", @@ -1091,8 +1091,8 @@ func NewLDAPEntryPoisoning() text.TextRule { } } -func NewIgnoringXMLCommentsInSAML() text.TextRule { - return text.TextRule{ +func NewIgnoringXMLCommentsInSAML() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-62", Name: "Ignoring XML comments in SAML", @@ -1108,8 +1108,8 @@ func NewIgnoringXMLCommentsInSAML() text.TextRule { } } -func NewInformationExposureThroughAnErrorMessage() text.TextRule { - return text.TextRule{ +func NewInformationExposureThroughAnErrorMessage() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-63", Name: "Information Exposure Through An Error Message", @@ -1125,8 +1125,8 @@ func NewInformationExposureThroughAnErrorMessage() text.TextRule { } } -func NewHTTPParameterPollution() text.TextRule { - return text.TextRule{ +func NewHTTPParameterPollution() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-64", Name: "HTTP Parameter Pollution", @@ -1142,8 +1142,8 @@ func NewHTTPParameterPollution() text.TextRule { } } -func NewAWSQueryInjection() text.TextRule { - return text.TextRule{ +func NewAWSQueryInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-65", Name: "AWS Query Injection", @@ -1161,8 +1161,8 @@ func NewAWSQueryInjection() text.TextRule { } } -func NewPotentialTemplateInjectionPebble() text.TextRule { - return text.TextRule{ +func NewPotentialTemplateInjectionPebble() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-66", Name: "Potential template injection with Pebble ", @@ -1179,8 +1179,8 @@ func NewPotentialTemplateInjectionPebble() text.TextRule { } } -func NewPotentialTemplateInjectionFreemarker() text.TextRule { - return text.TextRule{ +func NewPotentialTemplateInjectionFreemarker() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-67", Name: "Potential template injection with Freemarker ", @@ -1197,8 +1197,8 @@ func NewPotentialTemplateInjectionFreemarker() text.TextRule { } } -func NewRequestDispatcherFileDisclosure() text.TextRule { - return text.TextRule{ +func NewRequestDispatcherFileDisclosure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-68", Name: "Request Dispatcher File Disclosure", @@ -1214,8 +1214,8 @@ func NewRequestDispatcherFileDisclosure() text.TextRule { } } -func NewSpringFileDisclosure() text.TextRule { - return text.TextRule{ +func NewSpringFileDisclosure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-69", Name: "Spring File Disclosure ", @@ -1231,8 +1231,8 @@ func NewSpringFileDisclosure() text.TextRule { } } -func NewPotentialCodeScriptInjection() text.TextRule { - return text.TextRule{ +func NewPotentialCodeScriptInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-70", Name: "Potential code injection when using Script Engine", @@ -1249,8 +1249,8 @@ func NewPotentialCodeScriptInjection() text.TextRule { } } -func NewStrutsFileDisclosure() text.TextRule { - return text.TextRule{ +func NewStrutsFileDisclosure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-71", Name: "Struts File Disclosure ", @@ -1266,8 +1266,8 @@ func NewStrutsFileDisclosure() text.TextRule { } } -func NewUnsafeJacksonDeserializationConfiguration() text.TextRule { - return text.TextRule{ +func NewUnsafeJacksonDeserializationConfiguration() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-72", Name: "Unsafe Jackson deserialization configuration ", @@ -1284,8 +1284,8 @@ func NewUnsafeJacksonDeserializationConfiguration() text.TextRule { } } -func NewObjectDeserializationUsed() text.TextRule { - return text.TextRule{ +func NewObjectDeserializationUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-73", Name: "Object deserialization is used", @@ -1303,8 +1303,8 @@ func NewObjectDeserializationUsed() text.TextRule { } } -func NewPotentialCodeScriptInjectionWithSpringExpression() text.TextRule { - return text.TextRule{ +func NewPotentialCodeScriptInjectionWithSpringExpression() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-74", Name: "Potential code injection when using Spring Expression", @@ -1320,8 +1320,8 @@ func NewPotentialCodeScriptInjectionWithSpringExpression() text.TextRule { } } -func NewCookieWithoutTheHttpOnlyFlag() text.TextRule { - return text.TextRule{ +func NewCookieWithoutTheHttpOnlyFlag() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-75", Name: "Cookie without the HttpOnly flag ", @@ -1337,8 +1337,8 @@ func NewCookieWithoutTheHttpOnlyFlag() text.TextRule { } } -func NewWebViewWithGeolocationActivated() text.TextRule { - return text.TextRule{ +func NewWebViewWithGeolocationActivated() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-76", Name: "WebView with geolocation activated", @@ -1355,8 +1355,8 @@ func NewWebViewWithGeolocationActivated() text.TextRule { } } -func NewUseOfESAPIEncryptor() text.TextRule { - return text.TextRule{ +func NewUseOfESAPIEncryptor() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-77", Name: "Use of ESAPI Encryptor", @@ -1374,8 +1374,8 @@ func NewUseOfESAPIEncryptor() text.TextRule { } } -func NewStaticIV() text.TextRule { - return text.TextRule{ +func NewStaticIV() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-78", Name: "Static IV", @@ -1391,8 +1391,8 @@ func NewStaticIV() text.TextRule { } } -func NewXMLDecoderUsage() text.TextRule { - return text.TextRule{ +func NewXMLDecoderUsage() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-79", Name: "XML Decoder usage", @@ -1408,8 +1408,8 @@ func NewXMLDecoderUsage() text.TextRule { } } -func NewPotentialXSSInServlet() text.TextRule { - return text.TextRule{ +func NewPotentialXSSInServlet() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-80", Name: "Potential XSS in Servlet", @@ -1426,8 +1426,8 @@ func NewPotentialXSSInServlet() text.TextRule { } } -func NewEscapingOfSpecialXMLCharactersIsDisabled() text.TextRule { - return text.TextRule{ +func NewEscapingOfSpecialXMLCharactersIsDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-81", Name: "Escaping of special XML characters is disabled", @@ -1443,8 +1443,8 @@ func NewEscapingOfSpecialXMLCharactersIsDisabled() text.TextRule { } } -func NewDynamicVariableInSpringExpression() text.TextRule { - return text.TextRule{ +func NewDynamicVariableInSpringExpression() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-82", Name: "Dynamic variable in Spring expression", @@ -1460,8 +1460,8 @@ func NewDynamicVariableInSpringExpression() text.TextRule { } } -func NewRSAUsageWithShortKey() text.TextRule { - return text.TextRule{ +func NewRSAUsageWithShortKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-83", Name: "RSA usage with short key", @@ -1477,8 +1477,8 @@ func NewRSAUsageWithShortKey() text.TextRule { } } -func NewBlowfishUsageWithShortKey() text.TextRule { - return text.TextRule{ +func NewBlowfishUsageWithShortKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-84", Name: "Blowfish usage with short key", @@ -1494,8 +1494,8 @@ func NewBlowfishUsageWithShortKey() text.TextRule { } } -func NewClassesShouldNotBeLoadedDynamically() text.TextRule { - return text.TextRule{ +func NewClassesShouldNotBeLoadedDynamically() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-85", Name: "Classes should not be loaded dynamically", @@ -1513,8 +1513,8 @@ func NewClassesShouldNotBeLoadedDynamically() text.TextRule { // Deprecated: Repeated vulnerability, same as HS-JAVA-12 // -//func NewHostnameVerifierVerifyShouldNotAlwaysReturnTrue() text.TextRule { -// return text.TextRule{ +//func NewHostnameVerifierVerifyShouldNotAlwaysReturnTrue() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-86", // Name: "HostnameVerifier.verify should not always return true", @@ -1531,8 +1531,8 @@ func NewClassesShouldNotBeLoadedDynamically() text.TextRule { // } //} -func NewXPathExpressionsShouldNotBeVulnerableToInjectionAttacks() text.TextRule { - return text.TextRule{ +func NewXPathExpressionsShouldNotBeVulnerableToInjectionAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-87", Name: "XPath expressions should not be vulnerable to injection attacks", @@ -1548,8 +1548,8 @@ func NewXPathExpressionsShouldNotBeVulnerableToInjectionAttacks() text.TextRule } } -func NewExceptionsShouldNotBeThrownFromServletMethods() text.TextRule { - return text.TextRule{ +func NewExceptionsShouldNotBeThrownFromServletMethods() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-88", Name: "Exceptions should not be thrown from servlet methods", @@ -1566,8 +1566,8 @@ func NewExceptionsShouldNotBeThrownFromServletMethods() text.TextRule { } } -func NewFunctionCallsShouldNotBeVulnerableToPathInjectionAttacks() text.TextRule { - return text.TextRule{ +func NewFunctionCallsShouldNotBeVulnerableToPathInjectionAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-89", Name: "I/O function calls should not be vulnerable to path injection attacks", @@ -1586,8 +1586,8 @@ A successful attack might give an attacker the ability to read, modify, or delet } } -func NewActiveMQConnectionFactoryVulnerableToMaliciousCodeDeserialization() text.TextRule { - return text.TextRule{ +func NewActiveMQConnectionFactoryVulnerableToMaliciousCodeDeserialization() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-90", Name: "ActiveMQConnectionFactory should not be vulnerable to malicious code deserialization", @@ -1603,8 +1603,8 @@ func NewActiveMQConnectionFactoryVulnerableToMaliciousCodeDeserialization() text } } -func NewHTTPResponseHeadersShouldNotBeVulnerableToInjectionAttacks() text.TextRule { - return text.TextRule{ +func NewHTTPResponseHeadersShouldNotBeVulnerableToInjectionAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-91", Name: "HTTP response headers should not be vulnerable to injection attacks", @@ -1621,8 +1621,8 @@ func NewHTTPResponseHeadersShouldNotBeVulnerableToInjectionAttacks() text.TextRu } } -func NewOpenSAML2ShouldBeConfiguredToPreventAuthenticationBypass() text.TextRule { - return text.TextRule{ +func NewOpenSAML2ShouldBeConfiguredToPreventAuthenticationBypass() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-92", Name: "OpenSAML2 should be configured to prevent authentication bypass", @@ -1639,8 +1639,8 @@ func NewOpenSAML2ShouldBeConfiguredToPreventAuthenticationBypass() text.TextRule } // Deprecated: the javax package is deprecated in the Jakarta EE newest version. We'll use jakarta package. -func NewHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-93", Name: "HttpServletRequest.getRequestedSessionId should not be used", @@ -1656,8 +1656,8 @@ func NewHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() text.TextRule { } } -func NewJakartaAndHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewJakartaAndHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-94", Name: "HttpServletRequest.getRequestedSessionId should not be used", @@ -1673,8 +1673,8 @@ func NewJakartaAndHttpServletRequestGetRequestedSessionIdShouldNotBeUsed() text. } } -func NewLDAPAuthenticatedAnalyzeYourCode() text.TextRule { - return text.TextRule{ +func NewLDAPAuthenticatedAnalyzeYourCode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-95", Name: "LDAP authenticated Analyze your code", @@ -1691,8 +1691,8 @@ func NewLDAPAuthenticatedAnalyzeYourCode() text.TextRule { } // Deprecated: the javax package is deprecated in the Jakarta EE newest version. We'll use jakarta package. -func NewWebApplicationsShouldHotHaveAMainMethod() text.TextRule { - return text.TextRule{ +func NewWebApplicationsShouldHotHaveAMainMethod() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-96", Name: "Web applications should not have a main method", @@ -1708,8 +1708,8 @@ func NewWebApplicationsShouldHotHaveAMainMethod() text.TextRule { } } -func NewJakartaAndWebApplicationsShouldHotHaveAMainMethod() text.TextRule { - return text.TextRule{ +func NewJakartaAndWebApplicationsShouldHotHaveAMainMethod() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-97", Name: "Web applications should not have a main method", @@ -1725,8 +1725,8 @@ func NewJakartaAndWebApplicationsShouldHotHaveAMainMethod() text.TextRule { } } -func NewSecureRandomSeedsShouldNotBePredictable() text.TextRule { - return text.TextRule{ +func NewSecureRandomSeedsShouldNotBePredictable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-98", Name: "SecureRandom seeds should not be predictable", @@ -1742,8 +1742,8 @@ func NewSecureRandomSeedsShouldNotBePredictable() text.TextRule { } } -func NewFileIsWorldReadable() text.TextRule { - return text.TextRule{ +func NewFileIsWorldReadable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-99", Name: "File Is World Readable", @@ -1759,8 +1759,8 @@ func NewFileIsWorldReadable() text.TextRule { } } -func NewFileIsWorldWritable() text.TextRule { - return text.TextRule{ +func NewFileIsWorldWritable() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-100", Name: "File Is World Writable", @@ -1776,8 +1776,8 @@ func NewFileIsWorldWritable() text.TextRule { } } -func NewNoWriteExternalContent() text.TextRule { - return text.TextRule{ +func NewNoWriteExternalContent() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-101", Name: "No Write External Content", @@ -1793,8 +1793,8 @@ func NewNoWriteExternalContent() text.TextRule { } } -func NewNoUseIVsWeak() text.TextRule { - return text.TextRule{ +func NewNoUseIVsWeak() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-102", Name: "No use IVs weak", @@ -1810,8 +1810,8 @@ func NewNoUseIVsWeak() text.TextRule { } } -func NewRootDetectionCapabilities() text.TextRule { - return text.TextRule{ +func NewRootDetectionCapabilities() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-103", Name: "This App may have root detection capabilities.", @@ -1832,8 +1832,8 @@ func NewRootDetectionCapabilities() text.TextRule { } } -func NewJARURLConnection() text.TextRule { - return text.TextRule{ +func NewJARURLConnection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-104", Name: "JAR URL Connection", @@ -1852,8 +1852,8 @@ func NewJARURLConnection() text.TextRule { // Deprecated: Repeated vulnerability, same as HS-JAVA-23 // -//func NewSetOrReadClipboardData() text.TextRule { -// return text.TextRule{ +//func NewSetOrReadClipboardData() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-105", // Name: "Set or Read Clipboard data", @@ -1872,8 +1872,8 @@ func NewJARURLConnection() text.TextRule { // Deprecated: Repeated vulnerability, same as HS-JAVA-111 // -//func NewMessageDigest() text.TextRule { -// return text.TextRule{ +//func NewMessageDigest() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-JAVA-106", // Name: "Message Digest", @@ -1890,8 +1890,8 @@ func NewJARURLConnection() text.TextRule { // } //} -func NewOverlyPermissiveFilePermission() text.TextRule { - return text.TextRule{ +func NewOverlyPermissiveFilePermission() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-107", Name: "Overly permissive file permission", @@ -1909,8 +1909,8 @@ func NewOverlyPermissiveFilePermission() text.TextRule { } } -func NewCipherGetInstanceInsecure() text.TextRule { - return text.TextRule{ +func NewCipherGetInstanceInsecure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-108", Name: "DES, DESede, RSA is insecure", @@ -1930,8 +1930,8 @@ func NewCipherGetInstanceInsecure() text.TextRule { } } -func NewHiddenElements() text.TextRule { - return text.TextRule{ +func NewHiddenElements() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-109", Name: "Hidden elements", @@ -1946,8 +1946,8 @@ func NewHiddenElements() text.TextRule { } } -func NewWeakCypherBlockMode() text.TextRule { - return text.TextRule{ +func NewWeakCypherBlockMode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-110", Name: "Weak block mode for Cryptographic Hash Function", @@ -1966,8 +1966,8 @@ func NewWeakCypherBlockMode() text.TextRule { } } -func NewWeakHash() text.TextRule { - return text.TextRule{ +func NewWeakHash() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-111", Name: "Weak Cryptographic Hash Function used", @@ -1986,8 +1986,8 @@ func NewWeakHash() text.TextRule { } } -func NewPossibleFileWithVulnerabilityWhenOpen() text.TextRule { - return text.TextRule{ +func NewPossibleFileWithVulnerabilityWhenOpen() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-112", Name: "Possible File With Vulnerability When Open", @@ -2002,8 +2002,8 @@ func NewPossibleFileWithVulnerabilityWhenOpen() text.TextRule { } } -func NewSensitiveInformationNotEncrypted() text.TextRule { - return text.TextRule{ +func NewSensitiveInformationNotEncrypted() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-113", Name: "Sensitive Information Not Encrypted", @@ -2018,8 +2018,8 @@ func NewSensitiveInformationNotEncrypted() text.TextRule { } } -func NewInsecureRandomNumberGenerator() text.TextRule { - return text.TextRule{ +func NewInsecureRandomNumberGenerator() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-114", Name: "Insecure Random Number Generator", @@ -2035,8 +2035,8 @@ func NewInsecureRandomNumberGenerator() text.TextRule { } } -func NewNoDefaultHash() text.TextRule { - return text.TextRule{ +func NewNoDefaultHash() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-115", Name: "No Default Hash", @@ -2051,8 +2051,8 @@ func NewNoDefaultHash() text.TextRule { } } -func NewLayoutParamsFlagSecure() text.TextRule { - return text.TextRule{ +func NewLayoutParamsFlagSecure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-116", Name: "Layout Params Flag Secure", @@ -2067,8 +2067,8 @@ func NewLayoutParamsFlagSecure() text.TextRule { } } -func NewNoUseSQLCipher() text.TextRule { - return text.TextRule{ +func NewNoUseSQLCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-117", Name: "No use SQL Cipher", @@ -2083,8 +2083,8 @@ func NewNoUseSQLCipher() text.TextRule { } } -func NewPreventTapJackingAttacks() text.TextRule { - return text.TextRule{ +func NewPreventTapJackingAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-118", Name: "Prevent Tap Jacking Attacks", @@ -2099,8 +2099,8 @@ func NewPreventTapJackingAttacks() text.TextRule { } } -func NewPreventWriteSensitiveInformationInTmpFile() text.TextRule { - return text.TextRule{ +func NewPreventWriteSensitiveInformationInTmpFile() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-119", Name: "Prevent Write sensitive information in tmp file", @@ -2115,8 +2115,8 @@ func NewPreventWriteSensitiveInformationInTmpFile() text.TextRule { } } -func NewGetWindowFlagSecure() text.TextRule { - return text.TextRule{ +func NewGetWindowFlagSecure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-120", Name: "Get Window Flag Secure", @@ -2131,8 +2131,8 @@ func NewGetWindowFlagSecure() text.TextRule { } } -func NewLoadingNativeCode() text.TextRule { - return text.TextRule{ +func NewLoadingNativeCode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-121", Name: "Loading Native Code", @@ -2147,8 +2147,8 @@ func