Generate the list of rules to use.

NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives.

NewBadTempFile detects direct writes to predictable path in temporary directory.

NewBindsToAllNetworkInterfaces detects socket connections that are setup to listen on all network interfaces.

NewBlocklistedImportCGI fails if CGI is imported.

NewBlocklistedImportDES fails if DES is imported.

NewBlocklistedImportMD4 fails if MD4 is imported.

NewBlocklistedImportMD5 fails if MD5 is imported.

NewBlocklistedImportRC4 fails if DES is imported.

NewBlocklistedImportRIPEMD160 fails if RIPEMD160 is imported.

NewBlocklistedImports reports when a blocklisted import is being used.

NewBlocklistedImportSHA1 fails if SHA1 is imported.

NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb.

NewDirectoryTraversal attempts to find the use of http.Dir("/").

NewFilePerms creates a rule to detect file creation with a more permissive than configured permission mask.

NewHardcodedCredentials attempts to find high entropy string constants being assigned to variables that appear to be related to credentials.

NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts.

NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {..

NewIntegerOverflowCheck detects if there is potential Integer OverFlow.

NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewMkdirPerms creates a rule to detect directory creation with more permissive than configured permission mask.

NewModernTLSCheck creates a check for Modern TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewNoErrorCheck detects if the returned error is unchecked.

NewOldTLSCheck creates a check for Old TLS ciphers DO NOT EDIT - generated by tlsconfig tool.

NewOsCreatePerms creates a rule to detect file creation with a more permissive than configured permission mask.

NewPprofCheck detects when the profiling endpoint is automatically exposed.

NewReadFile detects cases where we read files.

NewRuleFilter is a closure that will include/exclude the rule ID's based on the supplied boolean value.

NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured.

NewSQLStrConcat looks for cases where we are building SQL strings via concatenation.

NewSQLStrFormat looks for cases where we're building SQL query strings using format strings.

NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.

NewSSRFCheck detects cases where HTTP requests are sent.

NewSubproc detects cases where we are forking out to an external process.

NewTemplateCheck constructs the template check rule.

NewUsesWeakCryptographyEncryption detects uses of des.*, rc4.*.

NewUsesWeakCryptographyHash detects uses of md5.*, sha1.*.

NewUsesWeakCryptographyHash detects uses of md4.New, ripemd160.New.

NewUsingOldMathBig rule detects the use of Rat.SetString from math/big.

NewUsingUnsafe rule detects the use of the unsafe package.

NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits.

NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure.

NewWritePerms creates a rule to detect file Writes with bad permissions.

RuleDefinition contains the description of a rule and a mechanism to create it.

RuleList contains a mapping of rule ID's to rule definitions and a mapping of rule ID's to whether rules are suppressed.

RuleFilter can be used to include or exclude a rule depending on the return value of the function.