Scan the go packages path recursively starting from a root folder

ccojocar · gcmurphy · commit 85eb8a52ab4b · 2019-04-27T14:02:43.000-07:00
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar &lt;cosmin.cojocar@gmx.ch&gt;
diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
@@ -24,7 +24,6 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/kisielk/gotool"
 	"github.com/securego/gosec"
 	"github.com/securego/gosec/output"
 	"github.com/securego/gosec/rules"
@@ -147,19 +146,19 @@ func loadConfig(configFile string) (gosec.Config, error) {
 func loadRules(include, exclude string) rules.RuleList {
 	var filters []rules.RuleFilter
 	if include != "" {
-		logger.Printf("including rules: %s", include)
+		logger.Printf("Including rules: %s", include)
 		including := strings.Split(include, ",")
 		filters = append(filters, rules.NewRuleFilter(false, including...))
 	} else {
-		logger.Println("including rules: default")
+		logger.Println("Including rules: default")
 	}
 
 	if exclude != "" {
-		logger.Printf("excluding rules: %s", exclude)
+		logger.Printf("Excluding rules: %s", exclude)
 		excluding := strings.Split(exclude, ",")
 		filters = append(filters, rules.NewRuleFilter(true, excluding...))
 	} else {
-		logger.Println("excluding rules: default")
+		logger.Println("Excluding rules: default")
 	}
 	return rules.Generate(filters...)
 }
@@ -244,7 +243,7 @@ func main() {
 	// Load enabled rule definitions
 	ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude)
 	if len(ruleDefinitions) == 0 {
-		logger.Fatal("cannot continue: no rules are configured.")
+		logger.Fatal("No rules are configured")
 	}
 
 	// Create the analyzer
@@ -253,15 +252,15 @@ func main() {
 
 	vendor := regexp.MustCompile(`[\\/]vendor([\\/]|$)`)
 	var packages []string
-	// Iterate over packages on the import paths
-	for _, pkg := range gotool.ImportPaths(flag.Args()) {
-		// Skip vendor directory
-		if !*flagScanVendor {
-			if vendor.MatchString(pkg) {
-				continue
-			}
+	for _, path := range flag.Args() {
+		pcks, err := gosec.PackagePaths(path, vendor)
+		if err != nil {
+			logger.Fatal(err)
 		}
-		packages = append(packages, pkg)
+		packages = append(packages, pcks...)
+	}
+	if len(packages) == 0 {
+		logger.Fatal("No packages found")
 	}
 
 	var buildTags []string
diff --git a/go.mod b/go.mod
@@ -3,7 +3,6 @@ module github.com/securego/gosec
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.3.1 // indirect
-	github.com/kisielk/gotool v1.0.0
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/lib/pq v1.1.0 // indirect
 	github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd
diff --git a/go.sum b/go.sum
@@ -9,8 +9,6 @@ github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
diff --git a/helpers.go b/helpers.go
@@ -23,6 +23,7 @@ import (
 	"os"
 	"os/user"
 	"path/filepath"
+	"regexp"
 	"runtime"
 	"strconv"
 	"strings"
@@ -357,3 +358,32 @@ func FindVarIdentities(n *ast.BinaryExpr, c *Context) ([]*ast.Ident, bool) {
 	// if nil or error, return false
 	return nil, false
 }
+
+// PackagePaths returns a slice with all packages path at given root directory
+func PackagePaths(root string, exclude *regexp.Regexp) ([]string, error) {
+	if strings.HasSuffix(root, "...") {
+		root = root[0 : len(root)-3]
+	} else {
+		return []string{root}, nil
+	}
+	paths := map[string]bool{}
+	err := filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
+		if filepath.Ext(path) == ".go" {
+			path = filepath.Dir(path)
+			if exclude != nil && exclude.MatchString(path) {
+				return nil
+			}
+			paths[path] = true
+		}
+		return nil
+	})
+	if err != nil {
+		return []string{}, err
+	}
+
+	result := []string{}
+	for path := range paths {
+		result = append(result, path)
+	}
+	return result, nil
+}

-Original file line number
+Diff line change
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.3.1 // indirect
 -	github.com/kisielk/gotool v1.0.0
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/lib/pq v1.1.0 // indirect
 	github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd