gosec/analyzer_core_internal_test.go at master · securego/gosec · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package gosec

import (
	"errors"
	"go/types"
	"io"
	"log"
	"testing"

	"golang.org/x/tools/go/analysis"
	"golang.org/x/tools/go/analysis/passes/buildssa"
	"golang.org/x/tools/go/packages"

	"github.com/securego/gosec/v2/issue"
)

func TestCheckAnalyzersShortCircuitsWithoutAnalyzers(t *testing.T) {
	t.Parallel()

	a := NewAnalyzer(NewConfig(), false, false, false, 1, log.New(io.Discard, "", 0))
	issues, stats := a.checkAnalyzers(nil, nil)

	if issues != nil {
		t.Fatalf("expected nil issues when no analyzers are loaded")
	}
	if stats == nil {
		t.Fatalf("expected non-nil metrics")
	}
	if stats.NumFound != 0 {
		t.Fatalf("unexpected findings count: %d", stats.NumFound)
	}
}

func TestCheckAnalyzersHandlesSSABuildFailure(t *testing.T) {
	t.Parallel()

	a := NewAnalyzer(NewConfig(), false, false, false, 1, log.New(io.Discard, "", 0))
	a.analyzerSet.Register(&analysis.Analyzer{Name: "dummy", Run: func(*analysis.Pass) (any, error) { return nil, nil }}, false)

	pkg := &packages.Package{Name: "broken"}
	issues, stats := a.checkAnalyzers(pkg, nil)

	if len(issues) != 0 {
		t.Fatalf("expected no issues when SSA build fails")
	}
	if stats == nil || stats.NumFound != 0 {
		t.Fatalf("expected empty metrics, got %#v", stats)
	}
}

func TestCheckAnalyzersWithSSAWrapperMergesIssues(t *testing.T) {
	t.Parallel()

	a := NewAnalyzer(NewConfig(), false, false, false, 1, log.New(io.Discard, "", 0))
	a.analyzerSet.Register(&analysis.Analyzer{
		Name: "dummy",
		Run: func(*analysis.Pass) (any, error) {
			return []*issue.Issue{{
				RuleID:     "T999",
				File:       "dummy.go",
				Line:       "1",
				Col:        "1",
				Severity:   issue.High,
				Confidence: issue.High,
				What:       "dummy finding",
			}}, nil
		},
	}, false)

	a.CheckAnalyzersWithSSA(&packages.Package{Name: "pkg"}, &buildssa.SSA{})
	issues, stats, _ := a.Report()

	if len(issues) != 1 {
		t.Fatalf("unexpected issues count: got %d want 1", len(issues))
	}
	if stats.NumFound != 1 {
		t.Fatalf("unexpected findings count: got %d want 1", stats.NumFound)
	}
}

func TestBuildSSANilPackage(t *testing.T) {
	t.Parallel()

	a := NewAnalyzer(NewConfig(), false, false, false, 1, log.New(io.Discard, "", 0))
	_, err := a.buildSSA(nil)
	if err == nil {
		t.Fatalf("expected error for nil package")
	}
	if !errors.Is(err, ErrNilPackage) {
		t.Fatalf("unexpected error: %v", err)
	}
}

func TestBuildSSATypeInfoValidation(t *testing.T) {
	t.Parallel()

	a := NewAnalyzer(NewConfig(), false, false, false, 1, log.New(io.Discard, "", 0))

	if _, err := a.buildSSA(&packages.Package{Name: "missing-types"}); err == nil {
		t.Fatalf("expected error for missing types")
	}

	pkgMissingInfo := &packages.Package{Name: "missing-typesinfo"}
	pkgMissingInfo.Types = types.NewPackage("example.com/p", "p")
	_, err := a.buildSSA(pkgMissingInfo)
	if err == nil {
		t.Fatalf("expected error for missing types info")
	}
}