NewLoadingNativeCode() text.TextRule { } } -func NewDynamicClassAndDexloading() text.TextRule { - return text.TextRule{ +func NewDynamicClassAndDexloading() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-122", Name: "Dynamic Class and Dexloading", @@ -2163,8 +2163,8 @@ func NewDynamicClassAndDexloading() text.TextRule { } } -func NewCryptoImport() text.TextRule { - return text.TextRule{ +func NewCryptoImport() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-123", Name: " Crypto import", @@ -2179,8 +2179,8 @@ func NewCryptoImport() text.TextRule { } } -func NewStartingService() text.TextRule { - return text.TextRule{ +func NewStartingService() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-124", Name: "Starting Service", @@ -2195,8 +2195,8 @@ func NewStartingService() text.TextRule { } } -func NewSendingBroadcast() text.TextRule { - return text.TextRule{ +func NewSendingBroadcast() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-125", Name: "Sending Broadcast", @@ -2211,8 +2211,8 @@ func NewSendingBroadcast() text.TextRule { } } -func NewLocalFileOperations() text.TextRule { - return text.TextRule{ +func NewLocalFileOperations() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-126", Name: "Local File I/O Operations", @@ -2227,8 +2227,8 @@ func NewLocalFileOperations() text.TextRule { } } -func NewInterProcessCommunication() text.TextRule { - return text.TextRule{ +func NewInterProcessCommunication() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-127", Name: "Inter Process Communication", @@ -2243,8 +2243,8 @@ func NewInterProcessCommunication() text.TextRule { } } -func NewDefaultHttpClient() text.TextRule { - return text.TextRule{ +func NewDefaultHttpClient() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-128", Name: "DefaultHttpClient with default constructor is not compatible with TLS 1.2", @@ -2259,8 +2259,8 @@ func NewDefaultHttpClient() text.TextRule { } } -func NewWeakSSLContext() text.TextRule { - return text.TextRule{ +func NewWeakSSLContext() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-129", Name: "Weak SSLContext", @@ -2275,8 +2275,8 @@ func NewWeakSSLContext() text.TextRule { } } -func NewHostnameVerifierThatAcceptAnySignedCertificates() text.TextRule { - return text.TextRule{ +func NewHostnameVerifierThatAcceptAnySignedCertificates() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-130", Name: "HostnameVerifier that accept any signed certificates", @@ -2291,8 +2291,8 @@ func NewHostnameVerifierThatAcceptAnySignedCertificates() text.TextRule { } } -func NewURLRewritingMethod() text.TextRule { - return text.TextRule{ +func NewURLRewritingMethod() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-131", Name: "URL rewriting method", @@ -2307,8 +2307,8 @@ func NewURLRewritingMethod() text.TextRule { } } -func NewDisablingHTMLEscaping() text.TextRule { - return text.TextRule{ +func NewDisablingHTMLEscaping() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-132", Name: "Disabling HTML escaping", @@ -2323,8 +2323,8 @@ func NewDisablingHTMLEscaping() text.TextRule { } } -func NewOverlyPermissiveCORSPolicy() text.TextRule { - return text.TextRule{ +func NewOverlyPermissiveCORSPolicy() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-133", Name: "Overly permissive CORS policy", @@ -2339,8 +2339,8 @@ func NewOverlyPermissiveCORSPolicy() text.TextRule { } } -func NewSQLInjection() text.TextRule { - return text.TextRule{ +func NewSQLInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-134", Name: "SQL Injection", @@ -2355,8 +2355,8 @@ func NewSQLInjection() text.TextRule { } } -func NewSQLInjectionWithTurbine() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithTurbine() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-135", Name: "SQL Injection With Turbine", @@ -2371,8 +2371,8 @@ func NewSQLInjectionWithTurbine() text.TextRule { } } -func NewSQLInjectionWithHibernate() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithHibernate() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-136", Name: "SQL Injection With Hibernate", @@ -2387,8 +2387,8 @@ func NewSQLInjectionWithHibernate() text.TextRule { } } -func NewSQLInjectionWithJDO() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithJDO() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-137", Name: "SQL Injection With JDO", @@ -2403,8 +2403,8 @@ func NewSQLInjectionWithJDO() text.TextRule { } } -func NewSQLInjectionWithJPA() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithJPA() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-138", Name: "SQL Injection With JPA", @@ -2419,8 +2419,8 @@ func NewSQLInjectionWithJPA() text.TextRule { } } -func NewSQLInjectionWithSpringJDBC() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithSpringJDBC() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-139", Name: "SQL Injection Spring JDBC", @@ -2435,8 +2435,8 @@ func NewSQLInjectionWithSpringJDBC() text.TextRule { } } -func NewSQLInjectionWithJDBC() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithJDBC() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-140", Name: "SQL Injection JDBC", @@ -2451,8 +2451,8 @@ func NewSQLInjectionWithJDBC() text.TextRule { } } -func NewLDAPInjection() text.TextRule { - return text.TextRule{ +func NewLDAPInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-141", Name: "Potential LDAP Injection", @@ -2467,8 +2467,8 @@ func NewLDAPInjection() text.TextRule { } } -func NewPotentialExternalControl() text.TextRule { - return text.TextRule{ +func NewPotentialExternalControl() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-142", Name: "Potential external control of configuration", @@ -2483,8 +2483,8 @@ func NewPotentialExternalControl() text.TextRule { } } -func NewBadHexadecimalConcatenation() text.TextRule { - return text.TextRule{ +func NewBadHexadecimalConcatenation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-143", Name: "Bad hexadecimal concatenation", @@ -2499,8 +2499,8 @@ func NewBadHexadecimalConcatenation() text.TextRule { } } -func NewNullCipherInsecure() text.TextRule { - return text.TextRule{ +func NewNullCipherInsecure() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-144", Name: "NullCipher is insecure", @@ -2515,8 +2515,8 @@ func NewNullCipherInsecure() text.TextRule { } } -func NewUnsafeHashEquals() text.TextRule { - return text.TextRule{ +func NewUnsafeHashEquals() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-145", Name: "Unsafe hash equals", @@ -2531,8 +2531,8 @@ func NewUnsafeHashEquals() text.TextRule { } } -func NewUnvalidatedRedirect() text.TextRule { - return text.TextRule{ +func NewUnvalidatedRedirect() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-146", Name: "Unvalidated Redirect", @@ -2547,8 +2547,8 @@ func NewUnvalidatedRedirect() text.TextRule { } } -func NewRequestMappingMethodsNotPublic() text.TextRule { - return text.TextRule{ +func NewRequestMappingMethodsNotPublic() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-147", Name: "@RequestMapping methods should be public", @@ -2563,8 +2563,8 @@ func NewRequestMappingMethodsNotPublic() text.TextRule { } } -func NewLDAPDeserializationNotDisabled() text.TextRule { - return text.TextRule{ +func NewLDAPDeserializationNotDisabled() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-148", Name: "LDAP deserialization should be disabled", @@ -2579,8 +2579,8 @@ func NewLDAPDeserializationNotDisabled() text.TextRule { } } -func NewDatabasesPasswordNotProtected() text.TextRule { - return text.TextRule{ +func NewDatabasesPasswordNotProtected() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-149", Name: "Databases should be password-protected", @@ -2595,8 +2595,8 @@ func NewDatabasesPasswordNotProtected() text.TextRule { } } -func NewVulnerableRemoteCodeInjectionApacheLog4j() text.TextRule { - return text.TextRule{ +func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVA-150", Name: "Remote code injection Apache Log4j", diff --git a/internal/services/engines/java/rules_test.go b/internal/services/engines/java/rules_test.go index a6c84f3b1..4bda232ef 100644 --- a/internal/services/engines/java/rules_test.go +++ b/internal/services/engines/java/rules_test.go @@ -15,6 +15,8 @@ package java import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,542 +25,620 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-JAVA-1", - Rule: NewXMLParsingVulnerableToXXE(), - Src: SampleVulnerableHSJAVA1, + Name: "HS-JAVA-1", + Rule: NewXMLParsingVulnerableToXXE(), + Src: SampleVulnerableHSJAVA1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-1", ".test")), Findings: []engine.Finding{ { CodeSample: `XMLReader reader = XMLReaderFactory.createXMLReader();`, SourceLocation: engine.Location{ - Line: 4, - Column: 21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-1", ".test")), + Line: 4, + Column: 21, }, }, }, }, { - Name: "HS-JAVA-2", - Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), - Src: SampleVulnerableHSJAVA2, + Name: "HS-JAVA-2", + Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), + Src: SampleVulnerableHSJAVA2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-2", ".test")), Findings: []engine.Finding{ { CodeSample: `XMLInputFactory factory = XMLInputFactory.newFactory();`, SourceLocation: engine.Location{ - Line: 4, - Column: 28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-2", ".test")), + Line: 4, + Column: 28, }, }, }, }, { - Name: "HS-JAVA-3", - Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), - Src: SampleVulnerableHSJAVA3, + Name: "HS-JAVA-3", + Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), + Src: SampleVulnerableHSJAVA3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-3", ".test")), Findings: []engine.Finding{ { CodeSample: `DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();`, SourceLocation: engine.Location{ - Line: 4, - Column: 23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-3", ".test")), + Line: 4, + Column: 23, }, }, }, }, { - Name: "HS-JAVA-4", - Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), - Src: SampleVulnerableHSJAVA4, + Name: "HS-JAVA-4", + Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), + Src: SampleVulnerableHSJAVA4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-4", ".test")), Findings: []engine.Finding{ { CodeSample: `SAXParser parser = SAXParserFactory.newInstance().newSAXParser();`, SourceLocation: engine.Location{ - Line: 4, - Column: 21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-4", ".test")), + Line: 4, + Column: 21, }, }, }, }, { - Name: "HS-JAVA-5", - Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), - Src: SampleVulnerableHSJAVA5, + Name: "HS-JAVA-5", + Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), + Src: SampleVulnerableHSJAVA5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-5", ".test")), Findings: []engine.Finding{ { CodeSample: `Transformer transformer = TransformerFactory.newInstance().newTransformer();`, SourceLocation: engine.Location{ - Line: 4, - Column: 28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-5", ".test")), + Line: 4, + Column: 28, }, }, }, }, { - Name: "HS-JAVA-7", - Rule: NewXMLParsingVulnerableToXXEWithDom4j(), - Src: SampleVulnerableHSJAVA7, + Name: "HS-JAVA-7", + Rule: NewXMLParsingVulnerableToXXEWithDom4j(), + Src: SampleVulnerableHSJAVA7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-7", ".test")), Findings: []engine.Finding{ { CodeSample: `SAXReader xmlReader = new SAXReader();`, SourceLocation: engine.Location{ - Line: 4, - Column: 24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-7", ".test")), + Line: 4, + Column: 24, }, }, }, }, { - Name: "HS-JAVA-8", - Rule: NewXMLParsingVulnerableToXXEWithJdom2(), - Src: SampleVulnerableHSJAVA8, + Name: "HS-JAVA-8", + Rule: NewXMLParsingVulnerableToXXEWithJdom2(), + Src: SampleVulnerableHSJAVA8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-8", ".test")), Findings: []engine.Finding{ { CodeSample: "SAXBuilder builder = new SAXBuilder();", SourceLocation: engine.Location{ - Line: 4, - Column: 23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-8", ".test")), + Line: 4, + Column: 23, }, }, }, }, { - Name: "HS-JAVA-9", - Rule: NewInsecureImplementationOfSSL(), - Src: SampleVulnerableHSJAVA9, + Name: "HS-JAVA-9", + Rule: NewInsecureImplementationOfSSL(), + Src: SampleVulnerableHSJAVA9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-9", ".test")), Findings: []engine.Finding{ { CodeSample: "sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);", SourceLocation: engine.Location{ - Line: 11, - Column: 43, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-9", ".test")), + Line: 11, + Column: 43, }, }, }, }, { - Name: "HS-JAVA-10", - Rule: NewMessageDigestIsCustom(), - Src: SampleVulnerableHSJAVA10, + Name: "HS-JAVA-10", + Rule: NewMessageDigestIsCustom(), + Src: SampleVulnerableHSJAVA10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-10", ".test")), Findings: []engine.Finding{ { CodeSample: "MyProprietaryMessageDigest extends MessageDigest {", SourceLocation: engine.Location{ - Line: 2, - Column: 27, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-10", ".test")), + Line: 2, + Column: 27, }, }, }, }, { - Name: "HS-JAVA-11", - Rule: NewTrustManagerThatAcceptAnyCertificatesClient(), - Src: SampleVulnerableHSJAVA11, + Name: "HS-JAVA-11", + Rule: NewTrustManagerThatAcceptAnyCertificatesClient(), + Src: SampleVulnerableHSJAVA11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-11", ".test")), Findings: []engine.Finding{ { CodeSample: "class TrustAllManager implements X509TrustManager {", SourceLocation: engine.Location{ - Line: 2, - Column: 22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-11", ".test")), + Line: 2, + Column: 22, }, }, }, }, { - Name: "HS-JAVA-12", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections(), - Src: SampleVulnerableHSJAVA12, + Name: "HS-JAVA-12", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections(), + Src: SampleVulnerableHSJAVA12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-12", ".test")), Findings: []engine.Finding{ { CodeSample: "public boolean verify(String requestedHost, SSLSession remoteServerSession) {", SourceLocation: engine.Location{ - Line: 8, - Column: 19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-12", ".test")), + Line: 8, + Column: 19, }, }, }, }, { - Name: "HS-JAVA-13", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail(), - Src: SampleVulnerableHSJAVA13, + Name: "HS-JAVA-13", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail(), + Src: SampleVulnerableHSJAVA13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-13", ".test")), Findings: []engine.Finding{ { CodeSample: "Email email = new SimpleEmail();", SourceLocation: engine.Location{ - Line: 4, - Column: 16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-13", ".test")), + Line: 4, + Column: 16, }, }, }, }, { - Name: "HS-JAVA-14", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail(), - Src: SampleVulnerableHSJAVA14, + Name: "HS-JAVA-14", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail(), + Src: SampleVulnerableHSJAVA14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-14", ".test")), Findings: []engine.Finding{ { CodeSample: "props.put(\"mail.smtp.socketFactory.class\", \"javax.net.ssl.SSLSocketFactory\");", SourceLocation: engine.Location{ - Line: 7, - Column: 8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-14", ".test")), + Line: 7, + Column: 8, }, }, }, }, { - Name: "HS-JAVA-18", - Rule: NewWebViewLoadFilesFromExternalStorage(), - Src: SampleVulnerableHSJAVA18, + Name: "HS-JAVA-18", + Rule: NewWebViewLoadFilesFromExternalStorage(), + Src: SampleVulnerableHSJAVA18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-18", ".test")), Findings: []engine.Finding{ { CodeSample: "WebView.loadUrl(\"file://\"+Environment.getExternalStorageDirectory().getAbsolutePath()+\"dangerZone.html\");", SourceLocation: engine.Location{ - Line: 6, - Column: 9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-18", ".test")), + Line: 6, + Column: 9, }, }, }, }, { - Name: "HS-JAVA-19", - Rule: NewInsecureWebViewImplementation(), - Src: SampleVulnerableHSJAVA19, + Name: "HS-JAVA-19", + Rule: NewInsecureWebViewImplementation(), + Src: SampleVulnerableHSJAVA19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-19", ".test")), Findings: []engine.Finding{ { CodeSample: "webSettings.setJavaScriptEnabled(true);", SourceLocation: engine.Location{ - Line: 16, - Column: 14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-19", ".test")), + Line: 16, + Column: 14, }, }, }, }, { - Name: "HS-JAVA-22", - Rule: NewNoUseWebviewDebuggingEnable(), - Src: SampleVulnerableHSJAVA22, + Name: "HS-JAVA-22", + Rule: NewNoUseWebviewDebuggingEnable(), + Src: SampleVulnerableHSJAVA22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-22", ".test")), Findings: []engine.Finding{ { CodeSample: "this.setWebContentsDebuggingEnabled(true);", SourceLocation: engine.Location{ - Line: 7, - Column: 7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-22", ".test")), + Line: 7, + Column: 7, }, }, }, }, { - Name: "HS-JAVA-23", - Rule: NewNoListenToClipboard(), - Src: SampleVulnerableHSJAVA23, + Name: "HS-JAVA-23", + Rule: NewNoListenToClipboard(), + Src: SampleVulnerableHSJAVA23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-23", ".test")), Findings: []engine.Finding{ { CodeSample: "private ClipboardManager.OnPrimaryClipChangedListener listener = new ClipboardManager.OnPrimaryClipChangedListener() {", SourceLocation: engine.Location{ - Line: 18, - Column: 29, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-23", ".test")), + Line: 18, + Column: 29, }, }, }, }, { - Name: "HS-JAVA-24", - Rule: NewNoCopyContentToClipboard(), - Src: SampleVulnerableHSJAVA24, + Name: "HS-JAVA-24", + Rule: NewNoCopyContentToClipboard(), + Src: SampleVulnerableHSJAVA24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-24", ".test")), Findings: []engine.Finding{ { CodeSample: "clipboardManager.setPrimaryClip(clip);", SourceLocation: engine.Location{ - Line: 12, - Column: 29, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-24", ".test")), + Line: 12, + Column: 29, }, }, }, }, { - Name: "HS-JAVA-25", - Rule: NewNoUseWebviewIgnoringSSL(), - Src: SampleVulnerableHSJAVA25, + Name: "HS-JAVA-25", + Rule: NewNoUseWebviewIgnoringSSL(), + Src: SampleVulnerableHSJAVA25, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-25", ".test")), Findings: []engine.Finding{ { CodeSample: "public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {", SourceLocation: engine.Location{ - Line: 4, - Column: 15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-25", ".test")), + Line: 4, + Column: 15, }, }, }, }, { - Name: "HS-JAVA-26", - Rule: NewSQLInjectionWithSqlUtil(), - Src: SampleVulnerableHSJAVA26, + Name: "HS-JAVA-26", + Rule: NewSQLInjectionWithSqlUtil(), + Src: SampleVulnerableHSJAVA26, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-26", ".test")), Findings: []engine.Finding{ { CodeSample: "SqlUtil.execQuery(\"select * from UserEntity where id = \" + parameterInput);", SourceLocation: engine.Location{ - Line: 3, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-26", ".test")), + Line: 3, + Column: 4, }, }, }, }, { - Name: "HS-JAVA-28", - Rule: NewNoUseSSLPinningLib(), - Src: SampleVulnerableHSJAVA28, + Name: "HS-JAVA-28", + Rule: NewNoUseSSLPinningLib(), + Src: SampleVulnerableHSJAVA28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-28", ".test")), Findings: []engine.Finding{ { CodeSample: "package org.thoughtcrime.ssl.pinning;", SourceLocation: engine.Location{ - Line: 2, - Column: 8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-28", ".test")), + Line: 2, + Column: 8, }, }, }, }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: SampleVulnerableHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: SampleVulnerableHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), Findings: []engine.Finding{ { CodeSample: "MessageDigest md5Digest = MessageDigest.getInstance(\"MD5\");", SourceLocation: engine.Location{ - Line: 4, - Column: 28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), + Line: 4, + Column: 28, }, }, }, }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample2VulnerableHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample2VulnerableHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.2", ".test")), Findings: []engine.Finding{ { CodeSample: "byte[] hashValue = DigestUtils.getMd5Digest().digest(password.getBytes());", SourceLocation: engine.Location{ - Line: 4, - Column: 21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.2", ".test")), + Line: 4, + Column: 21, }, }, }, }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample3VulnerableHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample3VulnerableHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.3", ".test")), Findings: []engine.Finding{ { CodeSample: "MessageDigest sha1Digest = MessageDigest.getInstance(\"SHA1\");", SourceLocation: engine.Location{ - Line: 4, - Column: 29, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.3", ".test")), + Line: 4, + Column: 29, }, }, }, }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample4VulnerableHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample4VulnerableHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.4", ".test")), Findings: []engine.Finding{ { CodeSample: "byte[] hashValue = DigestUtils.getSha1Digest().digest(password.getBytes());", SourceLocation: engine.Location{ - Line: 4, - Column: 21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111.4", ".test")), + Line: 4, + Column: 21, }, }, }, }, { - Name: "HS-JAVA-134", - Rule: NewSQLInjection(), - Src: SampleVulnerableHSJAVA134, + Name: "HS-JAVA-134", + Rule: NewSQLInjection(), + Src: SampleVulnerableHSJAVA134, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-134", ".test")), Findings: []engine.Finding{ { CodeSample: "var pstmt = con.prepareStatement(\"select * from mytable where field01 = '\" + field01 + \"'\");", SourceLocation: engine.Location{ - Line: 14, - Column: 50, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-134", ".test")), + Line: 14, + Column: 50, }, }, }, }, { - Name: "HS-JAVA-144", - Rule: NewNullCipherInsecure(), - Src: SampleVulnerableHSJAVA144, + Name: "HS-JAVA-144", + Rule: NewNullCipherInsecure(), + Src: SampleVulnerableHSJAVA144, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-144", ".test")), Findings: []engine.Finding{ { CodeSample: "Cipher doNothingCihper = new NullCipher();", SourceLocation: engine.Location{ - Line: 4, - Column: 31, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-144", ".test")), + Line: 4, + Column: 31, }, }, }, }, { - Name: "HS-JAVA-145", - Rule: NewUnsafeHashEquals(), - Src: SampleVulnerableHSJAVA145, + Name: "HS-JAVA-145", + Rule: NewUnsafeHashEquals(), + Src: SampleVulnerableHSJAVA145, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-145", ".test")), Findings: []engine.Finding{ { CodeSample: "if(userInput.equals(actualHash)) {", SourceLocation: engine.Location{ - Line: 6, - Column: 14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-145", ".test")), + Line: 6, + Column: 14, }, }, }, }, { - Name: "HS-JAVA-146", - Rule: NewUnvalidatedRedirect(), - Src: SampleVulnerableHSJAVA146, + Name: "HS-JAVA-146", + Rule: NewUnvalidatedRedirect(), + Src: SampleVulnerableHSJAVA146, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-146", ".test")), Findings: []engine.Finding{ { CodeSample: "resp.sendRedirect(req.getParameter(\"url\"));", SourceLocation: engine.Location{ - Line: 4, - Column: 7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-146", ".test")), + Line: 4, + Column: 7, }, }, }, }, { - Name: "HS-JAVA-147", - Rule: NewRequestMappingMethodsNotPublic(), - Src: SampleVulnerableHSJAVA147, + Name: "HS-JAVA-147", + Rule: NewRequestMappingMethodsNotPublic(), + Src: SampleVulnerableHSJAVA147, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-147", ".test")), Findings: []engine.Finding{ { CodeSample: "@RequestMapping(\"/test\")", SourceLocation: engine.Location{ - Line: 3, - Column: 5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-147", ".test")), + Line: 3, + Column: 5, }, }, }, }, { - Name: "HS-JAVA-148", - Rule: NewLDAPDeserializationNotDisabled(), - Src: SampleVulnerableHSJAVA148, + Name: "HS-JAVA-148", + Rule: NewLDAPDeserializationNotDisabled(), + Src: SampleVulnerableHSJAVA148, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-148", ".test")), Findings: []engine.Finding{ { CodeSample: "ctx.search(query, filter,new SearchControls(scope, countLimit, timeLimit, attributes,true, deref));", SourceLocation: engine.Location{ - Line: 6, - Column: 31, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-148", ".test")), + Line: 6, + Column: 31, }, }, }, }, { - Name: "HS-JAVA-149", - Rule: NewDatabasesPasswordNotProtected(), - Src: SampleVulnerableHSJAVA149, + Name: "HS-JAVA-149", + Rule: NewDatabasesPasswordNotProtected(), + Src: SampleVulnerableHSJAVA149, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-149", ".test")), Findings: []engine.Finding{ { CodeSample: "Connection conn = DriverManager.getConnection(\"jdbc:derby:memory:myDB;create=true\", \"login\", \"\");", SourceLocation: engine.Location{ - Line: 4, - Column: 33, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-149", ".test")), + Line: 4, + Column: 33, }, }, }, }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: SampleMavenVulnerableHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: SampleMavenVulnerableHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), Findings: []engine.Finding{ { CodeSample: "org.apache.logging.log4j", SourceLocation: engine.Location{ - Line: 11, - Column: 12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), + Line: 11, + Column: 12, }, }, }, }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample2GradleVulnerableHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample2GradleVulnerableHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.2", ".test")), Findings: []engine.Finding{ { CodeSample: "compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.11.0'", SourceLocation: engine.Location{ - Line: 16, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.2", ".test")), + Line: 16, + Column: 4, }, }, { CodeSample: "compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.11.0'", SourceLocation: engine.Location{ - Line: 17, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.2", ".test")), + Line: 17, + Column: 4, }, }, { CodeSample: "compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version: '2.11.0'", SourceLocation: engine.Location{ - Line: 18, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.2", ".test")), + Line: 18, + Column: 4, }, }, }, }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample3GradleVulnerableHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample3GradleVulnerableHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.3", ".test")), Findings: []engine.Finding{ { CodeSample: "compile 'org.slf4j:slf4j-log4j12:1.7.26'", SourceLocation: engine.Location{ - Line: 23, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.3", ".test")), + Line: 23, + Column: 4, }, }, }, }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample4IvyVulnerableHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample4IvyVulnerableHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.4", ".test")), Findings: []engine.Finding{ { CodeSample: "", SourceLocation: engine.Location{ - Line: 15, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.4", ".test")), + Line: 15, + Column: 4, }, }, { CodeSample: "", SourceLocation: engine.Location{ - Line: 16, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.4", ".test")), + Line: 16, + Column: 4, }, }, }, }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample5MavenVulnerableHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample5MavenVulnerableHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.5", ".test")), Findings: []engine.Finding{ { CodeSample: "2.8.2", SourceLocation: engine.Location{ - Line: 16, - Column: 8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150.5", ".test")), + Line: 16, + Column: 8, }, }, }, @@ -569,211 +649,253 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-JAVA-1", - Rule: NewXMLParsingVulnerableToXXE(), - Src: SampleSafeHSJAVA1, + Name: "HS-JAVA-1", + Rule: NewXMLParsingVulnerableToXXE(), + Src: SampleSafeHSJAVA1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-1", ".test")), }, { - Name: "HS-JAVA-1", - Rule: NewXMLParsingVulnerableToXXE(), - Src: Sample2SafeHSJAVA1, + Name: "HS-JAVA-1", + Rule: NewXMLParsingVulnerableToXXE(), + Src: Sample2SafeHSJAVA1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-1", ".test")), }, { - Name: "HS-JAVA-2", - Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), - Src: SampleSafeHSJAVA2, + Name: "HS-JAVA-2", + Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), + Src: SampleSafeHSJAVA2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-2", ".test")), }, { - Name: "HS-JAVA-2", - Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), - Src: Sample2SafeHSJAVA2, + Name: "HS-JAVA-2", + Rule: NewXMLParsingVulnerableToXXEWithXMLInputFactory(), + Src: Sample2SafeHSJAVA2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-2", ".test")), }, { - Name: "HS-JAVA-3", - Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), - Src: SampleSafeHSJAVA3, + Name: "HS-JAVA-3", + Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), + Src: SampleSafeHSJAVA3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-3", ".test")), }, { - Name: "HS-JAVA-3", - Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), - Src: Sample2SafeHSJAVA3, + Name: "HS-JAVA-3", + Rule: NewXMLParsingVulnerableToXXEWithDocumentBuilder(), + Src: Sample2SafeHSJAVA3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-3", ".test")), }, { - Name: "HS-JAVA-4", - Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), - Src: SampleSafeHSJAVA4, + Name: "HS-JAVA-4", + Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), + Src: SampleSafeHSJAVA4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-4", ".test")), }, { - Name: "HS-JAVA-4", - Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), - Src: Sample2SafeHSJAVA4, + Name: "HS-JAVA-4", + Rule: NewXMLParsingVulnerableToXXEWithSAXParserFactory(), + Src: Sample2SafeHSJAVA4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-4", ".test")), }, { - Name: "HS-JAVA-5", - Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), - Src: SampleSafeHSJAVA5, + Name: "HS-JAVA-5", + Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), + Src: SampleSafeHSJAVA5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-5", ".test")), }, { - Name: "HS-JAVA-5", - Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), - Src: Sample2SafeHSJAVA5, + Name: "HS-JAVA-5", + Rule: NewXMLParsingVulnerableToXXEWithTransformerFactory(), + Src: Sample2SafeHSJAVA5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-5", ".test")), }, { - Name: "HS-JAVA-7", - Rule: NewXMLParsingVulnerableToXXEWithDom4j(), - Src: SampleSafeHSJAVA7, + Name: "HS-JAVA-7", + Rule: NewXMLParsingVulnerableToXXEWithDom4j(), + Src: SampleSafeHSJAVA7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-7", ".test")), }, { - Name: "HS-JAVA-8", - Rule: NewXMLParsingVulnerableToXXEWithJdom2(), - Src: SampleSafeHSJAVA8, + Name: "HS-JAVA-8", + Rule: NewXMLParsingVulnerableToXXEWithJdom2(), + Src: SampleSafeHSJAVA8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-8", ".test")), }, { - Name: "HS-JAVA-9", - Rule: NewInsecureImplementationOfSSL(), - Src: SampleSafeHSJAVA9, + Name: "HS-JAVA-9", + Rule: NewInsecureImplementationOfSSL(), + Src: SampleSafeHSJAVA9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-9", ".test")), }, { - Name: "HS-JAVA-10", - Rule: NewMessageDigestIsCustom(), - Src: SampleSafeHSJAVA10, + Name: "HS-JAVA-10", + Rule: NewMessageDigestIsCustom(), + Src: SampleSafeHSJAVA10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-10", ".test")), }, { - Name: "HS-JAVA-11", - Rule: NewTrustManagerThatAcceptAnyCertificatesClient(), - Src: SampleSafeHSJAVA11, + Name: "HS-JAVA-11", + Rule: NewTrustManagerThatAcceptAnyCertificatesClient(), + Src: SampleSafeHSJAVA11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-11", ".test")), }, { - Name: "HS-JAVA-12", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections(), - Src: SampleSafeHSJAVA12, + Name: "HS-JAVA-12", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnections(), + Src: SampleSafeHSJAVA12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-12", ".test")), }, { - Name: "HS-JAVA-13", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail(), - Src: SampleSafeHSJAVA13, + Name: "HS-JAVA-13", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithSimpleEmail(), + Src: SampleSafeHSJAVA13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-13", ".test")), }, { - Name: "HS-JAVA-14", - Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail(), - Src: SampleSafeHSJAVA14, + Name: "HS-JAVA-14", + Rule: NewServerHostnamesShouldBeVerifiedDuringSSLTLSConnectionsWithMail(), + Src: SampleSafeHSJAVA14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-14", ".test")), }, { - Name: "HS-JAVA-18", - Rule: NewWebViewLoadFilesFromExternalStorage(), - Src: SampleSafeHSJAVA18, + Name: "HS-JAVA-18", + Rule: NewWebViewLoadFilesFromExternalStorage(), + Src: SampleSafeHSJAVA18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-18", ".test")), }, { - Name: "HS-JAVA-19", - Rule: NewInsecureWebViewImplementation(), - Src: SampleSafeHSJAVA19, + Name: "HS-JAVA-19", + Rule: NewInsecureWebViewImplementation(), + Src: SampleSafeHSJAVA19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-19", ".test")), }, { - Name: "HS-JAVA-22", - Rule: NewNoUseWebviewDebuggingEnable(), - Src: SampleSafeHSJAVA22, + Name: "HS-JAVA-22", + Rule: NewNoUseWebviewDebuggingEnable(), + Src: SampleSafeHSJAVA22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-22", ".test")), }, { - Name: "HS-JAVA-23", - Rule: NewNoListenToClipboard(), - Src: SampleSafeHSJAVA23, + Name: "HS-JAVA-23", + Rule: NewNoListenToClipboard(), + Src: SampleSafeHSJAVA23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-23", ".test")), }, { - Name: "HS-JAVA-24", - Rule: NewNoCopyContentToClipboard(), - Src: SampleSafeHSJAVA24, + Name: "HS-JAVA-24", + Rule: NewNoCopyContentToClipboard(), + Src: SampleSafeHSJAVA24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-24", ".test")), }, { - Name: "HS-JAVA-25", - Rule: NewNoUseWebviewIgnoringSSL(), - Src: SampleSafeHSJAVA25, + Name: "HS-JAVA-25", + Rule: NewNoUseWebviewIgnoringSSL(), + Src: SampleSafeHSJAVA25, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-25", ".test")), }, { - Name: "HS-JAVA-26", - Rule: NewSQLInjectionWithSqlUtil(), - Src: SampleSafeHSJAVA26, + Name: "HS-JAVA-26", + Rule: NewSQLInjectionWithSqlUtil(), + Src: SampleSafeHSJAVA26, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-26", ".test")), }, { - Name: "HS-JAVA-28", - Rule: NewNoUseSSLPinningLib(), - Src: SampleSafeHSJAVA28, + Name: "HS-JAVA-28", + Rule: NewNoUseSSLPinningLib(), + Src: SampleSafeHSJAVA28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-28", ".test")), }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: SampleSafeHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: SampleSafeHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample2SafeHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample2SafeHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample3SafeHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample3SafeHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), }, { - Name: "HS-JAVA-111", - Rule: NewWeakHash(), - Src: Sample4SafeHSJAVA111, + Name: "HS-JAVA-111", + Rule: NewWeakHash(), + Src: Sample4SafeHSJAVA111, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-111", ".test")), }, { - Name: "HS-JAVA-134", - Rule: NewSQLInjection(), - Src: SampleSafeHSJAVA134, + Name: "HS-JAVA-134", + Rule: NewSQLInjection(), + Src: SampleSafeHSJAVA134, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-134", ".test")), }, { - Name: "HS-JAVA-145", - Rule: NewUnsafeHashEquals(), - Src: SampleSafeHSJAVA145, + Name: "HS-JAVA-145", + Rule: NewUnsafeHashEquals(), + Src: SampleSafeHSJAVA145, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-145", ".test")), }, { - Name: "HS-JAVA-146", - Rule: NewUnvalidatedRedirect(), - Src: SampleSafeHSJAVA146, + Name: "HS-JAVA-146", + Rule: NewUnvalidatedRedirect(), + Src: SampleSafeHSJAVA146, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-146", ".test")), }, { - Name: "HS-JAVA-147", - Rule: NewRequestMappingMethodsNotPublic(), - Src: SampleSafeHSJAVA147, + Name: "HS-JAVA-147", + Rule: NewRequestMappingMethodsNotPublic(), + Src: SampleSafeHSJAVA147, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-147", ".test")), }, { - Name: "HS-JAVA-148", - Rule: NewLDAPDeserializationNotDisabled(), - Src: SampleSafeHSJAVA148, + Name: "HS-JAVA-148", + Rule: NewLDAPDeserializationNotDisabled(), + Src: SampleSafeHSJAVA148, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-148", ".test")), }, { - Name: "HS-JAVA-149", - Rule: NewDatabasesPasswordNotProtected(), - Src: SampleSafeHSJAVA149, + Name: "HS-JAVA-149", + Rule: NewDatabasesPasswordNotProtected(), + Src: SampleSafeHSJAVA149, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-149", ".test")), }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: SampleMavenSafeHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: SampleMavenSafeHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample2GradleSafeHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample2GradleSafeHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample3GradleSafeHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample3GradleSafeHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample4IvySafeHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample4IvySafeHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), }, { - Name: "HS-JAVA-150", - Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), - Src: Sample5MavenSafeHSJAVA150, + Name: "HS-JAVA-150", + Rule: NewVulnerableRemoteCodeInjectionApacheLog4j(), + Src: Sample5MavenSafeHSJAVA150, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVA-150", ".test")), }, } testutil.TestSafeCode(t, testcases) diff --git a/internal/services/engines/javascript/rules.go b/internal/services/engines/javascript/rules.go index 99002cec6..7f96e4391 100644 --- a/internal/services/engines/javascript/rules.go +++ b/internal/services/engines/javascript/rules.go @@ -23,8 +23,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewNoLogSensitiveInformationInConsole() text.TextRule { - return text.TextRule{ +func NewNoLogSensitiveInformationInConsole() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-1", Name: "No Log Sensitive Information in console", @@ -39,8 +39,8 @@ func NewNoLogSensitiveInformationInConsole() text.TextRule { } } -func NewNoUseEval() text.TextRule { - return text.TextRule{ +func NewNoUseEval() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-2", Name: "No use eval", @@ -55,8 +55,8 @@ func NewNoUseEval() text.TextRule { } } -func NewNoDisableTlsRejectUnauthorized() text.TextRule { - return text.TextRule{ +func NewNoDisableTlsRejectUnauthorized() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-3", Name: "No disable tls reject unauthorized", @@ -71,8 +71,8 @@ func NewNoDisableTlsRejectUnauthorized() text.TextRule { } } -func NewNoUseMD5Hashing() text.TextRule { - return text.TextRule{ +func NewNoUseMD5Hashing() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-4", Name: "No use MD5 hashing", @@ -87,8 +87,8 @@ func NewNoUseMD5Hashing() text.TextRule { } } -func NewNoUseSHA1Hashing() text.TextRule { - return text.TextRule{ +func NewNoUseSHA1Hashing() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-5", Name: "No use SAH1 hashing", @@ -103,8 +103,8 @@ func NewNoUseSHA1Hashing() text.TextRule { } } -func NewNoUseWeakRandom() text.TextRule { - return text.TextRule{ +func NewNoUseWeakRandom() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-6", Name: "No use weak random number generator", @@ -119,8 +119,8 @@ func NewNoUseWeakRandom() text.TextRule { } } -func NewNoReadFileUsingDataFromRequest() text.TextRule { - return text.TextRule{ +func NewNoReadFileUsingDataFromRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-7", Name: "No read file using data from request", @@ -135,8 +135,8 @@ func NewNoReadFileUsingDataFromRequest() text.TextRule { } } -func NewNoCreateReadStreamUsingDataFromRequest() text.TextRule { - return text.TextRule{ +func NewNoCreateReadStreamUsingDataFromRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-8", Name: "No create read stream using data from request", @@ -151,8 +151,8 @@ func NewNoCreateReadStreamUsingDataFromRequest() text.TextRule { } } -func NewSQLInjectionUsingParams() text.TextRule { - return text.TextRule{ +func NewSQLInjectionUsingParams() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-9", Name: "SQL Injection Using params", @@ -167,8 +167,8 @@ func NewSQLInjectionUsingParams() text.TextRule { } } -func NewXMLParsersShouldNotBeVulnerableToXXEAttacks() text.TextRule { - return text.TextRule{ +func NewXMLParsersShouldNotBeVulnerableToXXEAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-10", Name: "XML parsers should not be vulnerable to XXE attacks", @@ -183,8 +183,8 @@ func NewXMLParsersShouldNotBeVulnerableToXXEAttacks() text.TextRule { } } -func NewOriginsNotVerified() text.TextRule { - return text.TextRule{ +func NewOriginsNotVerified() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-11", Name: "Origins should be verified during cross-origin communications", @@ -201,8 +201,8 @@ When receiving message with message event, the sender's identity should be verif } } -func NewWeakSSLTLSProtocolsShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewWeakSSLTLSProtocolsShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-12", Name: "Weak SSL/TLS protocols should not be used", @@ -217,8 +217,8 @@ func NewWeakSSLTLSProtocolsShouldNotBeUsed() text.TextRule { } } -func NewWebSQLDatabasesShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewWebSQLDatabasesShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-13", Name: "Web SQL databases should not be used", @@ -235,8 +235,8 @@ Further, the use of a Web SQL Database poses security concerns, since you only n } } -func NewLocalStorageShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewLocalStorageShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-14", Name: "Local storage should not be used", @@ -252,8 +252,8 @@ func NewLocalStorageShouldNotBeUsed() text.TextRule { } } -func NewDebuggerStatementsShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewDebuggerStatementsShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-15", Name: "Debugger statements should not be used", @@ -268,8 +268,8 @@ func NewDebuggerStatementsShouldNotBeUsed() text.TextRule { } } -func NewAlertStatementsShouldNotBeUsed() text.TextRule { - return text.TextRule{ +func NewAlertStatementsShouldNotBeUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-16", Name: "Alert statements should not be used", @@ -284,8 +284,8 @@ func NewAlertStatementsShouldNotBeUsed() text.TextRule { } } -func NewStaticallyServingHiddenFilesIsSecuritySensitive() text.TextRule { - return text.TextRule{ +func NewStaticallyServingHiddenFilesIsSecuritySensitive() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-17", Name: "Statically serving hidden files is security-sensitive", @@ -300,8 +300,8 @@ func NewStaticallyServingHiddenFilesIsSecuritySensitive() text.TextRule { } } -func NewUsingIntrusivePermissionsWithGeolocation() text.TextRule { - return text.TextRule{ +func NewUsingIntrusivePermissionsWithGeolocation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-18", Name: "Using intrusive permissions With Geolocation", @@ -319,8 +319,8 @@ This rule highlights intrusive permissions when requested with the future standa } } -func NewHavingAPermissiveCrossOriginResourceSharingPolicy() text.TextRule { - return text.TextRule{ +func NewHavingAPermissiveCrossOriginResourceSharingPolicy() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-19", Name: "Having a permissive Cross-Origin Resource Sharing policy", @@ -337,8 +337,8 @@ func NewHavingAPermissiveCrossOriginResourceSharingPolicy() text.TextRule { } } -func NewReadingTheStandardInput() text.TextRule { - return text.TextRule{ +func NewReadingTheStandardInput() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-20", Name: "Reading the Standard Input", @@ -354,8 +354,8 @@ func NewReadingTheStandardInput() text.TextRule { } } -func NewUsingCommandLineArguments() text.TextRule { - return text.TextRule{ +func NewUsingCommandLineArguments() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-21", Name: "Using command line arguments", @@ -370,8 +370,8 @@ func NewUsingCommandLineArguments() text.TextRule { } } -func NewRedirectToUnknownPath() text.TextRule { - return text.TextRule{ +func NewRedirectToUnknownPath() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-22", Name: "Redirect to unknown path", @@ -386,8 +386,8 @@ func NewRedirectToUnknownPath() text.TextRule { } } -func NewNoRenderContentFromRequest() text.TextRule { - return text.TextRule{ +func NewNoRenderContentFromRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-23", Name: "No render content from request", @@ -403,8 +403,8 @@ func NewNoRenderContentFromRequest() text.TextRule { } } -func NewNoWriteOnDocumentContentFromRequest() text.TextRule { - return text.TextRule{ +func NewNoWriteOnDocumentContentFromRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-24", Name: "No write content from request on HTML", @@ -419,8 +419,8 @@ func NewNoWriteOnDocumentContentFromRequest() text.TextRule { } } -func NewNoExposeStackTrace() text.TextRule { - return text.TextRule{ +func NewNoExposeStackTrace() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-25", Name: "Stack trace exposure", @@ -435,8 +435,8 @@ func NewNoExposeStackTrace() text.TextRule { } } -func NewInsecureDownload() text.TextRule { - return text.TextRule{ +func NewInsecureDownload() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-26", Name: "Insecure download of executable file", @@ -451,8 +451,8 @@ func NewInsecureDownload() text.TextRule { } } -func NewNoUseRequestMethodUsingDataFromRequestOfUserInput() text.TextRule { - return text.TextRule{ +func NewNoUseRequestMethodUsingDataFromRequestOfUserInput() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-27", Name: "No use request method using data from request of user input", @@ -468,8 +468,8 @@ func NewNoUseRequestMethodUsingDataFromRequestOfUserInput() text.TextRule { } } -func NewNoUseGetMethodUsingDataFromRequestOfUserInput() text.TextRule { - return text.TextRule{ +func NewNoUseGetMethodUsingDataFromRequestOfUserInput() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-28", Name: "No use .get method using data from request of user input", @@ -485,8 +485,8 @@ func NewNoUseGetMethodUsingDataFromRequestOfUserInput() text.TextRule { } } -func NewCryptographicRsaShouldBeRobust() text.TextRule { - return text.TextRule{ +func NewCryptographicRsaShouldBeRobust() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-29", Name: "Cryptographic RSA should be robust", @@ -502,8 +502,8 @@ func NewCryptographicRsaShouldBeRobust() text.TextRule { } } -func NewCryptographicEcShouldBeRobust() text.TextRule { - return text.TextRule{ +func NewCryptographicEcShouldBeRobust() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-30", Name: "Cryptographic EC should be robust", @@ -519,8 +519,8 @@ func NewCryptographicEcShouldBeRobust() text.TextRule { } } -func NewJWTNeedStrongCipherAlgorithms() text.TextRule { - return text.TextRule{ +func NewJWTNeedStrongCipherAlgorithms() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-31", Name: "JWT should be signed and verified with strong cipher algorithms", @@ -537,8 +537,8 @@ func NewJWTNeedStrongCipherAlgorithms() text.TextRule { } } -func NewServerHostnameNotVerified() text.TextRule { - return text.TextRule{ +func NewServerHostnameNotVerified() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-32", Name: "Server hostnames should be verified during SSL/TLS connections", @@ -554,8 +554,8 @@ func NewServerHostnameNotVerified() text.TextRule { } } -func NewServerCertificatesNotVerified() text.TextRule { - return text.TextRule{ +func NewServerCertificatesNotVerified() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-33", Name: "Server certificates should be verified during SSL/TLS connections", @@ -571,8 +571,8 @@ func NewServerCertificatesNotVerified() text.TextRule { } } -func NewUntrustedContentShouldNotBeIncluded() text.TextRule { - return text.TextRule{ +func NewUntrustedContentShouldNotBeIncluded() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-34", Name: "Untrusted content should not be included", @@ -589,8 +589,8 @@ func NewUntrustedContentShouldNotBeIncluded() text.TextRule { } } -func NewMysqlHardCodedCredentialsSecuritySensitive() text.TextRule { - return text.TextRule{ +func NewMysqlHardCodedCredentialsSecuritySensitive() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-35", Name: "Mysql Hard-coded credentials are security-sensitive", @@ -606,8 +606,8 @@ func NewMysqlHardCodedCredentialsSecuritySensitive() text.TextRule { } } -func NewUsingShellInterpreterWhenExecutingOSCommands() text.TextRule { - return text.TextRule{ +func NewUsingShellInterpreterWhenExecutingOSCommands() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-36", Name: "Using shell interpreter when executing OS commands", @@ -623,8 +623,8 @@ func NewUsingShellInterpreterWhenExecutingOSCommands() text.TextRule { } } -func NewForwardingClientIPAddress() text.TextRule { - return text.TextRule{ +func NewForwardingClientIPAddress() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-37", Name: "Forwarding client IP address", @@ -641,8 +641,8 @@ func NewForwardingClientIPAddress() text.TextRule { } } -func NewAllowingConfidentialInformationToBeLoggedWithSignale() text.TextRule { - return text.TextRule{ +func NewAllowingConfidentialInformationToBeLoggedWithSignale() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-38", Name: "Allowing confidential information to be logged with signale", @@ -659,8 +659,8 @@ func NewAllowingConfidentialInformationToBeLoggedWithSignale() text.TextRule { } } -func NewAllowingBrowsersToPerformDNSPrefetching() text.TextRule { - return text.TextRule{ +func NewAllowingBrowsersToPerformDNSPrefetching() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-39", Name: "Allowing browsers to perform DNS prefetching", @@ -677,8 +677,8 @@ func NewAllowingBrowsersToPerformDNSPrefetching() text.TextRule { } } -func NewDisablingCertificateTransparencyMonitoring() text.TextRule { - return text.TextRule{ +func NewDisablingCertificateTransparencyMonitoring() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-40", Name: "Disabling Certificate Transparency monitoring", @@ -694,8 +694,8 @@ func NewDisablingCertificateTransparencyMonitoring() text.TextRule { } } -func NewDisablingStrictHTTPNoReferrerPolicy() text.TextRule { - return text.TextRule{ +func NewDisablingStrictHTTPNoReferrerPolicy() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-41", Name: "Disabling strict HTTP no-referrer policy", @@ -712,8 +712,8 @@ func NewDisablingStrictHTTPNoReferrerPolicy() text.TextRule { } } -func NewAllowingBrowsersToSniffMIMETypes() text.TextRule { - return text.TextRule{ +func NewAllowingBrowsersToSniffMIMETypes() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-42", Name: "Allowing browsers to sniff MIME types", @@ -729,8 +729,8 @@ func NewAllowingBrowsersToSniffMIMETypes() text.TextRule { } } -func NewDisablingContentSecurityPolicyFrameAncestorsDirective() text.TextRule { - return text.TextRule{ +func NewDisablingContentSecurityPolicyFrameAncestorsDirective() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-43", Name: "Disabling content security policy frame-ancestors directive", @@ -747,8 +747,8 @@ func NewDisablingContentSecurityPolicyFrameAncestorsDirective() text.TextRule { } } -func NewAllowingMixedContent() text.TextRule { - return text.TextRule{ +func NewAllowingMixedContent() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-44", Name: "Allowing mixed-content", @@ -765,8 +765,8 @@ func NewAllowingMixedContent() text.TextRule { } } -func NewDisablingContentSecurityPolicyFetchDirectives() text.TextRule { - return text.TextRule{ +func NewDisablingContentSecurityPolicyFetchDirectives() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-45", Name: "Disabling content security policy fetch directives", @@ -782,8 +782,8 @@ func NewDisablingContentSecurityPolicyFetchDirectives() text.TextRule { } } -func NewCreatingCookiesWithoutTheHttpOnlyFlag() text.TextRule { - return text.TextRule{ +func NewCreatingCookiesWithoutTheHttpOnlyFlag() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-46", Name: "Creating cookies without the \"HttpOnly\" flag", @@ -799,8 +799,8 @@ func NewCreatingCookiesWithoutTheHttpOnlyFlag() text.TextRule { } } -func NewCreatingCookiesWithoutTheSecureFlag() text.TextRule { - return text.TextRule{ +func NewCreatingCookiesWithoutTheSecureFlag() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-47", Name: "Creating cookies without the \"secure\" flag", @@ -816,8 +816,8 @@ func NewCreatingCookiesWithoutTheSecureFlag() text.TextRule { } } -func NewNoUseSocketManually() text.TextRule { - return text.TextRule{ +func NewNoUseSocketManually() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-48", Name: "No use socket manually", @@ -833,8 +833,8 @@ func NewNoUseSocketManually() text.TextRule { } } -func NewEncryptionAlgorithmsWeak() text.TextRule { - return text.TextRule{ +func NewEncryptionAlgorithmsWeak() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-49", Name: "Encryption Algorithms Weak", @@ -850,8 +850,8 @@ func NewEncryptionAlgorithmsWeak() text.TextRule { } } -func NewFileUploadsShouldBeRestricted() text.TextRule { - return text.TextRule{ +func NewFileUploadsShouldBeRestricted() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-50", Name: "File uploads should be restricted", @@ -868,8 +868,8 @@ func NewFileUploadsShouldBeRestricted() text.TextRule { } } -func NewAllowingRequestsWithExcessiveContentLengthSecurity() text.TextRule { - return text.TextRule{ +func NewAllowingRequestsWithExcessiveContentLengthSecurity() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-51", Name: "Allowing requests with excessive content length is security-sensitive", @@ -886,8 +886,8 @@ func NewAllowingRequestsWithExcessiveContentLengthSecurity() text.TextRule { } } -func NewNoDisableSanitizeHtml() text.TextRule { - return text.TextRule{ +func NewNoDisableSanitizeHtml() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-52", Name: "No Disable Sanitize Html", @@ -906,8 +906,8 @@ func NewNoDisableSanitizeHtml() text.TextRule { } } -func NewSQLInjection() text.TextRule { - return text.TextRule{ +func NewSQLInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JAVASCRIPT-53", Name: "SQL Injection", diff --git a/internal/services/engines/javascript/rules_test.go b/internal/services/engines/javascript/rules_test.go index daad4efac..0233be0d6 100644 --- a/internal/services/engines/javascript/rules_test.go +++ b/internal/services/engines/javascript/rules_test.go @@ -15,6 +15,8 @@ package javascript import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,325 +25,372 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-JAVASCRIPT-1", - Rule: NewNoLogSensitiveInformationInConsole(), - Src: SampleVulnerableHSJAVASCRIPT1, + Name: "HS-JAVASCRIPT-1", + Rule: NewNoLogSensitiveInformationInConsole(), + Src: SampleVulnerableHSJAVASCRIPT1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-1", ".test")), Findings: []engine.Finding{ { CodeSample: `console.log("user email: ", email)`, SourceLocation: engine.Location{ - Line: 2, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-1", ".test")), + Line: 2, + Column: 0, }, }, { CodeSample: `console.debug("user password: ", pwd)`, SourceLocation: engine.Location{ - Line: 3, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-1", ".test")), + Line: 3, + Column: 0, }, }, }, }, { - Name: "HS-JAVASCRIPT-2", - Rule: NewNoUseEval(), - Src: SampleVulnerableHSJAVASCRIPT2, + Name: "HS-JAVASCRIPT-2", + Rule: NewNoUseEval(), + Src: SampleVulnerableHSJAVASCRIPT2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-2", ".test")), Findings: []engine.Finding{ { CodeSample: `eval(foo);`, SourceLocation: engine.Location{ - Line: 3, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-2", ".test")), + Line: 3, + Column: 1, }, }, }, }, { - Name: "HS-JAVASCRIPT-3", - Rule: NewNoDisableTlsRejectUnauthorized(), - Src: SampleVulnerableHSJAVASCRIPT3, + Name: "HS-JAVASCRIPT-3", + Rule: NewNoDisableTlsRejectUnauthorized(), + Src: SampleVulnerableHSJAVASCRIPT3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-3", ".test")), Findings: []engine.Finding{ { CodeSample: `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";`, SourceLocation: engine.Location{ - Line: 2, - Column: 12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-3", ".test")), + Line: 2, + Column: 12, }, }, }, }, { - Name: "HS-JAVASCRIPT-4", - Rule: NewNoUseMD5Hashing(), - Src: SampleVulnerableHSJAVASCRIPT4, + Name: "HS-JAVASCRIPT-4", + Rule: NewNoUseMD5Hashing(), + Src: SampleVulnerableHSJAVASCRIPT4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-4", ".test")), Findings: []engine.Finding{ { CodeSample: `const hash = crypto.createHash('md5')`, SourceLocation: engine.Location{ - Line: 2, - Column: 20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-4", ".test")), + Line: 2, + Column: 20, }, }, }, }, { - Name: "HS-JAVASCRIPT-5", - Rule: NewNoUseSHA1Hashing(), - Src: SampleVulnerableHSJAVASCRIPT5, + Name: "HS-JAVASCRIPT-5", + Rule: NewNoUseSHA1Hashing(), + Src: SampleVulnerableHSJAVASCRIPT5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-5", ".test")), Findings: []engine.Finding{ { CodeSample: `const hash = crypto.createHash('sha1')`, SourceLocation: engine.Location{ - Line: 2, - Column: 20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-5", ".test")), + Line: 2, + Column: 20, }, }, }, }, { - Name: "HS-JAVASCRIPT-6", - Rule: NewNoUseWeakRandom(), - Src: SampleVulnerableHSJAVASCRIPT6, + Name: "HS-JAVASCRIPT-6", + Rule: NewNoUseWeakRandom(), + Src: SampleVulnerableHSJAVASCRIPT6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-6", ".test")), Findings: []engine.Finding{ { CodeSample: `return Math.random();`, SourceLocation: engine.Location{ - Line: 3, - Column: 8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-6", ".test")), + Line: 3, + Column: 8, }, }, }, }, { - Name: "HS-JAVASCRIPT-7", - Rule: NewNoReadFileUsingDataFromRequest(), - Src: SampleVulnerableHSJAVASCRIPT7, + Name: "HS-JAVASCRIPT-7", + Rule: NewNoReadFileUsingDataFromRequest(), + Src: SampleVulnerableHSJAVASCRIPT7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-7", ".test")), Findings: []engine.Finding{ { CodeSample: `return fs.readFileSync(req.body, 'utf8')`, SourceLocation: engine.Location{ - Line: 3, - Column: 10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-7", ".test")), + Line: 3, + Column: 10, }, }, }, }, { - Name: "HS-JAVASCRIPT-8", - Rule: NewNoCreateReadStreamUsingDataFromRequest(), - Src: SampleVulnerableHSJAVASCRIPT8, + Name: "HS-JAVASCRIPT-8", + Rule: NewNoCreateReadStreamUsingDataFromRequest(), + Src: SampleVulnerableHSJAVASCRIPT8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-8", ".test")), Findings: []engine.Finding{ { CodeSample: `return fs.createReadStream(req.body)`, SourceLocation: engine.Location{ - Line: 3, - Column: 10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-8", ".test")), + Line: 3, + Column: 10, }, }, }, }, { - Name: "HS-JAVASCRIPT-9", - Rule: NewSQLInjectionUsingParams(), - Src: SampleVulnerableHSJAVASCRIPT9, + Name: "HS-JAVASCRIPT-9", + Rule: NewSQLInjectionUsingParams(), + Src: SampleVulnerableHSJAVASCRIPT9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-9", ".test")), Findings: []engine.Finding{ { CodeSample: `Model.find({ where: { foo: req.body}});`, SourceLocation: engine.Location{ - Line: 3, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-9", ".test")), + Line: 3, + Column: 6, }, }, }, }, { - Name: "HS-JAVASCRIPT-10", - Rule: NewXMLParsersShouldNotBeVulnerableToXXEAttacks(), - Src: SampleVulnerableHSJAVASCRIPT10, + Name: "HS-JAVASCRIPT-10", + Rule: NewXMLParsersShouldNotBeVulnerableToXXEAttacks(), + Src: SampleVulnerableHSJAVASCRIPT10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-10", ".test")), Findings: []engine.Finding{ { CodeSample: `var xmlDoc = libxml.parseXmlString(xml, {});`, SourceLocation: engine.Location{ - Line: 4, - Column: 19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-10", ".test")), + Line: 4, + Column: 19, }, }, }, }, { - Name: "HS-JAVASCRIPT-11", - Rule: NewOriginsNotVerified(), - Src: SampleVulnerableHSJAVASCRIPT11, + Name: "HS-JAVASCRIPT-11", + Rule: NewOriginsNotVerified(), + Src: SampleVulnerableHSJAVASCRIPT11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-11", ".test")), Findings: []engine.Finding{ { CodeSample: `popup.postMessage("message", "https://foo.bar", "*");`, SourceLocation: engine.Location{ - Line: 4, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-11", ".test")), + Line: 4, + Column: 6, }, }, { CodeSample: `window.addEventListener("message", (event) => {});`, SourceLocation: engine.Location{ - Line: 8, - Column: 7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-11", ".test")), + Line: 8, + Column: 7, }, }, }, }, { - Name: "HS-JAVASCRIPT-12", - Rule: NewWeakSSLTLSProtocolsShouldNotBeUsed(), - Src: SampleVulnerableHSJAVASCRIPT12, + Name: "HS-JAVASCRIPT-12", + Rule: NewWeakSSLTLSProtocolsShouldNotBeUsed(), + Src: SampleVulnerableHSJAVASCRIPT12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-12", ".test")), Findings: []engine.Finding{ { CodeSample: `secureProtocol: 'TLSv1_method'`, SourceLocation: engine.Location{ - Line: 4, - Column: 19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-12", ".test")), + Line: 4, + Column: 19, }, }, { CodeSample: `secureProtocol: 'TLSv1.1'`, SourceLocation: engine.Location{ - Line: 10, - Column: 19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-12", ".test")), + Line: 10, + Column: 19, }, }, }, }, { - Name: "HS-JAVASCRIPT-13", - Rule: NewWebSQLDatabasesShouldNotBeUsed(), - Src: SampleVulnerableHSJAVASCRIPT13, + Name: "HS-JAVASCRIPT-13", + Rule: NewWebSQLDatabasesShouldNotBeUsed(), + Src: SampleVulnerableHSJAVASCRIPT13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-13", ".test")), Findings: []engine.Finding{ { CodeSample: `const db = window.openDatabase();`, SourceLocation: engine.Location{ - Line: 2, - Column: 11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-13", ".test")), + Line: 2, + Column: 11, }, }, }, }, { - Name: "HS-JAVASCRIPT-14", - Rule: NewLocalStorageShouldNotBeUsed(), - Src: SampleVulnerableHSJAVASCRIPT14, + Name: "HS-JAVASCRIPT-14", + Rule: NewLocalStorageShouldNotBeUsed(), + Src: SampleVulnerableHSJAVASCRIPT14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-14", ".test")), Findings: []engine.Finding{ { CodeSample: `localStorage.setItem("foo", "bar");`, SourceLocation: engine.Location{ - Line: 3, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-14", ".test")), + Line: 3, + Column: 1, }, }, { CodeSample: `sessionStorage.setItem("foo", "bar");`, SourceLocation: engine.Location{ - Line: 7, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-14", ".test")), + Line: 7, + Column: 1, }, }, }, }, { - Name: "HS-JAVASCRIPT-15", - Rule: NewDebuggerStatementsShouldNotBeUsed(), - Src: SampleVulnerableHSJAVASCRIPT15, + Name: "HS-JAVASCRIPT-15", + Rule: NewDebuggerStatementsShouldNotBeUsed(), + Src: SampleVulnerableHSJAVASCRIPT15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-15", ".test")), Findings: []engine.Finding{ { CodeSample: `debugger;`, SourceLocation: engine.Location{ - Line: 2, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-15", ".test")), + Line: 2, + Column: 1, }, }, }, }, { - Name: "HS-JAVASCRIPT-16", - Rule: NewAlertStatementsShouldNotBeUsed(), - Src: SampleVulnerableHSJAVASCRIPT16, + Name: "HS-JAVASCRIPT-16", + Rule: NewAlertStatementsShouldNotBeUsed(), + Src: SampleVulnerableHSJAVASCRIPT16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-16", ".test")), Findings: []engine.Finding{ { CodeSample: `alert("testing");`, SourceLocation: engine.Location{ - Line: 3, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-16", ".test")), + Line: 3, + Column: 1, }, }, { CodeSample: `confirm("testing");`, SourceLocation: engine.Location{ - Line: 7, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-16", ".test")), + Line: 7, + Column: 1, }, }, { CodeSample: `prompt("testing");`, SourceLocation: engine.Location{ - Line: 11, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-16", ".test")), + Line: 11, + Column: 1, }, }, }, }, { - Name: "HS-JAVASCRIPT-17", - Rule: NewStaticallyServingHiddenFilesIsSecuritySensitive(), - Src: SampleVulnerableHSJAVASCRIPT17, + Name: "HS-JAVASCRIPT-17", + Rule: NewStaticallyServingHiddenFilesIsSecuritySensitive(), + Src: SampleVulnerableHSJAVASCRIPT17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-17", ".test")), Findings: []engine.Finding{ { CodeSample: `dotfiles : 'allow'`, SourceLocation: engine.Location{ - Line: 3, - Column: 2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-17", ".test")), + Line: 3, + Column: 2, }, }, }, }, { - Name: "HS-JAVASCRIPT-18", - Rule: NewUsingIntrusivePermissionsWithGeolocation(), - Src: SampleVulnerableHSJAVASCRIPT18, + Name: "HS-JAVASCRIPT-18", + Rule: NewUsingIntrusivePermissionsWithGeolocation(), + Src: SampleVulnerableHSJAVASCRIPT18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-18", ".test")), Findings: []engine.Finding{ { CodeSample: `navigator.geolocation.getCurrentPosition(success, error, {});`, SourceLocation: engine.Location{ - Line: 10, - Column: 10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-18", ".test")), + Line: 10, + Column: 10, }, }, }, }, { - Name: "HS-JAVASCRIPT-19", - Rule: NewHavingAPermissiveCrossOriginResourceSharingPolicy(), - Src: SampleVulnerableHSJAVASCRIPT19, + Name: "HS-JAVASCRIPT-19", + Rule: NewHavingAPermissiveCrossOriginResourceSharingPolicy(), + Src: SampleVulnerableHSJAVASCRIPT19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-19", ".test")), Findings: []engine.Finding{ { CodeSample: `res.header("Access-Control-Allow-Origin", "*");`, SourceLocation: engine.Location{ - Line: 7, - Column: 14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-19", ".test")), + Line: 7, + Column: 14, }, }, { CodeSample: `app.get('/products/:id', cors(), function (req, res, next) {`, SourceLocation: engine.Location{ - Line: 6, - Column: 25, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-19", ".test")), + Line: 6, + Column: 25, }, }, { CodeSample: `origin: '*',`, SourceLocation: engine.Location{ - Line: 3, - Column: 2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-19", ".test")), + Line: 3, + Column: 2, }, }, }, @@ -352,41 +401,49 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-JAVASCRIPT-2", - Rule: NewNoUseEval(), - Src: SampleSafeHSJAVASCRIPT2, + Name: "HS-JAVASCRIPT-2", + Rule: NewNoUseEval(), + Src: SampleSafeHSJAVASCRIPT2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-1", ".test")), }, { - Name: "HS-JAVASCRIPT-9", - Rule: NewSQLInjectionUsingParams(), - Src: SampleSafeHSJAVASCRIPT9, + Name: "HS-JAVASCRIPT-9", + Rule: NewSQLInjectionUsingParams(), + Src: SampleSafeHSJAVASCRIPT9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-9", ".test")), }, { - Name: "HS-JAVASCRIPT-10", - Rule: NewXMLParsersShouldNotBeVulnerableToXXEAttacks(), - Src: SampleSafeHSJAVASCRIPT10, + Name: "HS-JAVASCRIPT-10", + Rule: NewXMLParsersShouldNotBeVulnerableToXXEAttacks(), + Src: SampleSafeHSJAVASCRIPT10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-10", ".test")), }, { - Name: "HS-JAVASCRIPT-11", - Rule: NewOriginsNotVerified(), - Src: SampleSafeHSJAVASCRIPT11, + Name: "HS-JAVASCRIPT-11", + Rule: NewOriginsNotVerified(), + Src: SampleSafeHSJAVASCRIPT11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-11", ".test")), }, { - Name: "HS-JAVASCRIPT-12", - Rule: NewWeakSSLTLSProtocolsShouldNotBeUsed(), - Src: SampleSafeHSJAVASCRIPT12, + Name: "HS-JAVASCRIPT-12", + Rule: NewWeakSSLTLSProtocolsShouldNotBeUsed(), + Src: SampleSafeHSJAVASCRIPT12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-12", ".test")), }, { - Name: "HS-JAVASCRIPT-17", - Rule: NewStaticallyServingHiddenFilesIsSecuritySensitive(), - Src: SampleSafeHSJAVASCRIPT17, + Name: "HS-JAVASCRIPT-17", + Rule: NewStaticallyServingHiddenFilesIsSecuritySensitive(), + Src: SampleSafeHSJAVASCRIPT17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-17", ".test")), }, { - Name: "HS-JAVASCRIPT-19", - Rule: NewHavingAPermissiveCrossOriginResourceSharingPolicy(), - Src: SampleSafeHSJAVASCRIPT19, + Name: "HS-JAVASCRIPT-19", + Rule: NewHavingAPermissiveCrossOriginResourceSharingPolicy(), + Src: SampleSafeHSJAVASCRIPT19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-19", ".test")), }, } diff --git a/internal/services/engines/jvm/rules.go b/internal/services/engines/jvm/rules.go index 0e8f7504b..6196d42b2 100644 --- a/internal/services/engines/jvm/rules.go +++ b/internal/services/engines/jvm/rules.go @@ -73,8 +73,8 @@ func Rules() []engine.Rule { } } -func NewNoLogSensitiveInformation() text.TextRule { - return text.TextRule{ +func NewNoLogSensitiveInformation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-1", Name: "No Log Sensitive Information", @@ -89,8 +89,8 @@ func NewNoLogSensitiveInformation() text.TextRule { } } -func NewHTTPRequestsConnectionsAndSessions() text.TextRule { - return text.TextRule{ +func NewHTTPRequestsConnectionsAndSessions() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-2", Name: "HTTP Requests, Connections and Sessions", @@ -105,8 +105,8 @@ func NewHTTPRequestsConnectionsAndSessions() text.TextRule { } } -func NewNoUsesSafetyNetAPI() text.TextRule { - return text.TextRule{ +func NewNoUsesSafetyNetAPI() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-3", Name: "No uses safety api", @@ -121,8 +121,8 @@ func NewNoUsesSafetyNetAPI() text.TextRule { } } -func NewNoUsesContentProvider() text.TextRule { - return text.TextRule{ +func NewNoUsesContentProvider() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-4", Name: "No uses Content Provider", @@ -137,8 +137,8 @@ func NewNoUsesContentProvider() text.TextRule { } } -func NewNoUseWithUnsafeBytes() text.TextRule { - return text.TextRule{ +func NewNoUseWithUnsafeBytes() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-5", Name: "No Use With Unsafe Bytes", @@ -153,8 +153,8 @@ func NewNoUseWithUnsafeBytes() text.TextRule { } } -func NewNoUseLocalFileIOOperations() text.TextRule { - return text.TextRule{ +func NewNoUseLocalFileIOOperations() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-6", Name: "Local File I/O Operations", @@ -169,8 +169,8 @@ func NewNoUseLocalFileIOOperations() text.TextRule { } } -func NewWebViewComponent() text.TextRule { - return text.TextRule{ +func NewWebViewComponent() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-7", Name: "WebView Component", @@ -185,8 +185,8 @@ func NewWebViewComponent() text.TextRule { } } -func NewEncryptionAPI() text.TextRule { - return text.TextRule{ +func NewEncryptionAPI() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-8", Name: "Encryption API", @@ -201,8 +201,8 @@ func NewEncryptionAPI() text.TextRule { } } -func NewKeychainAccess() text.TextRule { - return text.TextRule{ +func NewKeychainAccess() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-9", Name: "Keychain Access", @@ -217,8 +217,8 @@ func NewKeychainAccess() text.TextRule { } } -func NewNoUseProhibitedAPIs() text.TextRule { - return text.TextRule{ +func NewNoUseProhibitedAPIs() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-10", Name: "No Use Prohibited APIs", @@ -233,8 +233,8 @@ func NewNoUseProhibitedAPIs() text.TextRule { } } -func NewApplicationAllowMITMAttacks() text.TextRule { - return text.TextRule{ +func NewApplicationAllowMITMAttacks() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-11", Name: "Application allow MITM attacks", @@ -249,8 +249,8 @@ func NewApplicationAllowMITMAttacks() text.TextRule { } } -func NewUIWebViewInApplicationIgnoringErrorsSSL() text.TextRule { - return text.TextRule{ +func NewUIWebViewInApplicationIgnoringErrorsSSL() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-12", Name: "UIWebView in application ignoring errors SSL", @@ -265,8 +265,8 @@ func NewUIWebViewInApplicationIgnoringErrorsSSL() text.TextRule { } } -func NewNoListClipboardChanges() text.TextRule { - return text.TextRule{ +func NewNoListClipboardChanges() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-13", Name: "No List changes on the clipboard", @@ -281,8 +281,8 @@ func NewNoListClipboardChanges() text.TextRule { } } -func NewApplicationUsingSQLite() text.TextRule { - return text.TextRule{ +func NewApplicationUsingSQLite() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-14", Name: "The application is using SQLite. Confidential information must be encrypted.", @@ -297,8 +297,8 @@ func NewApplicationUsingSQLite() text.TextRule { } } -func NewNoUseNSTemporaryDirectory() text.TextRule { - return text.TextRule{ +func NewNoUseNSTemporaryDirectory() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-15", Name: "No use NSTemporaryDirectory", @@ -313,8 +313,8 @@ func NewNoUseNSTemporaryDirectory() text.TextRule { } } -func NewNoCopiesDataToTheClipboard() text.TextRule { - return text.TextRule{ +func NewNoCopiesDataToTheClipboard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-16", Name: "No copies data to the Clipboard", @@ -329,8 +329,8 @@ func NewNoCopiesDataToTheClipboard() text.TextRule { } } -func NewNoDownloadFileUsingAndroidDownloadManager() text.TextRule { - return text.TextRule{ +func NewNoDownloadFileUsingAndroidDownloadManager() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-17", Name: "No Download File Using Android Download Manager", @@ -346,8 +346,8 @@ func NewNoDownloadFileUsingAndroidDownloadManager() text.TextRule { } } -func NewAndroidKeystore() text.TextRule { - return text.TextRule{ +func NewAndroidKeystore() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-18", Name: "Android Keystore", @@ -363,8 +363,8 @@ func NewAndroidKeystore() text.TextRule { } } -func NewAndroidNotifications() text.TextRule { - return text.TextRule{ +func NewAndroidNotifications() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-19", Name: "Android Notifications", @@ -380,8 +380,8 @@ func NewAndroidNotifications() text.TextRule { } } -func NewPotentialAndroidSQLInjection() text.TextRule { - return text.TextRule{ +func NewPotentialAndroidSQLInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-20", Name: "Potential Android SQL Injection", @@ -397,8 +397,8 @@ func NewPotentialAndroidSQLInjection() text.TextRule { } } -func NewSQLInjectionWithSQLite() text.TextRule { - return text.TextRule{ +func NewSQLInjectionWithSQLite() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-21", Name: "SQL Injection With SQLite", @@ -414,8 +414,8 @@ func NewSQLInjectionWithSQLite() text.TextRule { } } -func NewWebViewGETRequest() text.TextRule { - return text.TextRule{ +func NewWebViewGETRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-22", Name: "WebView GET Request", @@ -432,8 +432,8 @@ func NewWebViewGETRequest() text.TextRule { } } -func NewWebViewPOSTRequest() text.TextRule { - return text.TextRule{ +func NewWebViewPOSTRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-23", Name: "WebView POST Request", @@ -450,8 +450,8 @@ func NewWebViewPOSTRequest() text.TextRule { } } -func NewBase64Decode() text.TextRule { - return text.TextRule{ +func NewBase64Decode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-24", Name: "Base64 Decode", @@ -467,8 +467,8 @@ func NewBase64Decode() text.TextRule { } } -func NewKeychainAccessAndMatch() text.TextRule { - return text.TextRule{ +func NewKeychainAccessAndMatch() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-25", Name: "WebView Load Request", @@ -484,8 +484,8 @@ func NewKeychainAccessAndMatch() text.TextRule { } } -func NewWebViewLoadRequest() text.TextRule { - return text.TextRule{ +func NewWebViewLoadRequest() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-26", Name: "WebView Load Request", @@ -501,8 +501,8 @@ func NewWebViewLoadRequest() text.TextRule { } } -func NewCookieStorage() text.TextRule { - return text.TextRule{ +func NewCookieStorage() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-27", Name: "Cookie Storage", @@ -518,8 +518,8 @@ func NewCookieStorage() text.TextRule { } } -func NewSetReadClipboard() text.TextRule { - return text.TextRule{ +func NewSetReadClipboard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-28", Name: "Set or Read Clipboard", @@ -535,8 +535,8 @@ func NewSetReadClipboard() text.TextRule { } } -func NewUsingLoadHTMLStringCanResultInject() text.TextRule { - return text.TextRule{ +func NewUsingLoadHTMLStringCanResultInject() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-29", Name: "Using LoadHTMLString can result Inject", @@ -552,8 +552,8 @@ func NewUsingLoadHTMLStringCanResultInject() text.TextRule { } } -func NewNoUseSFAntiPiracyJailbreak() text.TextRule { - return text.TextRule{ +func NewNoUseSFAntiPiracyJailbreak() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-30", Name: "No Use SFAntiPiracy Jailbreak", @@ -570,8 +570,8 @@ func NewNoUseSFAntiPiracyJailbreak() text.TextRule { } } -func NewNoUseSFAntiPiracyIsPirated() text.TextRule { - return text.TextRule{ +func NewNoUseSFAntiPiracyIsPirated() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-31", Name: "No Use SFAntiPiracy IsPirated", @@ -588,8 +588,8 @@ func NewNoUseSFAntiPiracyIsPirated() text.TextRule { } } -func NewWeakMd5HashUsing() text.TextRule { - return text.TextRule{ +func NewWeakMd5HashUsing() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-32", Name: "Weak md5 hash using", @@ -605,8 +605,8 @@ func NewWeakMd5HashUsing() text.TextRule { } } -func NewWeakSha1HashUsing() text.TextRule { - return text.TextRule{ +func NewWeakSha1HashUsing() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-33", Name: "Weak sha1 hash using", @@ -622,8 +622,8 @@ func NewWeakSha1HashUsing() text.TextRule { } } -func NewWeakECBEncryptionAlgorithmUsing() text.TextRule { - return text.TextRule{ +func NewWeakECBEncryptionAlgorithmUsing() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-34", Name: "Weak ECB encryption algorithm using", @@ -639,8 +639,8 @@ func NewWeakECBEncryptionAlgorithmUsing() text.TextRule { } } -func NewUsingPtrace() text.TextRule { - return text.TextRule{ +func NewUsingPtrace() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-35", Name: "The application has anti-debugger using ptrace()", @@ -656,8 +656,8 @@ func NewUsingPtrace() text.TextRule { } } -func NewSuperUserPrivileges() text.TextRule { - return text.TextRule{ +func NewSuperUserPrivileges() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-36", Name: "Super User Privileges", @@ -676,8 +676,8 @@ func NewSuperUserPrivileges() text.TextRule { } } -func NewSendSMS() text.TextRule { - return text.TextRule{ +func NewSendSMS() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-37", Name: "Send SMS", @@ -695,8 +695,8 @@ func NewSendSMS() text.TextRule { } } -func NewBase64Encode() text.TextRule { - return text.TextRule{ +func NewBase64Encode() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-38", Name: "Base64 Encode", @@ -713,8 +713,8 @@ func NewBase64Encode() text.TextRule { } } -func NewGpsLocation() text.TextRule { - return text.TextRule{ +func NewGpsLocation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-39", Name: "GPS Location", @@ -733,8 +733,8 @@ func NewGpsLocation() text.TextRule { } } -func NewApplicationMayContainJailbreakDetectionMechanisms() text.TextRule { - return text.TextRule{ +func NewApplicationMayContainJailbreakDetectionMechanisms() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-JVM-40", Name: "The application may contain Jailbreak detection mechanisms", diff --git a/internal/services/engines/kubernetes/rules.go b/internal/services/engines/kubernetes/rules.go index 80fd4469a..4be80c22a 100644 --- a/internal/services/engines/kubernetes/rules.go +++ b/internal/services/engines/kubernetes/rules.go @@ -23,8 +23,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewAllowPrivilegeEscalation() text.TextRule { - return text.TextRule{ +func NewAllowPrivilegeEscalation() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-1", Name: "Allow Privilege Escalation", @@ -41,8 +41,8 @@ func NewAllowPrivilegeEscalation() text.TextRule { } } -func NewHostAliases() text.TextRule { - return text.TextRule{ +func NewHostAliases() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-2", Name: "Host Aliases", @@ -59,8 +59,8 @@ func NewHostAliases() text.TextRule { } } -func NewDockerSock() text.TextRule { - return text.TextRule{ +func NewDockerSock() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-3", Name: "Docker Sock", @@ -77,8 +77,8 @@ func NewDockerSock() text.TextRule { } } -func NewCapabilitySystemAdmin() text.TextRule { - return text.TextRule{ +func NewCapabilitySystemAdmin() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-4", Name: "Capability System Admin", @@ -97,8 +97,8 @@ func NewCapabilitySystemAdmin() text.TextRule { } } -func NewPrivilegedContainer() text.TextRule { - return text.TextRule{ +func NewPrivilegedContainer() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-5", Name: "Privileged Container", @@ -115,8 +115,8 @@ func NewPrivilegedContainer() text.TextRule { } } -func NewSeccompUnconfined() text.TextRule { - return text.TextRule{ +func NewSeccompUnconfined() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-6", Name: "Seccomp Unconfined", @@ -132,8 +132,8 @@ func NewSeccompUnconfined() text.TextRule { } } -func NewHostIPC() text.TextRule { - return text.TextRule{ +func NewHostIPC() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-7", Name: "Host IPC", @@ -148,8 +148,8 @@ func NewHostIPC() text.TextRule { } } -func NewHostPID() text.TextRule { - return text.TextRule{ +func NewHostPID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-8", Name: "Host PID", @@ -164,8 +164,8 @@ func NewHostPID() text.TextRule { } } -func NewHostNetwork() text.TextRule { - return text.TextRule{ +func NewHostNetwork() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-KUBERNETES-9", Name: "Host Network", diff --git a/internal/services/engines/kubernetes/rules_test.go b/internal/services/engines/kubernetes/rules_test.go index a08f7463d..e9df2eed8 100644 --- a/internal/services/engines/kubernetes/rules_test.go +++ b/internal/services/engines/kubernetes/rules_test.go @@ -15,6 +15,8 @@ package kubernetes import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,17 +25,20 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-KUBERNETES-1", - Rule: NewAllowPrivilegeEscalation(), - Src: SampleVulnerableHSKUBERNETES1, + Name: "HS-KUBERNETES-1", + Rule: NewAllowPrivilegeEscalation(), + Src: SampleVulnerableHSKUBERNETES1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-2", ".test")), Findings: []engine.Finding{ { CodeSample: "allowPrivilegeEscalation: true", SourceLocation: engine.Location{ - Line: 10, - Column: 1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-2", ".test")), + Line: 10, + Column: 1, }, }, }, @@ -44,11 +49,13 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-KUBERNETES-1", - Rule: NewAllowPrivilegeEscalation(), - Src: SampleSafeHSKUBERNETES1, + Name: "HS-KUBERNETES-1", + Rule: NewAllowPrivilegeEscalation(), + Src: SampleSafeHSKUBERNETES1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-JAVASCRIPT-2", ".test")), }, } diff --git a/internal/services/engines/leaks/rule_manager.go b/internal/services/engines/leaks/rule_manager.go index 2f9a274c6..bcb506f3e 100644 --- a/internal/services/engines/leaks/rule_manager.go +++ b/internal/services/engines/leaks/rule_manager.go @@ -25,7 +25,7 @@ func NewRules() *engines.RuleManager { } func extensions() []string { - return []string{"**"} + return []string{engine.AcceptAnyExtension} } // Rules return all rules registred to Leaks engine. diff --git a/internal/services/engines/leaks/rules.go b/internal/services/engines/leaks/rules.go index a5305e75e..e9495415f 100644 --- a/internal/services/engines/leaks/rules.go +++ b/internal/services/engines/leaks/rules.go @@ -23,8 +23,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewAWSManagerID() text.TextRule { - return text.TextRule{ +func NewAWSManagerID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-1", Name: "AWS Manager ID", @@ -39,8 +39,8 @@ func NewAWSManagerID() text.TextRule { } } -func NewAWSSecretKey() text.TextRule { - return text.TextRule{ +func NewAWSSecretKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-2", Name: "AWS Secret Key", @@ -56,8 +56,8 @@ func NewAWSSecretKey() text.TextRule { } } -func NewAWSMWSKey() text.TextRule { - return text.TextRule{ +func NewAWSMWSKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-3", Name: "AWS MWS key", @@ -72,8 +72,8 @@ func NewAWSMWSKey() text.TextRule { } } -func NewFacebookSecretKey() text.TextRule { - return text.TextRule{ +func NewFacebookSecretKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-4", Name: "Facebook Secret Key", @@ -88,8 +88,8 @@ func NewFacebookSecretKey() text.TextRule { } } -func NewFacebookClientID() text.TextRule { - return text.TextRule{ +func NewFacebookClientID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-5", Name: "Facebook Client ID", @@ -104,8 +104,8 @@ func NewFacebookClientID() text.TextRule { } } -func NewTwitterSecretKey() text.TextRule { - return text.TextRule{ +func NewTwitterSecretKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-6", Name: "Twitter Secret Key", @@ -120,8 +120,8 @@ func NewTwitterSecretKey() text.TextRule { } } -func NewTwitterClientID() text.TextRule { - return text.TextRule{ +func NewTwitterClientID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-7", Name: "Twitter Client ID", @@ -136,8 +136,8 @@ func NewTwitterClientID() text.TextRule { } } -func NewGithub() text.TextRule { - return text.TextRule{ +func NewGithub() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-8", Name: "Github", @@ -152,8 +152,8 @@ func NewGithub() text.TextRule { } } -func NewLinkedInClientID() text.TextRule { - return text.TextRule{ +func NewLinkedInClientID() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-9", Name: "LinkedIn Client ID", @@ -168,8 +168,8 @@ func NewLinkedInClientID() text.TextRule { } } -func NewLinkedInSecretKey() text.TextRule { - return text.TextRule{ +func NewLinkedInSecretKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-10", Name: "LinkedIn Secret Key", @@ -184,8 +184,8 @@ func NewLinkedInSecretKey() text.TextRule { } } -func NewSlack() text.TextRule { - return text.TextRule{ +func NewSlack() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-11", Name: "Slack", @@ -201,8 +201,8 @@ func NewSlack() text.TextRule { } } -func NewAsymmetricPrivateKey() text.TextRule { - return text.TextRule{ +func NewAsymmetricPrivateKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-12", Name: "Asymmetric Private Key", @@ -218,8 +218,8 @@ func NewAsymmetricPrivateKey() text.TextRule { } } -func NewGoogleAPIKey() text.TextRule { - return text.TextRule{ +func NewGoogleAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-13", Name: "Google API key", @@ -235,8 +235,8 @@ func NewGoogleAPIKey() text.TextRule { } } -func NewGoogleGCPServiceAccount() text.TextRule { - return text.TextRule{ +func NewGoogleGCPServiceAccount() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-14", Name: "Google (GCP) Service Account", @@ -253,8 +253,8 @@ func NewGoogleGCPServiceAccount() text.TextRule { } } -func NewHerokuAPIKey() text.TextRule { - return text.TextRule{ +func NewHerokuAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-15", Name: "Heroku API key", @@ -269,8 +269,8 @@ func NewHerokuAPIKey() text.TextRule { } } -func NewMailChimpAPIKey() text.TextRule { - return text.TextRule{ +func NewMailChimpAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-16", Name: "MailChimp API key", @@ -285,8 +285,8 @@ func NewMailChimpAPIKey() text.TextRule { } } -func NewMailgunAPIKey() text.TextRule { - return text.TextRule{ +func NewMailgunAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-17", Name: "Mailgun API key", @@ -301,8 +301,8 @@ func NewMailgunAPIKey() text.TextRule { } } -func NewPayPalBraintreeAccessToken() text.TextRule { - return text.TextRule{ +func NewPayPalBraintreeAccessToken() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-18", Name: "PayPal Braintree access token", @@ -317,8 +317,8 @@ func NewPayPalBraintreeAccessToken() text.TextRule { } } -func NewPicaticAPIKey() text.TextRule { - return text.TextRule{ +func NewPicaticAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-19", Name: "Picatic API key", @@ -333,8 +333,8 @@ func NewPicaticAPIKey() text.TextRule { } } -func NewSendGridAPIKey() text.TextRule { - return text.TextRule{ +func NewSendGridAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-20", Name: "SendGrid API Key", @@ -349,8 +349,8 @@ func NewSendGridAPIKey() text.TextRule { } } -func NewStripeAPIKey() text.TextRule { - return text.TextRule{ +func NewStripeAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-21", Name: "Stripe API key", @@ -365,8 +365,8 @@ func NewStripeAPIKey() text.TextRule { } } -func NewSquareAccessToken() text.TextRule { - return text.TextRule{ +func NewSquareAccessToken() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-22", Name: "Square access token", @@ -381,8 +381,8 @@ func NewSquareAccessToken() text.TextRule { } } -func NewSquareOAuthSecret() text.TextRule { - return text.TextRule{ +func NewSquareOAuthSecret() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-23", Name: "Square OAuth secret", @@ -397,8 +397,8 @@ func NewSquareOAuthSecret() text.TextRule { } } -func NewTwilioAPIKey() text.TextRule { - return text.TextRule{ +func NewTwilioAPIKey() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-24", Name: "Twilio API key", @@ -413,8 +413,8 @@ func NewTwilioAPIKey() text.TextRule { } } -func NewHardCodedCredentialGeneric() text.TextRule { - return text.TextRule{ +func NewHardCodedCredentialGeneric() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-25", Name: "Potential Hard-coded credential", @@ -429,8 +429,8 @@ func NewHardCodedCredentialGeneric() text.TextRule { } } -func NewHardCodedPassword() text.TextRule { - return text.TextRule{ +func NewHardCodedPassword() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-26", Name: "Hard-coded password", @@ -449,8 +449,8 @@ func NewHardCodedPassword() text.TextRule { } } -func NewPasswordExposedInHardcodedURL() text.TextRule { - return text.TextRule{ +func NewPasswordExposedInHardcodedURL() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-27", Name: "Password found in a hardcoded URL", @@ -465,8 +465,8 @@ func NewPasswordExposedInHardcodedURL() text.TextRule { } } -func NewWPConfig() text.TextRule { - return text.TextRule{ +func NewWPConfig() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-LEAKS-28", Name: "Wordpress configuration file disclosure", diff --git a/internal/services/engines/leaks/rules_test.go b/internal/services/engines/leaks/rules_test.go index fe1a43782..79c790d1b 100644 --- a/internal/services/engines/leaks/rules_test.go +++ b/internal/services/engines/leaks/rules_test.go @@ -15,6 +15,8 @@ package leaks import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,402 +25,460 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-LEAKS-1", - Rule: NewAWSManagerID(), - Src: SampleVulnerableHSLEAKS1, + Name: "HS-LEAKS-1", + Rule: NewAWSManagerID(), + Src: SampleVulnerableHSLEAKS1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), Findings: []engine.Finding{ { CodeSample: "ACCESS_KEY: 'AKIAJSIE27KKMHXI3BJQ'", SourceLocation: engine.Location{ - Line: 7, - Column: 18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), + Line: 7, + Column: 18, }, }, }, }, { - Name: "HS-LEAKS-2", - Rule: NewAWSSecretKey(), - Src: SampleVulnerableHSLEAKS2, + Name: "HS-LEAKS-2", + Rule: NewAWSSecretKey(), + Src: SampleVulnerableHSLEAKS2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), Findings: []engine.Finding{ { CodeSample: `AWS_SECRET_KEY: 'doc5eRXFpsWllGC5yKJV/Ymm5KwF+IRZo95EudOm'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-3", - Rule: NewAWSMWSKey(), - Src: SampleVulnerableHSLEAKS3, + Name: "HS-LEAKS-3", + Rule: NewAWSMWSKey(), + Src: SampleVulnerableHSLEAKS3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), Findings: []engine.Finding{ { CodeSample: `AWS_WMS_KEY: 'amzn.mws.986478f0-9775-eabc-2af4-e499a8496828'`, SourceLocation: engine.Location{ - Line: 7, - Column: 20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), + Line: 7, + Column: 20, }, }, }, }, { - Name: "HS-LEAKS-4", - Rule: NewFacebookSecretKey(), - Src: SampleVulnerableHSLEAKS4, + Name: "HS-LEAKS-4", + Rule: NewFacebookSecretKey(), + Src: SampleVulnerableHSLEAKS4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), Findings: []engine.Finding{ { CodeSample: `FB_SECRET_KEY: 'cb6f53505911332d30867f44a1c1b9b5'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-5", - Rule: NewFacebookClientID(), - Src: SampleVulnerableHSLEAKS5, + Name: "HS-LEAKS-5", + Rule: NewFacebookClientID(), + Src: SampleVulnerableHSLEAKS5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), Findings: []engine.Finding{ { CodeSample: `FB_CLIENT_ID: '148695999071979'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-6", - Rule: NewTwitterSecretKey(), - Src: SampleVulnerableHSLEAKS6, + Name: "HS-LEAKS-6", + Rule: NewTwitterSecretKey(), + Src: SampleVulnerableHSLEAKS6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), Findings: []engine.Finding{ { CodeSample: `TWITTER_SECRET_KEY: 'ej64cqk9k8px9ae3e47ip89l7if58tqhpxi1r'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-7", - Rule: NewTwitterClientID(), - Src: SampleVulnerableHSLEAKS7, + Name: "HS-LEAKS-7", + Rule: NewTwitterClientID(), + Src: SampleVulnerableHSLEAKS7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), Findings: []engine.Finding{ { CodeSample: `TWITTER_CLIENT_ID: '1h6433fsvygnyre5a40'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-8", - Rule: NewGithub(), - Src: SampleVulnerableHSLEAKS8, + Name: "HS-LEAKS-8", + Rule: NewGithub(), + Src: SampleVulnerableHSLEAKS8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), Findings: []engine.Finding{ { CodeSample: `GITHUB_SECRET_KEY: 'edzvPbU3SYUc7pFc9le20lzIRErTOaxCABQ1'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-9", - Rule: NewLinkedInClientID(), - Src: SampleVulnerableHSLEAKS9, + Name: "HS-LEAKS-9", + Rule: NewLinkedInClientID(), + Src: SampleVulnerableHSLEAKS9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), Findings: []engine.Finding{ { CodeSample: `LINKEDIN_CLIENT_ID: 'g309xttlaw25'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-10", - Rule: NewLinkedInSecretKey(), - Src: SampleVulnerableHSLEAKS10, + Name: "HS-LEAKS-10", + Rule: NewLinkedInSecretKey(), + Src: SampleVulnerableHSLEAKS10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), Findings: []engine.Finding{ { CodeSample: `LINKEDIN_SECRET_KEY: '0d16kcnjyfzmcmjp'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-11", - Rule: NewSlack(), - Src: SampleVulnerableHSLEAKS11, + Name: "HS-LEAKS-11", + Rule: NewSlack(), + Src: SampleVulnerableHSLEAKS11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), Findings: []engine.Finding{ { CodeSample: `SLACK_WEBHOOK: 'https://hooks.slack.com/services/TNeqvYPeO/BncTJ74Hf/NlvFFKKAKPkd6h7FlQCz1Blu'`, SourceLocation: engine.Location{ - Line: 7, - Column: 22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), + Line: 7, + Column: 22, }, }, }, }, { - Name: "HS-LEAKS-12", - Rule: NewAsymmetricPrivateKey(), - Src: SampleVulnerableHSLEAKS12, + Name: "HS-LEAKS-12", + Rule: NewAsymmetricPrivateKey(), + Src: SampleVulnerableHSLEAKS12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), Findings: []engine.Finding{ { CodeSample: `SSH_PRIVATE_KEY: '-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anGcmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYDVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhz3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----'`, SourceLocation: engine.Location{ - Line: 7, - Column: 24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), + Line: 7, + Column: 24, }, }, }, }, { - Name: "HS-LEAKS-13", - Rule: NewGoogleAPIKey(), - Src: SampleVulnerableHSLEAKS13, + Name: "HS-LEAKS-13", + Rule: NewGoogleAPIKey(), + Src: SampleVulnerableHSLEAKS13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), Findings: []engine.Finding{ { CodeSample: `GCP_API_KEY: 'AIzaMPZHYiu1RdzE1nG2SaVyOoz244TuacQIR6m'`, SourceLocation: engine.Location{ - Line: 7, - Column: 20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), + Line: 7, + Column: 20, }, }, }, }, { - Name: "HS-LEAKS-14", - Rule: NewGoogleGCPServiceAccount(), - Src: SampleVulnerableHSLEAKS14, + Name: "HS-LEAKS-14", + Rule: NewGoogleGCPServiceAccount(), + Src: SampleVulnerableHSLEAKS14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), Findings: []engine.Finding{ { CodeSample: `GCP_SERVICE_ACCOUNT: '18256698220617903267772185514630273595-oy8_uzouz8tyy46y84ckrwei9_6rq_pb.apps.googleusercontent.com'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-15", - Rule: NewHerokuAPIKey(), - Src: SampleVulnerableHSLEAKS15, + Name: "HS-LEAKS-15", + Rule: NewHerokuAPIKey(), + Src: SampleVulnerableHSLEAKS15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), Findings: []engine.Finding{ { CodeSample: `HEROKU_API_KEY: '3623f8e9-2d05-c9bb-2209082d6b5c'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-16", - Rule: NewMailChimpAPIKey(), - Src: SampleVulnerableHSLEAKS16, + Name: "HS-LEAKS-16", + Rule: NewMailChimpAPIKey(), + Src: SampleVulnerableHSLEAKS16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), Findings: []engine.Finding{ { CodeSample: `MAILCHIMP_API_KEY: 'f7e9c13c10d0b19c3bb003a9f635d488-us72'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-17", - Rule: NewMailgunAPIKey(), - Src: SampleVulnerableHSLEAKS17, + Name: "HS-LEAKS-17", + Rule: NewMailgunAPIKey(), + Src: SampleVulnerableHSLEAKS17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), Findings: []engine.Finding{ { CodeSample: `MAILGUN_API_KEY: 'key-xke9nbc2i5po5cjw3ngyxiz450zxpapu'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-18", - Rule: NewPayPalBraintreeAccessToken(), - Src: SampleVulnerableHSLEAKS18, + Name: "HS-LEAKS-18", + Rule: NewPayPalBraintreeAccessToken(), + Src: SampleVulnerableHSLEAKS18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), Findings: []engine.Finding{ { CodeSample: `PAY_PAL_ACCESS_TOKEN: 'access_token$production$mk0sech2v7qqsol3$db651af2221c22b4ca2f0f583798135e'`, SourceLocation: engine.Location{ - Line: 7, - Column: 29, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), + Line: 7, + Column: 29, }, }, }, }, { - Name: "HS-LEAKS-19", - Rule: NewPicaticAPIKey(), - Src: SampleVulnerableHSLEAKS19, + Name: "HS-LEAKS-19", + Rule: NewPicaticAPIKey(), + Src: SampleVulnerableHSLEAKS19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), Findings: []engine.Finding{ { CodeSample: `PICATIC_API_KEY: 'sk_live_voy1p9k7r9g9j8ezmif488nk2p8310nl'`, SourceLocation: engine.Location{ - Line: 7, - Column: 24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), + Line: 7, + Column: 24, }, }, }, }, { - Name: "HS-LEAKS-20", - Rule: NewSendGridAPIKey(), - Src: SampleVulnerableHSLEAKS20, + Name: "HS-LEAKS-20", + Rule: NewSendGridAPIKey(), + Src: SampleVulnerableHSLEAKS20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), Findings: []engine.Finding{ { CodeSample: `SEND_GRID_API_KEY: 'SG.44b7kq3FurdH0bSHBGjPSWhE8vJ.1evu4Un0TXFIb1_6zW4YOdjTMeE'`, SourceLocation: engine.Location{ - Line: 7, - Column: 26, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), + Line: 7, + Column: 26, }, }, }, }, { - Name: "HS-LEAKS-21", - Rule: NewStripeAPIKey(), - Src: SampleVulnerableHSLEAKS21, + Name: "HS-LEAKS-21", + Rule: NewStripeAPIKey(), + Src: SampleVulnerableHSLEAKS21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), Findings: []engine.Finding{ { CodeSample: `STRIPE_API_KEY: 'rk_live_8qSZpoI9t0BOGkOLVzvesc6K'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-22", - Rule: NewSquareAccessToken(), - Src: SampleVulnerableHSLEAKS22, + Name: "HS-LEAKS-22", + Rule: NewSquareAccessToken(), + Src: SampleVulnerableHSLEAKS22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), Findings: []engine.Finding{ { CodeSample: `SQUARE_ACCESS_TOKEN: 'sq0atp-clYRBSht6oefa7w_2R56ra'`, SourceLocation: engine.Location{ - Line: 7, - Column: 28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), + Line: 7, + Column: 28, }, }, }, }, { - Name: "HS-LEAKS-23", - Rule: NewSquareOAuthSecret(), - Src: SampleVulnerableHSLEAKS23, + Name: "HS-LEAKS-23", + Rule: NewSquareOAuthSecret(), + Src: SampleVulnerableHSLEAKS23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), Findings: []engine.Finding{ { CodeSample: `SQUARE_SECRET: 'sq0csp-LsEBYQNja]OgT3hRxjJV5cWX^XjpT12n3QkRY_vep2z'`, SourceLocation: engine.Location{ - Line: 7, - Column: 22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), + Line: 7, + Column: 22, }, }, }, }, { - Name: "HS-LEAKS-24", - Rule: NewTwilioAPIKey(), - Src: SampleVulnerableHSLEAKS24, + Name: "HS-LEAKS-24", + Rule: NewTwilioAPIKey(), + Src: SampleVulnerableHSLEAKS24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), Findings: []engine.Finding{ { CodeSample: `TWILIO_API_KEY: '^SK9ae6bd84ccd091eb6bfad8e2a474af95'`, SourceLocation: engine.Location{ - Line: 7, - Column: 6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), + Line: 7, + Column: 6, }, }, }, }, { - Name: "HS-LEAKS-25", - Rule: NewHardCodedCredentialGeneric(), - Src: SampleVulnerableHSLEAKS25, + Name: "HS-LEAKS-25", + Rule: NewHardCodedCredentialGeneric(), + Src: SampleVulnerableHSLEAKS25, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), Findings: []engine.Finding{ { CodeSample: `POSTGRES_DBPASSWD: 'Ch@ng3m3'`, SourceLocation: engine.Location{ - Line: 7, - Column: 15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), + Line: 7, + Column: 15, }, }, }, }, { - Name: "HS-LEAKS-26", - Rule: NewHardCodedPassword(), - Src: SampleVulnerableHSLEAKS26, + Name: "HS-LEAKS-26", + Rule: NewHardCodedPassword(), + Src: SampleVulnerableHSLEAKS26, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), Findings: []engine.Finding{ { CodeSample: `DB_PASSWORD="gorm"`, SourceLocation: engine.Location{ - Line: 13, - Column: 4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), + Line: 13, + Column: 4, }, }, }, }, { - Name: "HS-LEAKS-27", - Rule: NewPasswordExposedInHardcodedURL(), - Src: SampleVulnerableHSLEAKS27, + Name: "HS-LEAKS-27", + Rule: NewPasswordExposedInHardcodedURL(), + Src: SampleVulnerableHSLEAKS27, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), Findings: []engine.Finding{ { CodeSample: `dsn := "postgresql://gorm:gorm@127.0.0.1:5432/gorm?sslmode=disable"`, SourceLocation: engine.Location{ - Line: 10, - Column: 9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), + Line: 10, + Column: 9, }, }, }, }, { - Name: "HS-LEAKS-28", - Rule: NewWPConfig(), - Src: SampleVulnerableHSLEAKS28, + Name: "HS-LEAKS-28", + Rule: NewWPConfig(), + Src: SampleVulnerableHSLEAKS28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), Findings: []engine.Finding{ { CodeSample: `define('AUTH_KEY', 'put your unique phrase here');`, SourceLocation: engine.Location{ - Line: 3, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Line: 3, + Column: 0, }, }, { CodeSample: `define('DB_PASSWORD', 'wen0221!');`, SourceLocation: engine.Location{ - Line: 4, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Line: 4, + Column: 0, }, }, }, @@ -429,146 +489,175 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-LEAKS-1", - Rule: NewAWSManagerID(), - Src: SampleSafeHSLEAKS1, + Name: "HS-LEAKS-1", + Rule: NewAWSManagerID(), + Src: SampleSafeHSLEAKS1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), }, { - Name: "HS-LEAKS-2", - Rule: NewAWSSecretKey(), - Src: SampleSafeHSLEAKS2, + Name: "HS-LEAKS-2", + Rule: NewAWSSecretKey(), + Src: SampleSafeHSLEAKS2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), }, { - Name: "HS-LEAKS-3", - Rule: NewAWSMWSKey(), - Src: SampleSafeHSLEAKS3, + Name: "HS-LEAKS-3", + Rule: NewAWSMWSKey(), + Src: SampleSafeHSLEAKS3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), }, { - Name: "HS-LEAKS-4", - Rule: NewFacebookSecretKey(), - Src: SampleSafeHSLEAKS4, + Name: "HS-LEAKS-4", + Rule: NewFacebookSecretKey(), + Src: SampleSafeHSLEAKS4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), }, { - Name: "HS-LEAKS-5", - Rule: NewFacebookClientID(), - Src: SampleSafeHSLEAKS5, + Name: "HS-LEAKS-5", + Rule: NewFacebookClientID(), + Src: SampleSafeHSLEAKS5, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), }, { - Name: "HS-LEAKS-6", - Rule: NewTwitterSecretKey(), - Src: SampleSafeHSLEAKS6, + Name: "HS-LEAKS-6", + Rule: NewTwitterSecretKey(), + Src: SampleSafeHSLEAKS6, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), }, { - Name: "HS-LEAKS-7", - Rule: NewTwitterClientID(), - Src: SampleSafeHSLEAKS7, + Name: "HS-LEAKS-7", + Rule: NewTwitterClientID(), + Src: SampleSafeHSLEAKS7, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), }, { - Name: "HS-LEAKS-8", - Rule: NewGithub(), - Src: SampleSafeHSLEAKS8, + Name: "HS-LEAKS-8", + Rule: NewGithub(), + Src: SampleSafeHSLEAKS8, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), }, { - Name: "HS-LEAKS-9", - Rule: NewLinkedInClientID(), - Src: SampleSafeHSLEAKS9, + Name: "HS-LEAKS-9", + Rule: NewLinkedInClientID(), + Src: SampleSafeHSLEAKS9, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), }, { - Name: "HS-LEAKS-10", - Rule: NewLinkedInSecretKey(), - Src: SampleSafeHSLEAKS10, + Name: "HS-LEAKS-10", + Rule: NewLinkedInSecretKey(), + Src: SampleSafeHSLEAKS10, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), }, { - Name: "HS-LEAKS-11", - Rule: NewSlack(), - Src: SampleSafeHSLEAKS11, + Name: "HS-LEAKS-11", + Rule: NewSlack(), + Src: SampleSafeHSLEAKS11, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), }, { - Name: "HS-LEAKS-12", - Rule: NewAsymmetricPrivateKey(), - Src: SampleSafeHSLEAKS12, + Name: "HS-LEAKS-12", + Rule: NewAsymmetricPrivateKey(), + Src: SampleSafeHSLEAKS12, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), }, { - Name: "HS-LEAKS-13", - Rule: NewGoogleAPIKey(), - Src: SampleSafeHSLEAKS13, + Name: "HS-LEAKS-13", + Rule: NewGoogleAPIKey(), + Src: SampleSafeHSLEAKS13, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), }, { - Name: "HS-LEAKS-14", - Rule: NewGoogleGCPServiceAccount(), - Src: SampleSafeHSLEAKS14, + Name: "HS-LEAKS-14", + Rule: NewGoogleGCPServiceAccount(), + Src: SampleSafeHSLEAKS14, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), }, { - Name: "HS-LEAKS-15", - Rule: NewHerokuAPIKey(), - Src: SampleSafeHSLEAKS15, + Name: "HS-LEAKS-15", + Rule: NewHerokuAPIKey(), + Src: SampleSafeHSLEAKS15, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), }, { - Name: "HS-LEAKS-16", - Rule: NewMailChimpAPIKey(), - Src: SampleSafeHSLEAKS16, + Name: "HS-LEAKS-16", + Rule: NewMailChimpAPIKey(), + Src: SampleSafeHSLEAKS16, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), }, { - Name: "HS-LEAKS-17", - Rule: NewMailgunAPIKey(), - Src: SampleSafeHSLEAKS17, + Name: "HS-LEAKS-17", + Rule: NewMailgunAPIKey(), + Src: SampleSafeHSLEAKS17, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), }, { - Name: "HS-LEAKS-18", - Rule: NewPayPalBraintreeAccessToken(), - Src: SampleSafeHSLEAKS18, + Name: "HS-LEAKS-18", + Rule: NewPayPalBraintreeAccessToken(), + Src: SampleSafeHSLEAKS18, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), }, { - Name: "HS-LEAKS-19", - Rule: NewPicaticAPIKey(), - Src: SampleSafeHSLEAKS19, + Name: "HS-LEAKS-19", + Rule: NewPicaticAPIKey(), + Src: SampleSafeHSLEAKS19, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), }, { - Name: "HS-LEAKS-20", - Rule: NewSendGridAPIKey(), - Src: SampleSafeHSLEAKS20, + Name: "HS-LEAKS-20", + Rule: NewSendGridAPIKey(), + Src: SampleSafeHSLEAKS20, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), }, { - Name: "HS-LEAKS-21", - Rule: NewStripeAPIKey(), - Src: SampleSafeHSLEAKS21, + Name: "HS-LEAKS-21", + Rule: NewStripeAPIKey(), + Src: SampleSafeHSLEAKS21, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), }, { - Name: "HS-LEAKS-22", - Rule: NewSquareAccessToken(), - Src: SampleSafeHSLEAKS22, + Name: "HS-LEAKS-22", + Rule: NewSquareAccessToken(), + Src: SampleSafeHSLEAKS22, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), }, { - Name: "HS-LEAKS-23", - Rule: NewSquareOAuthSecret(), - Src: SampleSafeHSLEAKS23, + Name: "HS-LEAKS-23", + Rule: NewSquareOAuthSecret(), + Src: SampleSafeHSLEAKS23, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), }, { - Name: "HS-LEAKS-24", - Rule: NewTwilioAPIKey(), - Src: SampleSafeHSLEAKS24, + Name: "HS-LEAKS-24", + Rule: NewTwilioAPIKey(), + Src: SampleSafeHSLEAKS24, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), }, { - Name: "HS-LEAKS-25", - Rule: NewHardCodedCredentialGeneric(), - Src: SampleSafeHSLEAKS25, + Name: "HS-LEAKS-25", + Rule: NewHardCodedCredentialGeneric(), + Src: SampleSafeHSLEAKS25, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), }, { - Name: "HS-LEAKS-26", - Rule: NewHardCodedPassword(), - Src: SampleSafeHSLEAKS26, + Name: "HS-LEAKS-26", + Rule: NewHardCodedPassword(), + Src: SampleSafeHSLEAKS26, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), }, { - Name: "HS-LEAKS-27", - Rule: NewPasswordExposedInHardcodedURL(), - Src: SampleSafeHSLEAKS27, + Name: "HS-LEAKS-27", + Rule: NewPasswordExposedInHardcodedURL(), + Src: SampleSafeHSLEAKS27, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), }, { - Name: "HS-LEAKS-28", - Rule: NewWPConfig(), - Src: SampleSafeHSLEAKS28, + Name: "HS-LEAKS-28", + Rule: NewWPConfig(), + Src: SampleSafeHSLEAKS28, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), }, } testutil.TestSafeCode(t, testcases) diff --git a/internal/services/engines/nginx/rules.go b/internal/services/engines/nginx/rules.go index 41278956b..6c22722d6 100644 --- a/internal/services/engines/nginx/rules.go +++ b/internal/services/engines/nginx/rules.go @@ -24,8 +24,8 @@ import ( "github.com/ZupIT/horusec-engine/text" ) -func NewIncludeXFrameOptionsHeader() text.TextRule { - return text.TextRule{ +func NewIncludeXFrameOptionsHeader() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-NGINX-1", Name: "Improper Restriction of Rendered UI Layers or Frames", @@ -40,8 +40,8 @@ func NewIncludeXFrameOptionsHeader() text.TextRule { } } -func NewIncludeXContentTypeOptionsHeader() text.TextRule { - return text.TextRule{ +func NewIncludeXContentTypeOptionsHeader() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-NGINX-2", Name: "Missing X-Content-Type-Options header", @@ -56,8 +56,8 @@ func NewIncludeXContentTypeOptionsHeader() text.TextRule { } } -func NewIncludeContentSecurityPolicyHeader() text.TextRule { - return text.TextRule{ +func NewIncludeContentSecurityPolicyHeader() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-NGINX-3", Name: "Missing Content-Security-Policy header", @@ -72,8 +72,8 @@ func NewIncludeContentSecurityPolicyHeader() text.TextRule { } } -func NewIncludeServerTokensOff() text.TextRule { - return text.TextRule{ +func NewIncludeServerTokensOff() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-NGINX-4", Name: "Exposure of Sensitive Information", diff --git a/internal/services/engines/nginx/rules_test.go b/internal/services/engines/nginx/rules_test.go index 8d4770ece..639ac7e9e 100644 --- a/internal/services/engines/nginx/rules_test.go +++ b/internal/services/engines/nginx/rules_test.go @@ -15,6 +15,8 @@ package nginx import ( + "fmt" + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,59 +25,68 