Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gokart for openSUSE:Factory checked in at 2022-02-07 23:38:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gokart (Old) and /work/SRC/openSUSE:Factory/.gokart.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gokart" Mon Feb 7 23:38:07 2022 rev:4 rq:952043 version:0.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gokart/gokart.changes 2021-10-11 15:32:23.070918773 +0200 +++ /work/SRC/openSUSE:Factory/.gokart.new.1898/gokart.changes 2022-02-07 23:39:12.561985063 +0100 @@ -1,0 +2,11 @@ +Fri Feb 04 13:29:03 UTC 2022 - [email protected] + +- Update to version 0.4.0: + * Update removal of bad packages from package list + * Add version command to gokart + * Fix incorrect use of closures + * Emit JSON output only once + * Improve error reporting + * Added syscall CMDi sinks + +------------------------------------------------------------------- Old: ---- gokart-0.3.0.tar.gz New: ---- gokart-0.4.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gokart.spec ++++++ --- /var/tmp/diff_new_pack.w7jJRw/_old 2022-02-07 23:39:13.205980656 +0100 +++ /var/tmp/diff_new_pack.w7jJRw/_new 2022-02-07 23:39:13.209980630 +0100 @@ -1,7 +1,7 @@ # # spec file for package gokart # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gokart -Version: 0.3.0 +Version: 0.4.0 Release: 0 Summary: Static analysis tool for securing Go code License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.w7jJRw/_old 2022-02-07 23:39:13.241980410 +0100 +++ /var/tmp/diff_new_pack.w7jJRw/_new 2022-02-07 23:39:13.245980383 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/praetorian-inc/gokart.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.3.0</param> + <param name="revision">v0.4.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.w7jJRw/_old 2022-02-07 23:39:13.265980246 +0100 +++ /var/tmp/diff_new_pack.w7jJRw/_new 2022-02-07 23:39:13.269980219 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/praetorian-inc/gokart.git</param> - <param name="changesrevision">bb678c03b385071f6a160bd8baed0dacf399165e</param></service></servicedata> + <param name="changesrevision">2a2120f0fb5b9dc2654bdad55a316783088c8bb1</param></service></servicedata> (No newline at EOF) ++++++ gokart-0.3.0.tar.gz -> gokart-0.4.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/README.md new/gokart-0.4.0/README.md --- old/gokart-0.3.0/README.md 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/README.md 2022-01-26 17:46:52.000000000 +0100 @@ -15,6 +15,12 @@ traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. +GoKart also helps to power [**Chariot**](https://lp.praetorian.com/l/874901/2021-11-24/dtw1j?utm_source=github&utm_medium=organic_oss&utm_campaign=gokart), +Praetorian's security platform that helps you find, manage, and fix vulnerabilities in your source +code and cloud environments. Chariot makes it simple to run automated, continuous GoKart scans on +your source code. If you want to try GoKart, you can set up a free Chariot account in minutes by +clicking [here](https://chariot.praetorian.com/app/login?register&utm_source=github&utm_medium=organic_oss&utm_campaign=gokart). + ## Why We Built GoKart Static analysis is a powerful technique for finding vulnerabilities in source code. @@ -30,7 +36,7 @@ accuracy of findings. Our focus is on usability: pragmatically, that means we have optimized our approaches to reduce false alarms. -For more information, please read [our blog post](https://www.praetorian.com/blog/introducing-gokart/). +For more information, please read [our blog post](https://www.praetorian.com/blog/introducing-gokart?utm_source=github&utm_medium=organic_oss&utm_campaign=gokart). ## Install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/analyzers/cmdi.go new/gokart-0.4.0/analyzers/cmdi.go --- old/gokart-0.3.0/analyzers/cmdi.