gopkg.in/alecthomas/gometalinter.v3@v3.0.0/_linters/src/github.com/securego/gosec/testutils/source.go (about) 1 package testutils 2 3 // CodeSample encapsulates a snippet of source code that compiles, and how many errors should be detected 4 type CodeSample struct { 5 Code string 6 Errors int 7 } 8 9 var ( 10 // SampleCodeG101 code snippets for hardcoded credentials 11 SampleCodeG101 = []CodeSample{{` 12 package main 13 import "fmt" 14 func main() { 15 username := "admin" 16 password := "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 17 fmt.Println("Doing something with: ", username, password) 18 }`, 1}, {` 19 // Entropy check should not report this error by default 20 package main 21 import "fmt" 22 func main() { 23 username := "admin" 24 password := "secret" 25 fmt.Println("Doing something with: ", username, password) 26 }`, 0}, {` 27 package main 28 import "fmt" 29 var password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 30 func main() { 31 username := "admin" 32 fmt.Println("Doing something with: ", username, password) 33 }`, 1}, {` 34 package main 35 import "fmt" 36 const password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 37 func main() { 38 username := "admin" 39 fmt.Println("Doing something with: ", username, password) 40 }`, 1}, {` 41 package main 42 import "fmt" 43 const ( 44 username = "user" 45 password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 46 ) 47 func main() { 48 fmt.Println("Doing something with: ", username, password) 49 }`, 1}, {` 50 package main 51 var password string 52 func init() { 53 password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 54 }`, 1}, {` 55 package main 56 const ( 57 ATNStateSomethingElse = 1 58 ATNStateTokenStart = 42 59 ) 60 func main() { 61 println(ATNStateTokenStart) 62 }`, 0}, {` 63 package main 64 const ( 65 ATNStateTokenStart = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef" 66 ) 67 func main() { 68 println(ATNStateTokenStart) 69 }`, 1}} 70 71 // SampleCodeG102 code snippets for network binding 72 SampleCodeG102 = []CodeSample{ 73 // Bind to all networks explicitly 74 {` 75 package main 76 import ( 77 "log" 78 "net" 79 ) 80 func main() { 81 l, err := net.Listen("tcp", "0.0.0.0:2000") 82 if err != nil { 83 log.Fatal(err) 84 } 85 defer l.Close() 86 }`, 1}, 87 88 // Bind to all networks implicitly (default if host omitted) 89 {` 90 package main 91 import ( 92 "log" 93 "net" 94 ) 95 func main() { 96 l, err := net.Listen("tcp", ":2000") 97 if err != nil { 98 log.Fatal(err) 99 } 100 defer l.Close() 101 }`, 1}, 102 } 103 // SampleCodeG103 find instances of unsafe blocks for auditing purposes 104 SampleCodeG103 = []CodeSample{ 105 {` 106 package main 107 import ( 108 "fmt" 109 "unsafe" 110 ) 111 type Fake struct{} 112 func (Fake) Good() {} 113 func main() { 114 unsafeM := Fake{} 115 unsafeM.Good() 116 intArray := [...]int{1, 2} 117 fmt.Printf("\nintArray: %v\n", intArray) 118 intPtr := &intArray[0] 119 fmt.Printf("\nintPtr=%p, *intPtr=%d.\n", intPtr, *intPtr) 120 addressHolder := uintptr(unsafe.Pointer(intPtr)) + unsafe.Sizeof(intArray[0]) 121 intPtr = (*int)(unsafe.Pointer(addressHolder)) 122 fmt.Printf("\nintPtr=%p, *intPtr=%d.