Add support for Golang (gocrypto)#361
Merged
Merged
Conversation
- Add GoDetectionEngine implementing IDetectionEngine<Tree, Void> - Handles function invocation analysis for Go code - Supports value resolution from literals and identifiers - Symbol-related methods return empty (Go API doesn't expose symbols) - Add GoLanguageSupport implementing ILanguageSupport - Provides translation, detection engine, and executive creation - Uses no-op visitor factory (Go uses registration-based pattern) - Register Go in LanguageSupporter via goLanguageSupporter() method - Add comprehensive unit tests for all new classes Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update GoDetectionEngine to use org.sonar.go.symbols.Symbol type - Implement getAssignedSymbol() using HasSymbol interface - Implement getMethodInvocationParameterSymbol() with proper symbol tracking - Update GoLanguageSupport to use Symbol type - Implement createMethodMatcherBasedOn() using FunctionDeclarationTree - Support receiver types and package names for method matching - Implement getEnclosingMethod() for FunctionDeclarationTree - Implement createSimpleEnumMatcherFor() using EnumMatcher - Update LanguageSupporter.goLanguageSupporter() return type - Add comprehensive tests for symbol handling and method matching Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use FunctionDeclarationTree.formalParameters() and ParameterTree - Match parameter names between definition and invocation - Extract corresponding argument from function invocation - Add comprehensive tests for parameter extraction Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create GoBaseMethodVisitor extending TreeVisitor<TreeContext> - Register handler for FunctionInvocationTree to run detection - Update GoLanguageSupport to use GoBaseMethodVisitor::new as factory - Apply spotless formatting fixes to Go engine classes This aligns with the Java BaseTreeVisitor pattern for AST traversal. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add go/ module directory structure - Create go/pom.xml with dependencies on engine, output, enricher, rules - Register go module in parent POM Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create GoAggregator following Python module pattern - Provides language support access and node aggregation - Add basic tests for GoAggregator Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create GoBaseDetectionRule using Go registration pattern (InitContext) - Create GoDetectionRules placeholder for detection rules - Create GoTranslationProcess for translate/reorganize/enrich pipeline - Create GoTranslator for value translation - Create GoReorganizerRules with standard reorganizer rules Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create GoInventoryRule extending GoBaseDetectionRule - Create GoRuleList with Go check registration - Create GoScannerRuleDefinition for SonarQube rule registration - Add Inventory rule metadata (json, html) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create GoCryptoAES detection rule for crypto/aes.NewCipher - Register GoCryptoAES in GoDetectionRules - Create GoTestBase for test infrastructure - Add unit tests for GoCryptoAES detection rule - Add sample Go test file demonstrating AES usage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…slation context - Add `GenerateAssertsHelper` class for automatic generation of test assertions - Create `GoCipherContextTranslator` for translating AES-related contexts - Enhance `GoCryptoAESTest` with assertion helper integration - Update `GoTranslator` to delegate translation to `GoCipherContextTranslator` - Minor refactor in `GoDetectionEngine` and test utilities to improve readability and annotation usage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…alidation - Remove deprecated `GenerateAssertsHelper` usage - Add validation for `BlockCipher`, `BlockSize`, and `Oid` nodes during translation - Simplify comments and enhance test structure for improved readability Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ection logic - Remove obsolete `GoDetectionEngineTest` class and associated tests - Refactor `GoDetectionEngine` to improve nested value resolution and tree traversal - Update `resolveValues` to support complex usages, function calls, and member selection - Enhance `GoTranslator` and `GoCryptoAES` with additional imports for key size detection Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…tree resolution - Add support for detecting AES key sizes and updating translation logic - Extend GoCryptoAESTest with validations for KeySize, KeyLength, and BlockCipher nodes - Refactor GoDetectionEngine to resolve `make()` arguments for array size extraction - Update expected outputs in GoCryptoAESTestFile and adjust test cases accordingly Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ware invocation - Add `FunctionInvocationWithIdentifiersTree` to represent invocations with associated identifiers - Enhance `GoCryptoAES` to detect GCM mode and add dependent detection rules - Update `GoDetectionEngine` to process block-scoped function invocations and variable initializers - Refactor `GoCryptoAESTest` to validate detection of GCM mode and extended AES attributes - Add `GCM` support to `GoCipherContextTranslator` for mode translation Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
… context and improve validation - Replace `BlockCipher` with `AuthenticatedEncryption` validation - Adjust test logic for `GCM` mode and key length verification - Update expected test outputs in `GoCryptoAESTestFile` Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