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/analyzers/cmdi.go 2022-01-26 17:46:52.000000000 +0100 @@ -34,7 +34,9 @@ // vulnCmdInjectionFuncs() returns a map of command injection functions that may be vulnerable when used with user controlled input func vulnCmdInjectionFuncs() map[string][]string { return map[string][]string{ - "os/exec": {"Command", "CommandContext"}, + "os/exec": {"Command", "CommandContext"}, + "syscall": {"Exec", "ForkExec", "StartProcess"}, + "golang.org/x/sys/execabs/": {"Command", "CommandContext"}, } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/analyzers/generic.go new/gokart-0.4.0/analyzers/generic.go --- old/gokart-0.3.0/analyzers/generic.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/analyzers/generic.go 2022-01-26 17:46:52.000000000 +0100 @@ -66,8 +66,9 @@ var analyzers []*analysis.Analyzer for analyzerName, analyzerDict := range util.ScanConfig.Analyzers { + vulnCalls, analyzerName, message := analyzerDict.VulnCalls, analyzerName, analyzerDict.Message analyzerFunc := func(pass *analysis.Pass) (interface{}, error) { - return genericFunctionRun(pass, analyzerDict.VulnCalls, analyzerName, analyzerDict.Message) + return genericFunctionRun(pass, vulnCalls, analyzerName, message) } analysisRun := analysis.Analyzer{ Name: analyzerName, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/analyzers/scan.go new/gokart-0.4.0/analyzers/scan.go --- old/gokart-0.3.0/analyzers/scan.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/analyzers/scan.go 2022-01-26 17:46:52.000000000 +0100 @@ -60,16 +60,20 @@ } func OutputResults(results []util.Finding, success bool) error { - var stdOutPipe, outputFile *os.File var outputColor = true if util.Config.OutputPath != "" { - stdOutPipe = os.Stdout // keep backup of the real stdout // open file read/write | create if not exist | clear file at open if exists outputFile, err := os.OpenFile(util.Config.OutputPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666) if err != nil { return err } + defer outputFile.Close() + + var stdOutPipe = os.Stdout // keep backup of the real stdout + defer func() { + os.Stdout = stdOutPipe // restore the real stdout + }() os.Stdout = outputFile outputColor = false } @@ -82,14 +86,6 @@ fmt.Println(string(res)) } - if util.Config.OutputJSON && success { - res, err := json.Marshal(results) - if err != nil { - return err - } - fmt.Println(string(res)) - } - for _, finding := range results { util.OutputFinding(finding, outputColor) } @@ -100,14 +96,6 @@ fmt.Println() } - // if output was redirected for findings, change it back to the original stdout - if util.Config.OutputPath != "" { - // also generate the count of findings identified to the output file - util.OutputFindingMetadata(results, outputColor) - outputFile.Close() - os.Stdout = stdOutPipe // restoring the real stdout - } - return nil } @@ -179,9 +167,8 @@ // Calculate time taken scan_time := time.Since(run_begin_time) - /* Unless the argument given is an absolute path, the path to the source file for findings are trimmed - * to be relative to the most specific path shared by the argument and the current working directory. - */ + // Unless the argument given is an absolute path, the path to the source file for findings are trimmed + // to be relative to the most specific path shared by the argument and the current working directory. parent_dir := "" if len(args) > 0 && !filepath.IsAbs(args[0]) { full_path, _ := filepath.Abs(args[0]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/cmd/scan_test.go new/gokart-0.4.0/cmd/scan_test.go --- old/gokart-0.3.0/cmd/scan_test.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/cmd/scan_test.go 2022-01-26 17:46:52.000000000 +0100 @@ -25,7 +25,7 @@ moduledir string }{ {[]string{"scan"}, "GoKart found 0 potentially vulnerable functions", ""}, - {[]string{"scan", "-r", "https://github.com/praetorian-inc/gokart"}, "GoKart found 0 potentially vulnerable functions", cur_dir + "/gokart"}, + {[]string{"scan", "-r", "https://github.com/praetorian-inc/gokart"}, "GoKart found 0 potentially vulnerable functions", cur_dir + "/gokart"}, {[]string{"scan", "--help"}, " -v, --verbose outputs full trace of taint analysis", ""}, } for _, tt := range tests { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/cmd/version.go new/gokart-0.4.0/cmd/version.go --- old/gokart-0.3.0/cmd/version.go 1970-01-01 01:00:00.000000000 +0100 +++ new/gokart-0.4.0/cmd/version.go 2022-01-26 17:46:52.000000000 +0100 @@ -0,0 +1,57 @@ +// Copyright 2021 Steven Roberts <[email protected]> +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Implementation of Semantic Versioning. +// https://semver.org/ +package cmd + +import ( + "fmt" + + "github.com/spf13/cobra" +) + +type Version struct { + Major int + Minor int + Patch int + PreRelease string +} + +func (v *Version) String() string { + return fmt.Sprintf("%d.