NewLogger returns a logger and the buffer that it will be written to.

NewMockVisitor creates a new empty struct, the Context and Callback must be set manually.

NewTestPackage will create a new and empty package.

SampleCodeBuildTag - G601 build tags.

SampleCodeCgo - Cgo file sample.

SampleCodeG101 code snippets for hardcoded credentials.

SampleCodeG101Values code snippets for hardcoded credentials.

SampleCodeG102 code snippets for network binding.

SampleCodeG103 find instances of unsafe blocks for auditing purposes.

it shouldn't return any errors because all method calls are whitelisted by default.

SampleCodeG104Audit finds errors that aren't being handled in audit mode.

SampleCodeG106 - ssh InsecureIgnoreHostKey.

SampleCodeG107 - SSRF via http requests with variable url.

SampleCodeG108 - pprof endpoint automatically exposed.

SampleCodeG109 - Potential Integer OverFlow.

SampleCodeG110 - potential DoS vulnerability via decompression bomb.

SampleCodeG111 - potential directory traversal.

SampleCodeG112 - potential slowloris attack.

SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow.

SampleCodeG114 - Use of net/http serve functions that have no support for setting timeouts.

SampleCodeG201 - SQL injection via format string.

SampleCodeG202 - SQL query string building via string concatenation.

SampleCodeG203 - Template checks.

SampleCodeG204 - Subprocess auditing.

SampleCodeG301 - mkdir permission check.

SampleCodeG302 - file create / chmod permissions check.

SampleCodeG303 - bad tempfile permissions & hardcoded shared path.

SampleCodeG304 - potential file inclusion vulnerability.

SampleCodeG305 - File path traversal when extracting zip/tar archives.

SampleCodeG306 - Poor permissions for WriteFile.

SampleCodeG307 - Poor permissions for os.Create.

SampleCodeG401 - Use of weak crypto hash MD5.

SampleCodeG401b - Use of weak crypto hash SHA1.

SampleCodeG402 - TLS settings.

SampleCodeG403 - weak key strength.

SampleCodeG404 - weak random number.

SampleCodeG405 - Use of weak crypto encryption DES.

SampleCodeG405b - Use of weak crypto encryption RC4.

SampleCodeG406 - Use of deprecated weak crypto hash MD4.

SampleCodeG406b - Use of deprecated weak crypto hash RIPEMD160.

SampleCodeG407 - Use of hardcoded nonce/IV.

SampleCodeG501 - Blocklisted import MD5.

SampleCodeG502 - Blocklisted import DES.

SampleCodeG503 - Blocklisted import RC4.

SampleCodeG504 - Blocklisted import CGI.

SampleCodeG505 - Blocklisted import SHA1.

SampleCodeG506 - Blocklisted import MD4.

SampleCodeG507 - Blocklisted import RIPEMD160.

SampleCodeG601 - Implicit aliasing over range statement.

SampleCodeG602 - Slice access out of bounds.

CodeSample encapsulates a snippet of source code that compiles, and how many errors should be detected.

MockVisitor is useful for stubbing out ast.Visitor with callback and looking for specific conditions to exist.

TestPackage is a mock package for testing purposes.