Implement detection rules for crypto/md5, crypto/sha1, crypto/sha256, crypto/sha512, crypto/hmac, crypto/rand, crypto/rsa, crypto/elliptic, and crypto/ecdsa packages. Add cipher mode support (CBC, CFB, CTR) to existing AES detection. New context translators: - GoDigestContextTranslator for hash algorithms - GoMacContextTranslator for HMAC - GoPRNGContextTranslator for crypto/rand - GoKeyContextTranslator for key generation - GoSignatureContextTranslator for signing operations Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enable RSA test (crypto/rsa IS embedded in sonar-go-to-slang binary) - Fix expected test output: RSA-2048 instead of RSA - Update @disabled annotations with accurate explanation: the binary has embedded gc export data for crypto/aes, cipher, des, dsa, md5, rand, rc4, rsa, sha1, sha256, sha512, tls, x509 but NOT for hmac, elliptic, or ecdsa Tests: 10 passing, 3 skipped (hmac, elliptic, ecdsa due to binary limits) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…g Go modules - Add `GoConverter` supporting Go module parsing with maximum file size validation - Implement `GoParseWithExistingBinaryCommand` to enable testing with prebuilt sonar-go-to-slang binaries - Update `GoVerifier` to leverage the new converter for enhanced test validation - Replace deprecated Go parser invocation in GoCryptoHMACTest Tests: all passing, except for skipped HMAC due to binary limitations Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Implement comprehensive rules for detecting hash algorithms, HMAC, RSA, and SHA-based patterns. - Refactor GoDetectionEngine to handle member select trees for function references. - Extend detection and translation support for cryptographic functions passed as parameters. - Update tests to validate HMAC and SHA-related structures and outputs. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
Document Go crypto standard library support in the language table and add instructions for rebuilding sonar-go-to-slang with additional package export data for crypto packages like hmac, elliptic, and ecdsa. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ules - Modify detection rules to replace "CSPRNG" with "NATIVEPRNG" for Go's crypto/rand package. - Add a new detection rule for the `crypto/rand.Reader` constructor in `GoCryptoRand`. - Update translators for PRNG contexts and reorganize imports for consistency. - Refine test cases to include `NATIVEPRNG` validations and enhance crypto/rand-specific testing logic. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ling - Update detection rules for `crypto/ecdsa` by refining `SignASN1` and `VerifyASN1` context handling with `SignatureAction`. - Introduce specific method parameter validations and dependent detection rules for key generation (`GenerateKey`). - Extend test cases to validate ECDSA context, including elliptic curve, PRNG, and signature verification logic. - Refactor imports and reorganize code for better readability and maintainability. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…mproved handling - Refine detection rules for `crypto/ecdsa` by introducing dependent detection for `GenerateKey`. - Replace `ValueActionFactory` with `SignatureActionFactory` for `Sign` and `Verify` operations. - Enhance parameter handling for better context validation. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…d improved handling Use SignatureActionFactory for Sign/Verify/VerifyWithOptions methods, add dependent detection rules linking back to key generation, and use specific parameter types instead of wildcards. Restructure tests to separately verify key generation, signing, and verification with full enriched translation assertions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Extend `GoKeyContextTranslator` to detect and handle `SaltSize` in addition to existing parameter types. - Modify test logic in `GoCryptoHKDFTest` to validate detection and translation of `SaltSize`, `KeySize`, and related components. - Update test files to reflect enriched translations, including `KeyDerivationFunction` details like `HKDF-SHA256`. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Implement `GoCryptoHKDFExpandTest` to validate detection and translation of HKDF key expansion with enriched assertions. - Expand detection rules in `GoCryptoHKDF` to include method parameter checks and dependent rules for better context validation. - Refactor test logic and update test files to support new HKDF details. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Introduce `GoCryptoKEMMapper` to map ML-KEM algorithm names to internal model classes. - Add `GoCryptoMLKEM` with detection rules for key encapsulation and decapsulation operations, supporting ML-KEM-768 and ML-KEM-1024. - Implement test cases to validate detection and enriched translation of ML-KEM functionalities. - Include rules for operations like `GenerateKey`, `EncapsulationKey`, and `Decapsulate` with dependency linking for enhanced handling. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…psulation actions - Introduce `GoCryptoKEMMapper` for ML-KEM mappings with encapsulation/decapsulation support in `GoKeyContextTranslator`. - Expand `KeyAction` to include encapsulation and decapsulation actions. - Update HKDF detection rules to include dependencies for enriched context handling, such as message digest and salt length. - Refactor and update test cases to validate improved translations (`HKDF-SHA256`) and new KEM-related functionalities. - Add `GoCryptoMLKEM` to integrate KEM detection rules and enhance coverage for cryptographic patterns. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ration handling - Introduce detection rules for PBKDF2 in Go's standard library (`crypto/pbkdf2`) and extend existing support for legacy implementations. - Enhance `GoKeyContextTranslator` with `IterationCount` and enrich translation logic to include iterations, key size, salt size, and hash function details. - Refactor test cases to validate detection and translation for PBKDF2 (`PBKDF2-SHA256`) with fully enriched assertions. - Add `IterationCount` model and factory for precise iteration handling and improved context validation. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Introduce `GoCryptoRC4` detection rules for identifying usage of RC4 cipher operations, including `NewCipher` and `XORKeyStream`. - Update `GoDetectionRules` to integrate RC4 rules for Go crypto detection. - Extend `GoCipherContextTranslator` to support `RC4` cipher algorithm with detection and context translation. - Add unit tests in `GoCryptoRC4Test` to validate detection and translation logic. - Include test files to illustrate noncompliance for RC4 cipher usage in Go code. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Introduce detection rules for RSA encryption (`EncryptOAEP`, `EncryptPKCS1v15`) and signing (`SignPKCS1v15`, `SignPSS`) in Go's crypto package. - Extend `GoCryptoRSA` mapper to handle RSA-specific detection and enrich translations, including padding, key length, and OID details. - Add corresponding test classes and files to validate detection (`GoCryptoRSAEncryptOAEPTest`, `GoCryptoRSAEncryptPKCS1v15Test`, `GoCryptoRSASignPKCS1v15Test`, `GoCryptoRSASignPSSTest`) with enriched context assertions. - Update test files to illustrate noncompliant cases for RSA operations, such as unsupported key lengths and padding schemes. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
… handling - Implement detection rules for key TLS operations in Go's `crypto/tls`, including `Dial`, `DialWithDialer`, `Listen`, `Server`, and `Client`. - Introduce dependent detection rules for cipher suites (`GoCryptoTLSCipherSuites`) and TLS versions (`GoCryptoTLSVersions`) to handle `*tls.Config` parameters. - Add test cases (`GoCryptoTLSTest`) and test files to validate detection of TLS connections, configurations, and associated noncompliance scenarios. - Extend the detection model to map cipher suite and version details for enriched context validation. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…arameter processing logic - Simplify internal methods by eliminating the unused `traceSymbol` parameter across the detection logic. - Consolidate parameter processing into a reusable `processParameter` method to reduce duplication and improve maintainability. - Introduce `emitDetectionAndGetRule` for streamlined initial method detection and rule retrieval. - Enhance the structure of parameter handling with support for nested expressions and dependent detection rules Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Remove `GoCryptoTLSCipherSuites` and `GoCryptoTLSVersions` detection rules. - Introduce `GoCryptoTLSVersionMapper` for streamlined version parsing and mapping. - Simplify test case structure in `GoCryptoTLSTestFile.go` by removing unused TLS configurations. - Add `CipherSuiteReorganizer` rule to enhance the handling of TLS configurations. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…tion merging - Add enriched context assertions in `GoCryptoTLSTest` for TLS protocol and cipher suite validations. - Replace `MergeableCollection` with `AbstractAssetCollection` to generalize asset collection merging. - Implement `createMerged` in collection classes for streamlined merging logic. - Update test files to reflect consistent handling of TLS versions and cipher suites. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…r for future work in Go detection rules - Deleted `.junie/guidelines.md` as it is no longer relevant or required. - Added a placeholder comment for GoCryptoX509 detection rules in `GoDetectionRules.java`. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…ndencies - Deleted Go language support test classes (`GoLanguageSupportTest`, `GoLanguageTranslationTest`, `GoScanContextTest`, `LanguageSupporterGoTest`). - Removed redundant test-related imports and static assertions from `GoCryptoTLSTest`. - Updated `pom.xml` to exclude obsolete test dependencies. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
…s in Sonar plugin - Implement new `CryptoGoSensor` for Go language to perform cryptography detection rules. - Update `pom.xml` to include Go language in `requiredForLanguages`. - Remove unused Go dependency entries from `pom.xml`. - Register `CryptoGoSensor` in `CryptographyPlugin` for sonar-go integration. - Include Go nodes in `ScannerManager` node aggregation. - Update Docker Compose SonarQube version to `26.1.0.118079-community`. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
… handling - Removed `filterOutFilesFromCache`, `writeHashToCache`, and associated cache logic. - Simplified tree handling by eliminating intermediate `CacheEntry` abstraction. - Refactored file processing and visitor logic to streamline analysis flow. - Added `@Nonnull` annotations for improved null safety and clarity. - Updated exception handling to include `IOException` where applicable. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
- Implement detection rule for AES-GCM encryption in Go's crypto package. - Add `GoCryptoAESGCMEncryptTest` and corresponding test file to validate detection of AES-GCM usage. - Update `GoDetectionEngine` to exclude parameters from constant resolution. Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
All crypto standard library packages except crypto/x509 are now covered. Added golang.org/x/crypto as a separate entry with partial coverage (hkdf, pbkdf2, sha3). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
c891a28 to
bd46e69
Compare
…urposes Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
Signed-off-by: Nicklas Körtge <Nicklas.Koertge1@ibm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Golang (crypto) support to the plugin.
FYI @san-zrl