From 29d1c32e9d8540a1ac2ad7b2f1360cb4f4c0d719 Mon Sep 17 00:00:00 2001
From: vovuas2003 <naumkin.vp@phystech.edu>
Date: Mon, 9 Mar 2026 08:45:11 -0400
Subject: [PATCH] add bearer (1st sast tool)

---
 .gitignore              |  1 +
 README.md               | 18 ++++++++++-
 sast_results/bearer.txt | 70 +++++++++++++++++++++++++++++++++++++++++
 scripts/config_sast.sh  | 16 ++++++++++
 scripts/run_sast.sh     |  9 ++++++
 5 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 sast_results/bearer.txt
 create mode 100644 scripts/config_sast.sh
 create mode 100644 scripts/run_sast.sh

diff --git a/.gitignore b/.gitignore
index 3a1ad18..3b665fd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 build/
 data/
+bin/
diff --git a/README.md b/README.md
index adb4563..8bb4fd1 100644
--- a/README.md
+++ b/README.md
@@ -143,4 +143,20 @@ bash scripts/run.sh
 Добавить нового пользователя: 
 ```
 ./build/release/add_user -username test -password 1234
-```
\ No newline at end of file
+```
+
+# SAST анализ
+
+## Настройка окружения
+
+```bash
+bash scripts/config_sast.sh
+```
+
+## Запуск анализа
+
+```bash
+bash scripts/run_sast.sh
+```
+
+Результаты анализа в sast_results
diff --git a/sast_results/bearer.txt b/sast_results/bearer.txt
new file mode 100644
index 0000000..f5f7f57
--- /dev/null
+++ b/sast_results/bearer.txt
@@ -0,0 +1,70 @@
+
+
+Security Report
+
+=====================================
+
+Rules: 
+https://docs.bearer.com/reference/rules [v0.48.4]
+
+Language  Default Rules  Custom Rules  Files  
+Go        72             0             8      
+
+
+HIGH: Unsanitized user input in file path [CWE-73]
+https://docs.bearer.com/reference/rules/go_gosec_filesystem_filereadtaint
+To ignore this finding, run: bearer ignore add 690cb9207bb6cb72edd1002fae0a0fa3_0
+
+File: internal/config/config.go:41
+
+ 41 	data, err := os.ReadFile(path)
+
+LOW: Leakage of information in logger message [CWE-532]
+https://docs.bearer.com/reference/rules/go_lang_logger_leak
+To ignore this finding, run: bearer ignore add 219087ffdfad090e6436320f68eae990_0
+
+File: cmd/add_user/main.go:33
+
+ 33 		log.Fatalf("Ошибка инициализации БД: %v\n", err)
+
+LOW: Leakage of information in logger message [CWE-532]
+https://docs.bearer.com/reference/rules/go_lang_logger_leak
+To ignore this finding, run: bearer ignore add 219087ffdfad090e6436320f68eae990_1
+
+File: cmd/add_user/main.go:41
+
+ 41 		log.Fatalf("Не удалось создать пользователя %s: %v\n", *username, err)
+
+LOW: Leakage of information in logger message [CWE-532]
+https://docs.bearer.com/reference/rules/go_lang_logger_leak
+To ignore this finding, run: bearer ignore add 533ab12ca2b781f58bc69e81cb601ad6_0
+
+File: cmd/authapp/main.go:33
+
+ 33 		log.Fatalf("Ошибка загрузки конфигурации: %v\n", err)
+
+LOW: Leakage of information in logger message [CWE-532]
+https://docs.bearer.com/reference/rules/go_lang_logger_leak
+To ignore this finding, run: bearer ignore add 533ab12ca2b781f58bc69e81cb601ad6_1
+
+File: cmd/authapp/main.go:43
+
+ 43 		log.Fatalf("Ошибка инициализации БД: %v\n", err)
+
+LOW: Leakage of information in logger message [CWE-532]
+https://docs.bearer.com/reference/rules/go_lang_logger_leak
+To ignore this finding, run: bearer ignore add 448b1db1ab73e2474723c4d659611644_0
+
+File: cmd/init_users/main.go:18
+
+ 18 		log.Fatalf("Ошибка инициализации БД: %v\n", err)
+=====================================
+
+72 checks, 6 findings
+
+CRITICAL: 0
+HIGH: 1 (CWE-73)
+MEDIUM: 0
+LOW: 5 (CWE-532)
+WARNING: 0
+
diff --git a/scripts/config_sast.sh b/scripts/config_sast.sh
new file mode 100644
index 0000000..4e99b62
--- /dev/null
+++ b/scripts/config_sast.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# --------------------------------------
+# Настройка SAST анализаторов
+# --------------------------------------
+
+echo "Установка curl"
+
+sudo apt update
+sudo apt install -y curl
+
+echo "Создание директории для результатов анализа"
+mkdir -p sast_results
+
+echo "Установка bearer"
+
+curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
diff --git a/scripts/run_sast.sh b/scripts/run_sast.sh
new file mode 100644
index 0000000..23d25a9
--- /dev/null
+++ b/scripts/run_sast.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# --------------------------------------
+# Запуск SAST анализа
+# --------------------------------------
+
+echo "Запуск bearer"
+./bin/bearer scan --output sast_results/bearer.txt .
+
+echo "Анализ завершён, результаты в sast_results"