\n\n", intPtr, *intPtr) 123 }`, 3}} 124 125 // SampleCodeG104 finds errors that aren't being handled 126 SampleCodeG104 = []CodeSample{ 127 {` 128 package main 129 import "fmt" 130 func test() (int,error) { 131 return 0, nil 132 } 133 func main() { 134 v, _ := test() 135 fmt.Println(v) 136 }`, 1}, {` 137 package main 138 import ( 139 "io/ioutil" 140 "os" 141 "fmt" 142 ) 143 func a() error { 144 return fmt.Errorf("This is an error") 145 } 146 func b() { 147 fmt.Println("b") 148 ioutil.WriteFile("foo.txt", []byte("bar"), os.ModeExclusive) 149 } 150 func c() string { 151 return fmt.Sprintf("This isn't anything") 152 } 153 func main() { 154 _ = a() 155 a() 156 b() 157 c() 158 }`, 3}, {` 159 package main 160 import "fmt" 161 func test() error { 162 return nil 163 } 164 func main() { 165 e := test() 166 fmt.Println(e) 167 }`, 0}} 168 169 // SampleCodeG105 - bignum overflow 170 SampleCodeG105 = []CodeSample{{` 171 package main 172 import ( 173 "math/big" 174 ) 175 func main() { 176 z := new(big.Int) 177 x := new(big.Int) 178 x = x.SetUint64(2) 179 y := new(big.Int) 180 y = y.SetUint64(4) 181 m := new(big.Int) 182 m = m.SetUint64(0) 183 z = z.Exp(x, y, m) 184 }`, 1}} 185 186 // SampleCodeG106 - ssh InsecureIgnoreHostKey 187 SampleCodeG106 = []CodeSample{{` 188 package main 189 import ( 190 "golang.org/x/crypto/ssh" 191 ) 192 func main() { 193 _ = ssh.InsecureIgnoreHostKey() 194 }`, 1}} 195 196 // SampleCodeG107 - SSRF via http requests with variable url 197 SampleCodeG107 = []CodeSample{{` 198 package main 199 import ( 200 "net/http" 201 "io/ioutil" 202 "fmt" 203 "os" 204 ) 205 func main() { 206 url := os.Getenv("tainted_url") 207 resp, err := http.Get(url) 208 if err != nil { 209 panic(err) 210 } 211 defer resp.Body.Close() 212 body, err := ioutil.ReadAll(resp.Body) 213 if err != nil { 214 panic(err) 215 } 216 fmt.Printf("%s", body) 217 }`, 1}, {` 218 package main 219 220 import ( 221 "fmt" 222 "net/http" 223 ) 224 const url = "http://127.0.0.1" 225 func main() { 226 resp, err := http.Get(url) 227 if err != nil { 228 fmt.Println(err) 229 } 230 fmt.Println(resp.Status) 231 }`, 0}} 232 // SampleCodeG201 - SQL injection via format string 233 SampleCodeG201 = []CodeSample{ 234 {` 235 // Format string without proper quoting 236 package main 237 import ( 238 "database/sql" 239 "fmt" 240 "os" 241 //_ "github.com/mattn/go-sqlite3" 242 ) 243 244 func main(){ 245 db, err := sql.Open("sqlite3", ":memory:") 246 if err != nil { 247 panic(err) 248 } 249 q := fmt.Sprintf("SELECT * FROM foo where name = '%s'", os.Args[1]) 250 rows, err := db.Query(q) 251 if err != nil { 252 panic(err) 253 } 254 defer rows.Close() 255 }`, 1}, {` 256 // Format string false positive, safe string spec. 257 package main 258 import ( 259 "database/sql" 260 "fmt" 261 "os" 262 //_ "github.com/mattn/go-sqlite3" 263 ) 264 265 func main(){ 266 db, err := sql.Open("sqlite3", ":memory:") 267 if err != nil { 268 panic(err) 269 } 270 q := fmt.Sprintf("SELECT * FROM foo where id = %d", os.Args[1]) 271 