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-NGINX-1", - Rule: NewIncludeXFrameOptionsHeader(), - Src: SampleVulnerableHSNGINX1, + Name: "HS-NGINX-1", + Rule: NewIncludeXFrameOptionsHeader(), + Src: SampleVulnerableHSNGINX1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-1", ".test")), Findings: []engine.Finding{ { CodeSample: "", SourceLocation: engine.Location{ - Line: 0, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-1", ".test")), + Line: 0, + Column: 0, }, }, }, }, { - Name: "HS-NGINX-2", - Rule: NewIncludeXContentTypeOptionsHeader(), - Src: SampleVulnerableHSNGINX2, + Name: "HS-NGINX-2", + Rule: NewIncludeXContentTypeOptionsHeader(), + Src: SampleVulnerableHSNGINX2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-2", ".test")), Findings: []engine.Finding{ { CodeSample: "", SourceLocation: engine.Location{ - Line: 0, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-2", ".test")), + Line: 0, + Column: 0, }, }, }, }, { - Name: "HS-NGINX-3", - Rule: NewIncludeContentSecurityPolicyHeader(), - Src: SampleVulnerableHSNGINX3, + Name: "HS-NGINX-3", + Rule: NewIncludeContentSecurityPolicyHeader(), + Src: SampleVulnerableHSNGINX3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-3", ".test")), Findings: []engine.Finding{ { CodeSample: "", SourceLocation: engine.Location{ - Line: 0, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-3", ".test")), + Line: 0, + Column: 0, }, }, }, }, { - Name: "HS-NGINX-4", - Rule: NewIncludeServerTokensOff(), - Src: SampleVulnerableHSNGINX4, + Name: "HS-NGINX-4", + Rule: NewIncludeServerTokensOff(), + Src: SampleVulnerableHSNGINX4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-4", ".test")), Findings: []engine.Finding{ { CodeSample: "", SourceLocation: engine.Location{ - Line: 0, - Column: 0, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-4", ".test")), + Line: 0, + Column: 0, }, }, }, @@ -86,26 +97,31 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tempDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-NGINX-1", - Rule: NewIncludeXFrameOptionsHeader(), - Src: SampleSafeHSNGINX1, + Name: "HS-NGINX-1", + Rule: NewIncludeXFrameOptionsHeader(), + Src: SampleSafeHSNGINX1, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-1", ".test")), }, { - Name: "HS-NGINX-2", - Rule: NewIncludeXContentTypeOptionsHeader(), - Src: SampleSafeHSNGINX2, + Name: "HS-NGINX-2", + Rule: NewIncludeXContentTypeOptionsHeader(), + Src: SampleSafeHSNGINX2, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-2", ".test")), }, { - Name: "HS-NGINX-3", - Rule: NewIncludeContentSecurityPolicyHeader(), - Src: SampleSafeHSNGINX3, + Name: "HS-NGINX-3", + Rule: NewIncludeContentSecurityPolicyHeader(), + Src: SampleSafeHSNGINX3, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-3", ".test")), }, { - Name: "HS-NGINX-4", - Rule: NewIncludeServerTokensOff(), - Src: SampleSafeHSNGINX4, + Name: "HS-NGINX-4", + Rule: NewIncludeServerTokensOff(), + Src: SampleSafeHSNGINX4, + Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-NGINX-4", ".test")), }, } diff --git a/internal/services/engines/rules.go b/internal/services/engines/rules.go index d61d730dd..6bf2529b4 100644 --- a/internal/services/engines/rules.go +++ b/internal/services/engines/rules.go @@ -16,7 +16,6 @@ package engines import ( engine "github.com/ZupIT/horusec-engine" - "github.com/ZupIT/horusec-engine/text" ) // RuleManager is a generic implementation of formatters.RuleManager @@ -37,19 +36,6 @@ func (r *RuleManager) GetAllRules() []engine.Rule { return r.rules } -//nolint:gomnd // magic number -func (r *RuleManager) GetTextUnitByRulesExt(src string) ([]engine.Unit, error) { - textUnits, err := text.LoadDirIntoMultiUnit(src, 5, r.extensions) - if err != nil { - return []engine.Unit{}, err - } - return r.parseTextUnitsToUnits(textUnits), nil -} - -func (r *RuleManager) parseTextUnitsToUnits(textUnits []text.TextUnit) []engine.Unit { - units := make([]engine.Unit, 0, len(textUnits)) - for _, t := range textUnits { - units = append(units, t) - } - return units +func (r *RuleManager) GetAllExtensions() []string { + return r.extensions } diff --git a/internal/services/engines/rules_test.go b/internal/services/engines/rules_test.go index b63912e5d..6ed4fd941 100644 --- a/internal/services/engines/rules_test.go +++ b/internal/services/engines/rules_test.go @@ -93,8 +93,8 @@ func TestGetRules(t *testing.T) { rulesID := map[string]bool{} for _, rule := range rules { - r, ok := rule.(text.TextRule) - require.True(t, ok, "Expected rule type of text.TextRule, got %T", rule) + r, ok := rule.(*text.Rule) + require.True(t, ok, "Expected rule type of text.Rule, got %T", rule) expressions += len(r.Expressions) if rulesID[r.ID] == true { diff --git a/internal/services/engines/swift/rules.go b/internal/services/engines/swift/rules.go index f4ecdf4a1..72daf4e90 100644 --- a/internal/services/engines/swift/rules.go +++ b/internal/services/engines/swift/rules.go @@ -26,8 +26,8 @@ import ( // Deprecated: This rule is not usage really in any swift project, // because when use sqlite3_exec internally it's running the commands sqlite3_prepare_v2, sqlite3_step, sqlite3_finalize // then is not necessary use sqlite3_finalize and this rule not will get anywhere vulnerability -//func NewSQLiteDatabase() text.TextRule { -// return text.TextRule{ +//func NewSQLiteDatabase() *text.Rule { +// return &text.Rule{ // Metadata: engine.Metadata{ // ID: "HS-SWIFT-1", // Name: "SQLite Database", @@ -43,8 +43,8 @@ import ( // } //} -func NewCoreDataDatabase() text.TextRule { - return text.TextRule{ +func NewCoreDataDatabase() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-2", Name: "CoreData Database", @@ -60,8 +60,8 @@ func NewCoreDataDatabase() text.TextRule { } } -func NewDTLS12NotUsed() text.TextRule { - return text.TextRule{ +func NewDTLS12NotUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-3", Name: "DTLS 1.2 not used", @@ -77,8 +77,8 @@ func NewDTLS12NotUsed() text.TextRule { } } -func NewTLS13NotUsed() text.TextRule { - return text.TextRule{ +func NewTLS13NotUsed() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-4", Name: "TLS 1.3 not used", @@ -94,8 +94,8 @@ func NewTLS13NotUsed() text.TextRule { } } -func NewReverseEngineering() text.TextRule { - return text.TextRule{ +func NewReverseEngineering() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-5", Name: "Reverse engineering", @@ -113,8 +113,8 @@ func NewReverseEngineering() text.TextRule { } } -func NewWeakMD5CryptoCipher() text.TextRule { - return text.TextRule{ +func NewWeakMD5CryptoCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-6", Name: "Weak MD5 hash using", @@ -130,8 +130,8 @@ func NewWeakMD5CryptoCipher() text.TextRule { } } -func NewWeakCommonDesCryptoCipher() text.TextRule { - return text.TextRule{ +func NewWeakCommonDesCryptoCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-7", Name: "Weak DES hash using", @@ -147,8 +147,8 @@ func NewWeakCommonDesCryptoCipher() text.TextRule { } } -func NewWeakIDZDesCryptoCipher() text.TextRule { - return text.TextRule{ +func NewWeakIDZDesCryptoCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-8", Name: "Weak DES hash using", @@ -164,8 +164,8 @@ func NewWeakIDZDesCryptoCipher() text.TextRule { } } -func NewWeakBlowfishCryptoCipher() text.TextRule { - return text.TextRule{ +func NewWeakBlowfishCryptoCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-9", Name: "Weak Cipher Mode", @@ -181,8 +181,8 @@ func NewWeakBlowfishCryptoCipher() text.TextRule { } } -func NewMD6Collision() text.TextRule { - return text.TextRule{ +func NewMD6Collision() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-10", Name: "Weak MD6 hash using", @@ -198,8 +198,8 @@ func NewMD6Collision() text.TextRule { } } -func NewMD5Collision() text.TextRule { - return text.TextRule{ +func NewMD5Collision() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-11", Name: "Weak MD5 hash using", @@ -215,8 +215,8 @@ func NewMD5Collision() text.TextRule { } } -func NewSha1Collision() text.TextRule { - return text.TextRule{ +func NewSha1Collision() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-12", Name: "Weak SHA1 hash using", @@ -232,8 +232,8 @@ func NewSha1Collision() text.TextRule { } } -func NewJailbreakDetect() text.TextRule { - return text.TextRule{ +func NewJailbreakDetect() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-13", Name: "Jailbreak detection", @@ -294,8 +294,8 @@ func NewJailbreakDetect() text.TextRule { } } -func NewLoadHTMLString() text.TextRule { - return text.TextRule{ +func NewLoadHTMLString() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-14", Name: "Javascript injection", @@ -311,8 +311,8 @@ func NewLoadHTMLString() text.TextRule { } } -func NewWeakDesCryptoCipher() text.TextRule { - return text.TextRule{ +func NewWeakDesCryptoCipher() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-15", Name: "Weak Cipher Mode", @@ -328,8 +328,8 @@ func NewWeakDesCryptoCipher() text.TextRule { } } -func NewRealmDatabase() text.TextRule { - return text.TextRule{ +func NewRealmDatabase() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-16", Name: "Realm Database", @@ -344,8 +344,8 @@ func NewRealmDatabase() text.TextRule { } } -func NewTLSMinimum() text.TextRule { - return text.TextRule{ +func NewTLSMinimum() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-17", Name: "Deperected tls property", @@ -360,8 +360,8 @@ func NewTLSMinimum() text.TextRule { } } -func NewUIPasteboard() text.TextRule { - return text.TextRule{ +func NewUIPasteboard() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-18", Name: "UIPasteboard", @@ -376,8 +376,8 @@ func NewUIPasteboard() text.TextRule { } } -func NewFileProtection() text.TextRule { - return text.TextRule{ +func NewFileProtection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-19", Name: "File protection", @@ -392,8 +392,8 @@ func NewFileProtection() text.TextRule { } } -func NewWebViewSafari() text.TextRule { - return text.TextRule{ +func NewWebViewSafari() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-20", Name: "WebView Safari", @@ -408,8 +408,8 @@ func NewWebViewSafari() text.TextRule { } } -func NewKeyboardCache() text.TextRule { - return text.TextRule{ +func NewKeyboardCache() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-21", Name: "Keyboard cache", @@ -424,8 +424,8 @@ func NewKeyboardCache() text.TextRule { } } -func NewMD4Collision() text.TextRule { - return text.TextRule{ +func NewMD4Collision() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-22", Name: "Weak MD4 hash using", @@ -440,8 +440,8 @@ func NewMD4Collision() text.TextRule { } } -func NewMD2Collision() text.TextRule { - return text.TextRule{ +func NewMD2Collision() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-23", Name: "Weak MD2 hash using", @@ -456,8 +456,8 @@ func NewMD2Collision() text.TextRule { } } -func NewSQLInjection() text.TextRule { - return text.TextRule{ +func NewSQLInjection() *text.Rule { + return &text.Rule{ Metadata: engine.Metadata{ ID: "HS-SWIFT-24", Name: "SQL Injection", diff --git a/internal/services/engines/swift/rules_test.go b/internal/services/engines/swift/rules_test.go index 034d16e7f..178fb5c53 100644 --- a/internal/services/engines/swift/rules_test.go +++ b/internal/services/engines/swift/rules_test.go @@ -15,6 +15,7 @@ package swift import ( + "path/filepath" "testing" engine "github.com/ZupIT/horusec-engine" @@ -23,31 +24,36 @@ import ( ) func TestRulesVulnerableCode(t *testing.T) { + tmpDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-SWIFT-6", - Rule: NewWeakMD5CryptoCipher(), - Src: SampleVulnerableHSSWIFT6, + Name: "HS-SWIFT-6", + Rule: NewWeakMD5CryptoCipher(), + Src: SampleVulnerableHSSWIFT6, + Filename: filepath.Join(tmpDir, "HS-SWIFT-6"), Findings: []engine.Finding{ { CodeSample: `import CryptoSwift`, SourceLocation: engine.Location{ - Line: 1, - Column: 0, + Filename: filepath.Join(tmpDir, "HS-SWIFT-6"), + Line: 1, + Column: 0, }, }, }, }, { - Name: "HS-SWIFT-24", - Src: SampleVulnerableHSSWIFT24, - Rule: NewSQLInjection(), + Name: "HS-SWIFT-24", + Src: SampleVulnerableHSSWIFT24, + Rule: NewSQLInjection(), + Filename: filepath.Join(tmpDir, "HS-SWIFT-24"), Findings: []engine.Finding{ { CodeSample: `let err = SD.executeChange("SELECT * FROM User where user="+ valuesFromInput) {`, SourceLocation: engine.Location{ - Line: 2, - Column: 13, + Filename: filepath.Join(tmpDir, "HS-SWIFT-24"), + Line: 2, + Column: 13, }, }, }, @@ -58,16 +64,19 @@ func TestRulesVulnerableCode(t *testing.T) { } func TestRulesSafeCode(t *testing.T) { + tmpDir := t.TempDir() testcases := []*testutil.RuleTestCase{ { - Name: "HS-SWIFT-6", - Rule: NewWeakMD5CryptoCipher(), - Src: SampleSafeHSSWIFT6, + Name: "HS-SWIFT-6", + Rule: NewWeakMD5CryptoCipher(), + Src: SampleSafeHSSWIFT6, + Filename: filepath.Join(tmpDir, "HS-SWIFT-6"), }, { - Name: "HS-SWIFT-24", - Rule: NewSQLInjection(), - Src: SampleSafeHSSWIFT24, + Name: "HS-SWIFT-24", + Rule: NewSQLInjection(), + Src: SampleSafeHSSWIFT24, + Filename: filepath.Join(tmpDir, "HS-SWIFT-24"), }, } testutil.TestSafeCode(t, testcases) diff --git a/internal/services/formatters/default_engine_formatter.go b/internal/services/formatters/default_engine_formatter.go index 2bc2eafe9..2ee7ef196 100644 --- a/internal/services/formatters/default_engine_formatter.go +++ b/internal/services/formatters/default_engine_formatter.go @@ -15,20 +15,19 @@ package formatters import ( - "path/filepath" + "context" "github.com/ZupIT/horusec-devkit/pkg/enums/languages" "github.com/ZupIT/horusec-devkit/pkg/enums/tools" "github.com/ZupIT/horusec-devkit/pkg/utils/logger" engine "github.com/ZupIT/horusec-engine" - "github.com/ZupIT/horusec/internal/enums/engines" "github.com/ZupIT/horusec/internal/helpers/messages" ) type RuleManager interface { GetAllRules() []engine.Rule - GetTextUnitByRulesExt(src string) ([]engine.Unit, error) + GetAllExtensions() []string } // DefaultFormatter is a formatter that can be used with horusec engines implementation @@ -36,6 +35,7 @@ type DefaultFormatter struct { svc IService manager RuleManager language languages.Language + engine *engine.Engine } func NewDefaultFormatter(svc IService, manager RuleManager, language languages.Language) IFormatter { @@ -43,6 +43,7 @@ func NewDefaultFormatter(svc IService, manager RuleManager, language languages.L svc: svc, manager: manager, language: language, + engine: engine.NewEngine(0, manager.GetAllExtensions()...), } } @@ -51,27 +52,18 @@ func (f *DefaultFormatter) StartAnalysis(src string) { logger.LogDebugWithLevel(messages.MsgDebugToolIgnored + tools.HorusecEngine.ToString()) return } - f.svc.SetAnalysisError(f.execEngineAndParseResults(src), tools.HorusecEngine, "", src) + f.svc.SetAnalysisError(f.execEngineAndParseResults(), tools.HorusecEngine, "", src) f.svc.LogDebugWithReplace(messages.MsgDebugToolFinishAnalysis, tools.HorusecEngine, f.language) } -func (f *DefaultFormatter) execEngineAndParseResults(src string) error { +func (f *DefaultFormatter) execEngineAndParseResults() error { f.svc.LogDebugWithReplace(messages.MsgDebugToolStartAnalysis, tools.HorusecEngine, f.language) - findings, err := f.execEngineAnalysis(src) + rules := append(f.manager.GetAllRules(), f.svc.GetCustomRulesByLanguage(f.language)...) + findings, err := f.engine.Run(context.Background(), f.svc.GetConfigProjectPath(), rules...) if err != nil { return err } f.svc.ParseFindingsToVulnerabilities(findings, tools.HorusecEngine, f.language) return nil } - -func (f *DefaultFormatter) execEngineAnalysis(src string) ([]engine.Finding, error) { - textUnit, err := f.manager.GetTextUnitByRulesExt(filepath.Join(f.svc.GetConfigProjectPath(), src)) - if err != nil { - return nil, err - } - - allRules := append(f.manager.GetAllRules(), f.svc.GetCustomRulesByLanguage(f.language)...) - return engine.RunMaxUnitsByAnalysis(textUnit, allRules, engines.DefaultMaxUnitsPerAnalysis), nil -} diff --git a/internal/services/formatters/default_engine_formatter_test.go b/internal/services/formatters/default_engine_formatter_test.go index 29d9e2eba..5ef40b2a6 100644 --- a/internal/services/formatters/default_engine_formatter_test.go +++ b/internal/services/formatters/default_engine_formatter_test.go @@ -18,7 +18,7 @@ import ( "testing" "github.com/ZupIT/horusec-devkit/pkg/entities/analysis" - engine "github.com/ZupIT/horusec-engine" + "github.com/ZupIT/horusec-engine/text" "github.com/stretchr/testify/assert" "github.com/ZupIT/horusec/internal/services/formatters" @@ -89,7 +89,7 @@ func TestStartAnalysis(t *testing.T) { service.On("ToolIsToIgnore").Return(false) service.On("GetConfigProjectPath").Return(".") service.On("ParseFindingsToVulnerabilities").Return(nil) - service.On("GetCustomRulesByLanguage").Return([]engine.Rule{}) + service.On("GetCustomRulesByLanguage").Return([]text.Rule{}) assert.NotPanics(t, func() { tt.formatter(service).StartAnalysis("") @@ -107,7 +107,7 @@ func TestStartAnalysis(t *testing.T) { service.On("ToolIsToIgnore").Return(false) service.On("GetConfigProjectPath").Return(".") service.On("ParseFindingsToVulnerabilities").Return(nil) - service.On("GetCustomRulesByLanguage").Return([]engine.Rule{}) + service.On("GetCustomRulesByLanguage").Return([]text.Rule{}) assert.NotPanics(t, func() { tt.formatter(service).StartAnalysis("") diff --git a/internal/utils/testutil/rules_test_generic.go b/internal/utils/testutil/rules_test_generic.go index 8289d50cb..32c186e9d 100644 --- a/internal/utils/testutil/rules_test_generic.go +++ b/internal/utils/testutil/rules_test_generic.go @@ -15,14 +15,13 @@ package testutil import ( + "context" + "os" "testing" engine "github.com/ZupIT/horusec-engine" "github.com/ZupIT/horusec-engine/text" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - enginesenum "github.com/ZupIT/horusec/internal/enums/engines" ) func TestVulnerableCode(t *testing.T, testcases []*RuleTestCase) { @@ -61,23 +60,19 @@ func TestSafeCode(t *testing.T, testcases []*RuleTestCase) { } func executeRule(tb testing.TB, tt *RuleTestCase) []engine.Finding { - textFile, err := text.NewTextFile("", []byte(tt.Src)) - require.Nil(tb, err, "Expected nil error to create text file") - - unit := text.TextUnit{ - Files: []text.TextFile{ - textFile, - }, - } - - return engine.RunMaxUnitsByAnalysis( - []engine.Unit{unit}, []engine.Rule{tt.Rule}, enginesenum.DefaultMaxUnitsPerAnalysis, - ) + // TODO(ian): make a better way to assert finding here + err := os.WriteFile(tt.Filename, []byte(tt.Src), os.ModePerm) + assert.NoError(tb, err) + eng := engine.NewEngine(0, "*") + findings, err := eng.Run(context.Background(), tt.Filename, tt.Rule) + assert.NoError(tb, err) + return findings } type RuleTestCase struct { Name string Src string - Rule text.TextRule + Filename string + Rule *text.Rule Findings []engine.Finding }