%d.%d%s", + v.Major, v.Minor, v.Patch, v.PreRelease) +} + +var ( + // Update the version information here. + versionInfo = &Version{ + Major: 0, + Minor: 4, + Patch: 0, + PreRelease: "", + } + versionCmd = &cobra.Command{ + Use: "version", + Short: "Print version information", + Args: cobra.NoArgs, + Run: func(cmd *cobra.Command, args []string) { + fmt.Printf("v%s\n", versionInfo) + }, + } +) + +func init() { + goKartCmd.AddCommand(versionCmd) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/go.mod new/gokart-0.4.0/go.mod --- old/gokart-0.3.0/go.mod 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/go.mod 2022-01-26 17:46:52.000000000 +0100 @@ -4,7 +4,8 @@ require ( github.com/fatih/color v1.12.0 - github.com/go-git/go-git/v5 v5.4.2 // indirect + github.com/go-git/go-git/v5 v5.4.2 + github.com/google/go-cmp v0.5.5 github.com/lithammer/dedent v1.1.0 github.com/owenrumney/go-sarif v1.0.11 github.com/segmentio/fasthash v1.0.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/go.sum new/gokart-0.4.0/go.sum --- old/gokart-0.3.0/go.sum 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/go.sum 2022-01-26 17:46:52.000000000 +0100 @@ -46,12 +46,14 @@ github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= @@ -85,12 +87,14 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= @@ -202,16 +206,17 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= @@ -239,6 +244,7 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -455,6 +461,7 @@ golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -628,10 +635,10 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -642,6 +649,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/main.go new/gokart-0.4.0/main.go --- old/gokart-0.3.0/main.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/main.go 2022-01-26 17:46:52.000000000 +0100 @@ -28,19 +28,16 @@ package main import ( - "flag" "fmt" + "os" "github.com/praetorian-inc/gokart/cmd" ) func main() { - cmd.Execute() - flag.Parse() // get the arguments from command line - - // if there is a first argument that is not scan, print out an error message - arg := flag.Arg(0) - if arg != "scan" && arg != "" && arg != "help" { - fmt.Printf("\nGoKart is fishtailing! Make sure to use \"gokart scan\" as the beginning of the command to steer GoKart in the right direction.\n\n") + err := cmd.Execute() + if err != nil { + fmt.Printf("\nError: %s\n\nTry \"gokart help\" to steer GoKart in the right direction.\n\n", err) + os.Exit(1) } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/run/run.go new/gokart-0.4.0/run/run.go --- old/gokart-0.3.0/run/run.go 2021-09-20 23:52:51.000000000 +0200 +++ new/gokart-0.4.0/run/run.go 2022-01-26 17:46:52.000000000 +0100 @@ -20,6 +20,8 @@ import ( "fmt" "go/token" + "os" + "strings" "github.com/praetorian-inc/gokart/util" "golang.org/x/tools/go/analysis" @@ -51,7 +53,6 @@ // Load go packages func LoadPackages(packagesList ...string) ([]*packages.Package, bool, error) { success := true - hadBadpkgs := false conf := packages.Config{ Mode: packages.LoadSyntax, //Disable loading tests. If we enable this, then packages will be loaded twice. Once with tests, once without. @@ -66,58 +67,44 @@ return nil, false, err } // Detect any packages that are unable to be scanned due to compilation or accessibility errors - var badpkgs []*packages.Package + badpkgs := make(map[*packages.Package]bool) packages.Visit(pkgs, nil, func(pkg *packages.Package) { - for range pkg.Errors { - badpkgs = append(badpkgs, pkg) - break + if len(pkg.Errors) != 0 { + badpkgs[pkg] = true } }) - // Print error message if a package was unable to be loaded - if len(badpkgs) > 0 { - fmt.Printf("\nUh oh, a dashboard light is on! GoKart was unable to load the following packages: \n") - hadBadpkgs = true - } - for _, v := range badpkgs { - pkgs = RemoveItem(v, pkgs) - } - // Only print separator if we've found removed bad packages - if hadBadpkgs { - fmt.Printf("\n\n") + if len(badpkgs) != 0 { + fmt.Fprintf(os.Stderr, "\nUh oh, a dashboard light is on! GoKart was unable to load the following packages: \n") + pkgs = RemoveBadPackages(pkgs, badpkgs) + fmt.Fprintf(os.Stderr, "\n\n") } - // Print error mssage if no scannable packages are found + + // Print error message if no scannable packages are found if len(pkgs) == 0 { - fmt.Printf("CRASH! GoKart didn't find any files to scan! Make sure the usage is correct to get GoKart back on track. \n" + + fmt.Fprintf(os.Stderr, "CRASH! GoKart didn't find any files to scan! Make sure the usage is correct to get GoKart back on track. \n"+ "If the usage appears to be correct, try pointing gokart at the directory from where you would run 'go build'. \n") success = false } return pkgs, success, nil } -// Remove bad packages from the list of packages to be scanned -func RemoveItem(pkg *packages.Package, pkglist []*packages.Package) []*packages.Package { - for x, val := range pkglist { - if pkg == val { - if util.Config.Debug { - fmt.Printf("\"%s\" with errors:\n", pkg.Name) - } else { - fmt.Printf("- \"%s\"\n", pkg.PkgPath) - } - - if util.Config.Debug { - for _, pkgError := range pkg.Errors { - fmt.Printf("- %s\n", pkgError.Error()) - } - } - if len(pkglist) < 2 { - return pkglist[0:0] +// RemoveBadPackages takes the full list of packages and a map containing the packages that produced errors while being loaded. +func RemoveBadPackages(allPackages []*packages.Package, badPackages map[*packages.Package]bool) []*packages.Package { + buf := new(strings.Builder) + goodPackages := make([]*packages.Package, 0, len(allPackages)) + for _, pkg := range allPackages { + if badPackages[pkg] { + fmt.Fprintf(buf, "\n%s:\n", pkg.PkgPath) + for _, pkgError := range pkg.Errors { + fmt.Fprintf(buf, "- %s\n", pkgError.Error()) } - pkglist[x] = pkglist[len(pkglist)-1] - return pkglist[0 : len(pkglist)-2] + } else { + goodPackages = append(goodPackages, pkg) } } - return pkglist + fmt.Fprint(os.Stderr, buf.String()) + return goodPackages } // Run analyzers on a package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gokart-0.3.0/run/run_test.go new/gokart-0.4.0/run/run_test.go --- old/gokart-0.3.0/run/run_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/gokart-0.4.0/run/run_test.go 2022-01-26 17:46:52.000000000 +0100 @@ -0,0 +1,72 @@ +package run + +import ( + "sort" + "testing" + + "github.com/google/go-cmp/cmp" + "golang.org/x/tools/go/packages" +) + +var ( + pkgFoo = &packages.Package{ + ID: "foo", + } + pkgBar = &packages.Package{ + ID: "bar", + } + pkgBaz = &packages.Package{ + ID: "baz", + } +) + +func TestRemoveBadPackages(t *testing.T) { + testCases := []struct { + name string + badPackages map[*packages.Package]bool + want []*packages.Package + }{ + { + name: "no bad packages", + badPackages: nil, + want: []*packages.Package{pkgFoo, pkgBar, pkgBaz}, + }, + { + name: "one bad package", + badPackages: map[*packages.Package]bool{ + pkgFoo: true, + }, + want: []*packages.Package{pkgBar, pkgBaz}, + }, + { + name: "all packages are bad", + badPackages: map[*packages.Package]bool{ + pkgFoo: true, + pkgBar: true, + pkgBaz: true, + }, + want: []*packages.Package{}, + }, + } + + sortSlices := cmp.Transformer("Sort", func(in []*packages.Package) []*packages.Package { + out := append([]*packages.Package(nil), in...) + sort.SliceStable(out, func(i, j int) bool { + return out[i].ID < out[j].ID + }) + return out + }) + cmpPkgs := cmp.Comparer(func(x, y *packages.Package) bool { + return x.ID == y.ID + }) + + allPackages := []*packages.Package{pkgFoo, pkgBar, pkgBaz} + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + got := RemoveBadPackages(allPackages, tc.badPackages) + if diff := cmp.Diff(tc.want, got, cmpPkgs, sortSlices); diff != "" { + t.Errorf("RemoveBadPackages(%v, %v) returned an unexpected diff (-want +got):\n%s", allPackages, tc.badPackages, diff) + } + }) + } +} ++++++ vendor.tar.gz ++++++ ++++ 5020 lines of diff (skipped)