rows, err := db.Query(q) 272 if err != nil { 273 panic(err) 274 } 275 defer rows.Close() 276 }`, 0}, { 277 ` 278 // Format string false positive 279 package main 280 import ( 281 "database/sql" 282 //_ "github.com/mattn/go-sqlite3" 283 ) 284 var staticQuery = "SELECT * FROM foo WHERE age < 32" 285 func main(){ 286 db, err := sql.Open("sqlite3", ":memory:") 287 if err != nil { 288 panic(err) 289 } 290 rows, err := db.Query(staticQuery) 291 if err != nil { 292 panic(err) 293 } 294 defer rows.Close() 295 }`, 0}} 296 297 // SampleCodeG202 - SQL query string building via string concatenation 298 SampleCodeG202 = []CodeSample{ 299 {` 300 package main 301 import ( 302 "database/sql" 303 //_ "github.com/mattn/go-sqlite3" 304 "os" 305 ) 306 func main(){ 307 db, err := sql.Open("sqlite3", ":memory:") 308 if err != nil { 309 panic(err) 310 } 311 rows, err := db.Query("SELECT * FROM foo WHERE name = " + os.Args[1]) 312 if err != nil { 313 panic(err) 314 } 315 defer rows.Close() 316 }`, 1}, {` 317 // false positive 318 package main 319 import ( 320 "database/sql" 321 //_ "github.com/mattn/go-sqlite3" 322 ) 323 var staticQuery = "SELECT * FROM foo WHERE age < " 324 func main(){ 325 db, err := sql.Open("sqlite3", ":memory:") 326 if err != nil { 327 panic(err) 328 } 329 rows, err := db.Query(staticQuery + "32") 330 if err != nil { 331 panic(err) 332 } 333 defer rows.Close() 334 }`, 0}, {` 335 package main 336 import ( 337 "database/sql" 338 //_ "github.com/mattn/go-sqlite3" 339 ) 340 const age = "32" 341 var staticQuery = "SELECT * FROM foo WHERE age < " 342 func main(){ 343 db, err := sql.Open("sqlite3", ":memory:") 344 if err != nil { 345 panic(err) 346 } 347 rows, err := db.Query(staticQuery + age) 348 if err != nil { 349 panic(err) 350 } 351 defer rows.Close() 352 } 353 `, 0}} 354 355 // SampleCodeG203 - Template checks 356 SampleCodeG203 = []CodeSample{ 357 {` 358 // We assume that hardcoded template strings are safe as the programmer would 359 // need to be explicitly shooting themselves in the foot (as below) 360 package main 361 import ( 362 "html/template" 363 "os" 364 ) 365 const tmpl = "" 366 func main() { 367 t := template.Must(template.New("ex").Parse(tmpl)) 368 v := map[string]interface{}{ 369 "Title": "Test <b>World</b>", 370 "Body": template.HTML("<script>alert(1)</script>"), 371 } 372 t.Execute(os.Stdout, v) 373 }`, 0}, { 374 ` 375 // Using a variable to initialize could potentially be dangerous. Under the 376 // current model this will likely produce some false positives. 377 package main 378 import ( 379 "html/template" 380 "os" 381 ) 382 const tmpl = "" 383 func main() { 384 a := "something from another place" 385 t := template.Must(template.New("ex").Parse(tmpl)) 386 v := map[string]interface{}{ 387 "Title": "Test <b>World</b>", 388 "Body": template.HTML(a), 389 } 390 t.Execute(os.Stdout, v) 391 }`, 1}, { 392 ` 393 package main 394 import ( 395 "html/template" 396 "os" 397 ) 398 const tmpl = "" 399 func main() { 400 a := "something from another place" 401 t := template.Must(template.New("ex").Parse(tmpl)) 402 v := map[string]interface{}{ 