Generate the list of rules to use.

NewArchive creates a new rule which detects the file traversal when extracting zip archives.

NewBadTempFile detects direct writes to predictable path in temporary directory.

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

NewBlacklistedImportCGI fails if CGI is imported.

NewBlacklistedImportDES fails if DES is imported.

NewBlacklistedImportMD5 fails if MD5 is imported.

NewBlacklistedImportRC4 fails if DES is imported.

NewBlacklistedImports reports when a blacklisted import is being used.

NewBlacklistedImportSHA1 fails if SHA1 is imported.

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewNoErrorCheck detects if the returned error is unchecked.

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewReadFile detects cases where we read files.

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation.

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings.

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

NewSubproc detects cases where we are forking out to an external process.

NewTemplateCheck constructs the template check rule.

NewUsesWeakCryptography detects uses of des.* md5.* or rc4.*.

NewUsingBigExp detects issues with modulus == 0 for Bignum.

NewUsingUnsafe rule detects the use of the unsafe package.

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits.

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure.

RuleDefinition contains the description of a rule and a mechanism to create it.

RuleFilter can be used to include or exclude a rule depending on the return value of the function.

RuleList is a mapping of rule ID's to rule definitions.