forked from securego/gosec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rule_test.go
94 lines (83 loc) · 3.05 KB
/
rule_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package gosec_test
import (
"fmt"
"go/ast"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/securego/gosec/v2"
)
type mockrule struct {
issue *gosec.Issue
err error
callback func(n ast.Node, ctx *gosec.Context) bool
}
func (m *mockrule) ID() string {
return "MOCK"
}
func (m *mockrule) Match(n ast.Node, ctx *gosec.Context) (*gosec.Issue, error) {
if m.callback(n, ctx) {
return m.issue, nil
}
return nil, m.err
}
var _ = Describe("Rule", func() {
Context("when using a ruleset", func() {
var (
ruleset gosec.RuleSet
dummyErrorRule gosec.Rule
dummyIssueRule gosec.Rule
)
JustBeforeEach(func() {
ruleset = gosec.NewRuleSet()
dummyErrorRule = &mockrule{
issue: nil,
err: fmt.Errorf("An unexpected error occurred"),
callback: func(n ast.Node, ctx *gosec.Context) bool { return false },
}
dummyIssueRule = &mockrule{
issue: &gosec.Issue{
Severity: gosec.High,
Confidence: gosec.High,
What: `Some explanation of the thing`,
File: "main.go",
Code: `#include <stdio.h> int main(){ puts("hello world"); }`,
Line: "42",
},
err: nil,
callback: func(n ast.Node, ctx *gosec.Context) bool { return true },
}
})
It("should be possible to register a rule for multiple ast.Node", func() {
registeredNodeA := (*ast.CallExpr)(nil)
registeredNodeB := (*ast.AssignStmt)(nil)
unregisteredNode := (*ast.BinaryExpr)(nil)
ruleset.Register(dummyIssueRule, false, registeredNodeA, registeredNodeB)
Expect(ruleset.RegisteredFor(unregisteredNode)).Should(BeEmpty())
Expect(ruleset.RegisteredFor(registeredNodeA)).Should(ContainElement(dummyIssueRule))
Expect(ruleset.RegisteredFor(registeredNodeB)).Should(ContainElement(dummyIssueRule))
Expect(ruleset.IsRuleSuppressed(dummyIssueRule.ID())).Should(BeFalse())
})
It("should not register a rule when no ast.Nodes are specified", func() {
ruleset.Register(dummyErrorRule, false)
Expect(ruleset.Rules).Should(BeEmpty())
})
It("should be possible to retrieve a list of rules for a given node type", func() {
registeredNode := (*ast.CallExpr)(nil)
unregisteredNode := (*ast.AssignStmt)(nil)
ruleset.Register(dummyErrorRule, false, registeredNode)
ruleset.Register(dummyIssueRule, false, registeredNode)
Expect(ruleset.RegisteredFor(unregisteredNode)).Should(BeEmpty())
Expect(ruleset.RegisteredFor(registeredNode)).Should(HaveLen(2))
Expect(ruleset.RegisteredFor(registeredNode)).Should(ContainElement(dummyErrorRule))
Expect(ruleset.RegisteredFor(registeredNode)).Should(ContainElement(dummyIssueRule))
})
It("should register a suppressed rule", func() {
registeredNode := (*ast.CallExpr)(nil)
unregisteredNode := (*ast.AssignStmt)(nil)
ruleset.Register(dummyIssueRule, true, registeredNode)
Expect(ruleset.RegisteredFor(registeredNode)).Should(ContainElement(dummyIssueRule))
Expect(ruleset.RegisteredFor(unregisteredNode)).Should(BeEmpty())
Expect(ruleset.IsRuleSuppressed(dummyIssueRule.ID())).Should(BeTrue())
})
})
})