403 "Title": "Test <b>World</b>", 404 "Body": template.JS(a), 405 } 406 t.Execute(os.Stdout, v) 407 }`, 1}, { 408 ` 409 package main 410 import ( 411 "html/template" 412 "os" 413 ) 414 const tmpl = "" 415 func main() { 416 a := "something from another place" 417 t := template.Must(template.New("ex").Parse(tmpl)) 418 v := map[string]interface{}{ 419 "Title": "Test <b>World</b>", 420 "Body": template.URL(a), 421 } 422 t.Execute(os.Stdout, v) 423 }`, 1}} 424 425 // SampleCodeG204 - Subprocess auditing 426 SampleCodeG204 = []CodeSample{{` 427 package main 428 import "syscall" 429 func main() { 430 syscall.Exec("/bin/cat", []string{ "/etc/passwd" }, nil) 431 }`, 1}, {` 432 package main 433 import ( 434 "log" 435 "os/exec" 436 ) 437 func main() { 438 cmd := exec.Command("sleep", "5") 439 err := cmd.Start() 440 if err != nil { 441 log.Fatal(err) 442 } 443 log.Printf("Waiting for command to finish...") 444 err = cmd.Wait() 445 log.Printf("Command finished with error: %v", err) 446 }`, 1}, {` 447 package main 448 import ( 449 "log" 450 "os/exec" 451 "context" 452 ) 453 func main() { 454 err := exec.CommandContext(context.Background(), "sleep", "5").Run() 455 if err != nil { 456 log.Fatal(err) 457 } 458 log.Printf("Command finished with error: %v", err) 459 }`, 1}, {` 460 package main 461 import ( 462 "log" 463 "os" 464 "os/exec" 465 ) 466 func main() { 467 run := "sleep" + os.Getenv("SOMETHING") 468 cmd := exec.Command(run, "5") 469 err := cmd.Start() 470 if err != nil { 471 log.Fatal(err) 472 } 473 log.Printf("Waiting for command to finish...") 474 err = cmd.Wait() 475 log.Printf("Command finished with error: %v", err) 476 }`, 1}} 477 478 // SampleCodeG301 - mkdir permission check 479 SampleCodeG301 = []CodeSample{{` 480 package main 481 import "os" 482 func main() { 483 os.Mkdir("/tmp/mydir", 0777) 484 os.Mkdir("/tmp/mydir", 0600) 485 os.MkdirAll("/tmp/mydir/mysubidr", 0775) 486 }`, 2}} 487 488 // SampleCodeG302 - file create / chmod permissions check 489 SampleCodeG302 = []CodeSample{{` 490 package main 491 import "os" 492 func main() { 493 os.Chmod("/tmp/somefile", 0777) 494 os.Chmod("/tmp/someotherfile", 0600) 495 os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0666) 496 os.OpenFile("/tmp/thing", os.O_CREATE|os.O_WRONLY, 0600) 497 }`, 2}} 498 499 // SampleCodeG303 - bad tempfile permissions & hardcoded shared path 500 SampleCodeG303 = []CodeSample{{` 501 package samples 502 import ( 503 "io/ioutil" 504 "os" 505 ) 506 func main() { 507 file1, _ := os.Create("/tmp/demo1") 508 defer file1.Close() 509 ioutil.WriteFile("/tmp/demo2", []byte("This is some data"), 0644) 510 }`, 2}} 511 512 // SampleCodeG304 - potential file inclusion vulnerability 513 SampleCodeG304 = []CodeSample{{` 514 package main 515 import ( 516 "os" 517 "io/ioutil" 518 "log" 519 ) 520 func main() { 521 f := os.Getenv("tainted_file") 522 body, err := ioutil.ReadFile(f) 523 if err != nil { 524 log.Printf("Error: %v\n", err) 525 } 526 log.Print(body) 527 528 }`, 1}, {` 529 package main 530 531 import ( 532 "fmt" 533 "log" 534 "net/http" 535 "os" 536 ) 537 538 func