func (t *BadTempFile) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) { if node := gas.MatchCall(n, t.call); node != nil { if arg, _ := gas.GetString(node.Args[0]); t.args.MatchString(arg) { return gas.NewIssue(c, n, t.What, t.Severity, t.Confidence), nil } } return nil, nil }
// Looks for "fmt.Sprintf("SELECT * FROM foo where '%s', userInput)" func (s *SqlStrFormat) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) { if node := gas.MatchCall(n, s.call); node != nil { if arg, _ := gas.GetString(node.Args[0]); s.pattern.MatchString(arg) { return gas.NewIssue(c, n, s.What, s.Severity, s.Confidence), nil } } return nil, nil }
func (r *BindsToAllNetworkInterfaces) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) { if node := gas.MatchCall(n, r.call); node != nil { if arg, err := gas.GetString(node.Args[1]); err == nil { if r.pattern.MatchString(arg) { return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil } } } return }
// Look for "SELECT * FROM table WHERE " + " ' OR 1=1" func (s *SqlStrConcat) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { if node, ok := n.(*ast.BinaryExpr); ok { if start, ok := node.X.(*ast.BasicLit); ok { if str, _ := gas.GetString(start); s.pattern.MatchString(str) { if _, ok := node.Y.(*ast.BasicLit); ok { return nil, nil // string cat OK } if second, ok := node.Y.(*ast.Ident); ok && s.checkObject(second) { return nil, nil } return gas.NewIssue(c, n, s.What, s.Severity, s.Confidence), nil } } } return nil, nil }
func (r *Subprocess) Match(n ast.Node, c *gas.Context) (*gas.Issue, error) { if node := gas.MatchCall(n, r.pattern); node != nil { for _, arg := range node.Args { if !gas.TryResolve(arg, c) { what := "Subprocess launching with variable." return gas.NewIssue(c, n, what, gas.High, gas.High), nil } } // call with partially qualified command if str, err := gas.GetString(node.Args[0]); err == nil { if !strings.HasPrefix(str, "/") { what := "Subprocess launching with partial path." return gas.NewIssue(c, n, what, gas.Medium, gas.High), nil } } what := "Subprocess launching should be audited." return gas.NewIssue(c, n, what, gas.Low, gas.High), nil } return nil, nil }