GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → quasilyte → Go Ruleguard

quasilyte / Go Ruleguard

Licence: bsd-3-clause
Define and run pattern-based custom linting rules.

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

static-analysislinteranalysis

Projects that are alternatives of or similar to Go Ruleguard

lints
Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-96.52%)
Mutual labels:  analysis, linter, static-analysis
Static Analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+2215.92%)
Mutual labels:  static-analysis, linter, analysis
constyble
CSS complexity linter
Stars: ✭ 92 (-77.11%)
Mutual labels:  analysis, linter, static-analysis
Exakat
The Exakat Engine : smart static analysis for PHP
Stars: ✭ 346 (-13.93%)
Mutual labels:  static-analysis, linter, analysis
Detekt
Static code analysis for Kotlin
Stars: ✭ 4,169 (+937.06%)
Mutual labels:  linter, analysis, static-analysis
Goreporter
A Golang tool that does static analysis, unit testing, code review and generate code quality report.
Stars: ✭ 2,943 (+632.09%)
Mutual labels:  static-analysis, linter
Wotan
Pluggable TypeScript and JavaScript linter
Stars: ✭ 271 (-32.59%)
Mutual labels:  static-analysis, linter
Linter
Static Analysis Compiler Plugin for Scala
Stars: ✭ 273 (-32.09%)
Mutual labels:  static-analysis, linter
Horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (-22.64%)
Mutual labels:  static-analysis, analysis
static file analysis
Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-91.54%)
Mutual labels:  analysis, static-analysis
Reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+1029.6%)
Mutual labels:  static-analysis, linter
Credo
A static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Stars: ✭ 4,144 (+930.85%)
Mutual labels:  static-analysis, linter
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-36.82%)
Mutual labels:  static-analysis, analysis
unimport
A linter, formatter for finding and removing unused import statements.
Stars: ✭ 119 (-70.4%)
Mutual labels:  linter, static-analysis
Chronos
Chronos - A static race detector for the go language
Stars: ✭ 272 (-32.34%)
Mutual labels:  static-analysis, analysis
MalScan
A Simple PE File Heuristics Scanners
Stars: ✭ 41 (-89.8%)
Mutual labels:  analysis, static-analysis
Pytype
A static type analyzer for Python code
Stars: ✭ 3,545 (+781.84%)
Mutual labels:  static-analysis, linter
Dlint
Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.
Stars: ✭ 320 (-20.4%)
Mutual labels:  static-analysis, linter
Pmd
An extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (+812.19%)
Mutual labels:  static-analysis, linter
analysis-net
Static analysis framework for .NET programs.
Stars: ✭ 19 (-95.27%)
Mutual labels:  analysis, static-analysis
View All Similar Projects ➔

go-ruleguard

Build Status Build Status PkgGoDev Go Report Card Code Coverage

Logo

Overview

analysis-based Go linter that runs dynamically loaded rules.

You write the rules, ruleguard checks whether they are satisfied.

ruleguard has some similarities with GitHub CodeQL, but it's dedicated to Go only.

Features:

  • Custom linting rules without re-compilation and Go plugins
  • Diagnostics are written in a declarative way
  • Quickfix actions support
  • Powerful match filtering features, like expression type pattern matching
  • Rules can be installed as Go modules
  • Integrated into golangci-lint

It can also be easily embedded into other static analyzers. go-critic can be used as an example.

Quick start

It's advised that you get a binary from the latest release {linux/amd64, linux/arm64, darwin/amd64, windows/amd64}.

If you want to install the ruleguard from source, it's as simple as:

# Installs a `ruleguard` binary under your `$(go env GOPATH)/bin`
$ GO111MODULE=on go get -v -u github.com/quasilyte/go-ruleguard/cmd/ruleguard

# Get the DSL package (needed to execute the ruleguard files)
$ go get -v -u github.com/quasilyte/go-ruleguard/dsl

If inside a Go module, the dsl package will be installed for the current module, otherwise it installs the package into the $GOPATH and it will be globally available.

If $GOPATH/bin is under your system $PATH, ruleguard command should be available after that:

$ ruleguard -help
ruleguard: execute dynamic gogrep-based rules

Usage: ruleguard [-flag] [package]

Flags:
  -rules string
    	comma-separated list of ruleguard file paths
  -e string
    	execute a single rule from a given string
  -fix
    	apply all suggested fixes
  -c int
    	display offending line with this many lines of context (default -1)
  -json
    	emit JSON output

Create a test rules.go file:

package gorules

import "github.com/quasilyte/go-ruleguard/dsl"

func dupSubExpr(m dsl.Matcher) {
	m.Match(`$x || $x`,
		`$x && $x`,
		`$x | $x`,
		`$x & $x`).
		Where(m["x"].Pure).
		Report(`suspicious identical LHS and RHS`)
}

func boolExprSimplify(m dsl.Matcher) {
	m.Match(`!($x != $y)`).Suggest(`$x == $y`)
	m.Match(`!($x == $y)`).Suggest(`$x != $y`)
}

Create a test example.go target file:

package main

func main() {
	var v1, v2 int
	println(!(v1 != v2))
	println(!(v1 == v2))
	if v1 == 0 && v1 == 0 {
		println("hello, world!")
	}
}

Run ruleguard on that target file:

$ ruleguard -rules rules.go -fix example.go
example.go:5:10: hint: suggested: v1 == v2
example.go:6:10: hint: suggested: v1 != v2
example.go:7:5: error: suspicious identical LHS and RHS

Since we ran ruleguard with -fix argument, both suggested changes are applied to example.go.

There is also a -e mode that is useful during the pattern debugging:

$ ruleguard -e 'm.Match(`!($x != $y)`)' example.go
example.go:5:10: !(v1 != v2)

It automatically inserts Report("$$") into the specified pattern.

You can use -debug-group <name> flag to see explanations on why some rules rejected the match (e.g. which Where() condition failed).

The -e generated rule will have e name, so it can be debugged as well.

How does it work?

First, it parses ruleguard files (e.g. rules.go) during the start to load the rule set.

Loaded rules are then used to check the specified targets (Go files, packages).

The rules.go file is written in terms of dsl API. Ruleguard files contain a set of functions that serve as a rule groups. Every such function accepts a single dsl.Matcher argument that is then used to define and configure rules inside the group.

A rule definition always starts with Match(patterns...) method call and ends with Report(message) method call.

There can be additional calls in between these two. For example, a Where(cond) call applies constraints to a match to decide whether its accepted or rejected. So even if there is a match for a pattern, it won't produce a report message unless it satisfies a Where() condition.

Documentation

Rule set examples

Extra references

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].