main() { 539 http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) { 540 title := r.URL.Query().Get("title") 541 f, err := os.Open(title) 542 if err != nil { 543 fmt.Printf("Error: %v\n", err) 544 } 545 body := make([]byte, 5) 546 if _, err = f.Read(body); err != nil { 547 fmt.Printf("Error: %v\n", err) 548 } 549 fmt.Fprintf(w, "%s", body) 550 }) 551 log.Fatal(http.ListenAndServe(":3000", nil)) 552 }`, 1}, {` 553 package main 554 555 import ( 556 "log" 557 "os" 558 "io/ioutil" 559 ) 560 561 func main() { 562 f2 := os.Getenv("tainted_file2") 563 body, err := ioutil.ReadFile("/tmp/" + f2) 564 if err != nil { 565 log.Printf("Error: %v\n", err) 566 } 567 log.Print(body) 568 }`, 1}, {` 569 package main 570 571 import ( 572 "bufio" 573 "fmt" 574 "os" 575 "path/filepath" 576 ) 577 578 func main() { 579 reader := bufio.NewReader(os.Stdin) 580 fmt.Print("Please enter file to read: ") 581 file, _ := reader.ReadString('\n') 582 file = file[:len(file)-1] 583 f, err := os.Open(filepath.Join("/tmp/service/", file)) 584 if err != nil { 585 fmt.Printf("Error: %v\n", err) 586 } 587 contents := make([]byte, 15) 588 if _, err = f.Read(contents); err != nil { 589 fmt.Printf("Error: %v\n", err) 590 } 591 fmt.Println(string(contents)) 592 }`, 1}, {` 593 package main 594 595 import ( 596 "log" 597 "os" 598 "io/ioutil" 599 "path/filepath" 600 ) 601 602 func main() { 603 dir := os.Getenv("server_root") 604 f3 := os.Getenv("tainted_file3") 605 // edge case where both a binary expression and file Join are used. 606 body, err := ioutil.ReadFile(filepath.Join("/var/"+dir, f3)) 607 if err != nil { 608 log.Printf("Error: %v\n", err) 609 } 610 log.Print(body) 611 }`, 1}} 612 613 // SampleCodeG305 - File path traversal when extracting zip archives 614 SampleCodeG305 = []CodeSample{{` 615 package unzip 616 617 import ( 618 "archive/zip" 619 "io" 620 "os" 621 "path/filepath" 622 ) 623 624 func unzip(archive, target string) error { 625 reader, err := zip.OpenReader(archive) 626 if err != nil { 627 return err 628 } 629 630 if err := os.MkdirAll(target, 0750); err != nil { 631 return err 632 } 633 634 for _, file := range reader.File { 635 path := filepath.Join(target, file.Name) 636 if file.FileInfo().IsDir() { 637 os.MkdirAll(path, file.Mode()) // #nosec 638 continue 639 } 640 641 fileReader, err := file.Open() 642 if err != nil { 643 return err 644 } 645 defer fileReader.Close() 646 647 targetFile, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, file.Mode()) 648 if err != nil { 649 return err 650 } 651 defer targetFile.Close() 652 653 if _, err := io.Copy(targetFile, fileReader); err != nil { 654 return err 655 } 656 } 657 658 return nil 659 }`, 1}, {` 660 package unzip 661 662 import ( 663 "archive/zip" 664 "io" 665 "os" 666 "path/filepath" 667 ) 668 669 func unzip(archive, target string) error { 670 reader, err := zip.OpenReader(archive) 671 if err != nil { 672 return err 673 } 674 675 if err := os.MkdirAll(target, 0750); err != nil { 676 return err 677 } 678 679 for _, file := range reader.File { 680 archiveFile := file.Name 681 path := filepath.Join(target, archiveFile) 