[go: up one dir, main page]

Skip to content

peakle/security-rules

Repository files navigation

security-rules

Ruleguard security rules

Tests Go Report Card Go Reference

What are we checking now?:

  1. HTTP without SSL
  2. old hash functions like: md5
  3. TLS insecureSkipVerify option usage
  4. Old TLS versions
  5. Old cipher functions usage: like RC4
  6. Swagger body validation function usage

How to use:

Full installation example: https://github.com/peakle/dc-rules-example

  1. Install rules:
    go get -v github.com/peakle/security-rules
  2. Create rules.go file in your project like in example
  3. Add linter to your pipeline:
    1. Like another one check in golangci-lint (will work for golangci-lint >v1.27.0):

      linters:
        enable:
          - gocritic
      linters-settings:
        gocritic:
          enabled-checks:
            - ruleguard
          settings:
            ruleguard:
              rules: "YourDir/rules.go"
    2. Like file watcher in Goland IDE (will work for golangci-lint >v1.27.0):

      1. add golangci-lint as File Watcher in IDE (Preferences -> Tools -> File Watchers -> Add)
      2. set Arguments field where .golangci.yml file will be like example above:
      run $FileDir$ --config=$ProjectFileDir$/.golangci.yml
      

How to update to new rules version:

  1. update rules version in your go.mod file
  2. download new rules version:
    go get github.com/peakle/security-rules@newVersion
  3. if you using golangci-lint update cache:
    golangci-lint cache clean

How to add new checks:

  1. Ruleguard tour for newbees: https://go-ruleguard.github.io/by-example
  2. Fork repo && open PR :D