682 if file.FileInfo().IsDir() { 683 os.MkdirAll(path, file.Mode()) // #nosec 684 continue 685 } 686 687 fileReader, err := file.Open() 688 if err != nil { 689 return err 690 } 691 defer fileReader.Close() 692 693 targetFile, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, file.Mode()) 694 if err != nil { 695 return err 696 } 697 defer targetFile.Close() 698 699 if _, err := io.Copy(targetFile, fileReader); err != nil { 700 return err 701 } 702 } 703 704 return nil 705 }`, 1}} 706 707 // SampleCodeG401 - Use of weak crypto MD5 708 SampleCodeG401 = []CodeSample{ 709 {` 710 package main 711 import ( 712 "crypto/md5" 713 "fmt" 714 "io" 715 "log" 716 "os" 717 ) 718 func main() { 719 f, err := os.Open("file.txt") 720 if err != nil { 721 log.Fatal(err) 722 } 723 defer f.Close() 724 725 h := md5.New() 726 if _, err := io.Copy(h, f); err != nil { 727 log.Fatal(err) 728 } 729 fmt.Printf("%x", h.Sum(nil)) 730 }`, 1}} 731 732 // SampleCodeG401b - Use of weak crypto SHA1 733 SampleCodeG401b = []CodeSample{ 734 {` 735 package main 736 import ( 737 "crypto/sha1" 738 "fmt" 739 "io" 740 "log" 741 "os" 742 ) 743 func main() { 744 f, err := os.Open("file.txt") 745 if err != nil { 746 log.Fatal(err) 747 } 748 defer f.Close() 749 750 h := sha1.New() 751 if _, err := io.Copy(h, f); err != nil { 752 log.Fatal(err) 753 } 754 fmt.Printf("%x", h.Sum(nil)) 755 }`, 1}} 756 757 // SampleCodeG402 - TLS settings 758 SampleCodeG402 = []CodeSample{{` 759 // InsecureSkipVerify 760 package main 761 import ( 762 "crypto/tls" 763 "fmt" 764 "net/http" 765 ) 766 func main() { 767 tr := &http.Transport{ 768 TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, 769 } 770 771 client := &http.Client{Transport: tr} 772 _, err := client.Get("https://golang.org/") 773 if err != nil { 774 fmt.Println(err) 775 } 776 }`, 1}, { 777 ` 778 // Insecure minimum version 779 package main 780 import ( 781 "crypto/tls" 782 "fmt" 783 "net/http" 784 ) 785 func main() { 786 tr := &http.Transport{ 787 TLSClientConfig: &tls.Config{MinVersion: 0}, 788 } 789 client := &http.Client{Transport: tr} 790 _, err := client.Get("https://golang.org/") 791 if err != nil { 792 fmt.Println(err) 793 } 794 }`, 1}, {` 795 // Insecure max version 796 package main 797 import ( 798 "crypto/tls" 799 "fmt" 800 "net/http" 801 ) 802 func main() { 803 tr := &http.Transport{ 804 TLSClientConfig: &tls.Config{MaxVersion: 0}, 805 } 806 client := &http.Client{Transport: tr} 807 _, err := client.Get("https://golang.org/") 808 if err != nil { 809 fmt.Println(err) 810 } 811 } 812 `, 1}, { 813 ` 814 // Insecure ciphersuite selection 815 package main 816 import ( 817 "crypto/tls" 818 "fmt" 819 "net/http" 820 ) 821 func main() { 822 tr := &http.Transport{ 823 TLSClientConfig: &tls.Config{CipherSuites: []uint16{ 824 tls.TLS_RSA_WITH_RC4_128_SHA, 825 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 826 },}, 827 } 828 client := &http.Client{Transport: tr} 829 _, err := client.Get("https://golang.org/") 830 if err != nil { 831 fmt.Println(err) 832 } 833 }`, 1}} 834 835 // SampleCodeG403 - weak key strength 836 SampleCodeG403 = []CodeSample{ 837 {` 838 package main 839 import ( 840 "crypto/rand" 841 "crypto/rsa" 842 "fmt" 843 ) 844 func main() { 845 //Generate Private Key 846 pvk, err := rsa.GenerateKey(rand.Reader, 1024) 847 if err != nil { 848 fmt.Println(err) 849 } 850 fmt.Println(pvk) 851 }`, 1}} 852 853 // SampleCodeG404 - weak random number 854 SampleCodeG404 = []CodeSample{ 855 {` 856 package main 857 import "crypto/rand" 858 func main() { 859 good, _ := rand.Read(nil) 860 println(good) 861 }`, 0}, {` 862 package main 863 import "math/rand" 864 func main() { 865 bad := rand.Int() 866 println(bad) 867 }`, 1}, {` 868 package main 869 import ( 870 "crypto/rand" 871 mrand "math/rand" 872 ) 873 func main() { 874 good, _ := rand.Read(nil) 875 println(good) 876 i := mrand.Int31() 877 println(i) 878 }`, 0}} 879 880 // SampleCodeG501 - Blacklisted import MD5 881 SampleCodeG501 = []CodeSample{ 882 {` 883 package main 884 import ( 885 "crypto/md5" 886 "fmt" 887 "os" 888 ) 889 func main() { 890 for _, arg := range os.Args { 891 fmt.Printf("%x - %s\n", md5.Sum([]byte(arg)), arg) 892 } 893 }`, 1}} 894 895 // SampleCodeG502 - Blacklisted import DES 896 SampleCodeG502 = []CodeSample{ 897 {` 898 package main 899 import ( 900 "crypto/cipher" 901 "crypto/des" 902 "crypto/rand" 903 "encoding/hex" 904 "fmt" 905 "io" 906 ) 907 func main() { 908 block, err := des.NewCipher([]byte("sekritz")) 909 if err != nil { 910 panic(err) 911 } 912 plaintext := []byte("I CAN HAZ SEKRIT MSG PLZ") 913 ciphertext := make([]byte, des.BlockSize+len(plaintext)) 914 iv := ciphertext[:des.BlockSize] 915 if _, err := io.ReadFull(rand.Reader, iv); err != nil { 916 panic(err) 917 } 918 stream := cipher.NewCFBEncrypter(block, iv) 919 stream.XORKeyStream(ciphertext[des.BlockSize:], plaintext) 920 fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) 921 }`, 1}} 922 923 // SampleCodeG503 - Blacklisted import RC4 924 SampleCodeG503 = []CodeSample{{` 925 package main 926 import ( 927 "crypto/rc4" 928 "encoding/hex" 929 "fmt" 930 ) 931 func main() { 932 cipher, err := rc4.NewCipher([]byte("sekritz")) 933 if err != nil { 934 panic(err) 935 } 936 plaintext := []byte("I CAN HAZ SEKRIT MSG PLZ") 937 ciphertext := make([]byte, len(plaintext)) 938 cipher.XORKeyStream(ciphertext, plaintext) 939 fmt.Println("Secret message is: %s", hex.EncodeToString(ciphertext)) 940 }`, 1}} 941 942 // SampleCodeG504 - Blacklisted import CGI 943 SampleCodeG504 = []CodeSample{{` 944 package main 945 import ( 946 "net/http/cgi" 947 "net/http" 948 ) 949 func main() { 950 cgi.Serve(http.FileServer(http.Dir("/usr/share/doc"))) 951 }`, 1}} 952 // SampleCodeG505 - Blacklisted import SHA1 953 SampleCodeG505 = []CodeSample{ 954 {` 955 package main 956 import ( 957 "crypto/sha1" 958 "fmt" 959 "os" 960 ) 961 func main() { 962 for _, arg := range os.Args { 963 fmt.Printf("%x - %s\n", sha1.Sum([]byte(arg)), arg) 964 } 965 }`, 1}} 966 // SampleCode601 - Go build tags 967 SampleCode601 = []CodeSample{{` 968 // +build test 969 970 package main 971 func main() { 972 fmt.Println("no package imported error") 973 }`, 1}} 974 )