mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Use regular expressions for file exclusions
Also exclude all files starting with underscore or dot
This commit is contained in:
parent
6de76c9261
commit
23cfb6587a
5 changed files with 57 additions and 29 deletions
45
filelist.go
45
filelist.go
|
@ -15,10 +15,9 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"regexp"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/ryanuber/go-glob"
|
||||
)
|
||||
|
||||
// fileList uses a map for patterns to ensure each pattern only
|
||||
|
@ -31,7 +30,9 @@ func newFileList(paths ...string) *fileList {
|
|||
f := &fileList{
|
||||
patterns: make(map[string]struct{}),
|
||||
}
|
||||
var replacer = strings.NewReplacer("*", ".*")
|
||||
for _, p := range paths {
|
||||
p = replacer.Replace(p)
|
||||
f.patterns[p] = struct{}{}
|
||||
}
|
||||
return f
|
||||
|
@ -57,31 +58,27 @@ func (f *fileList) Set(path string) error {
|
|||
|
||||
func (f fileList) Contains(path string) bool {
|
||||
for p := range f.patterns {
|
||||
if strings.Contains(p, glob.GLOB) {
|
||||
if glob.Glob(p, path) {
|
||||
if logger != nil {
|
||||
logger.Printf("skipping: %s\n", path)
|
||||
}
|
||||
return true
|
||||
// check if the path matches the regular expression pattern
|
||||
r, err := regexp.Compile(p)
|
||||
if err != nil {
|
||||
if logger != nil {
|
||||
logger.Printf("invalid pattern: %s\n", p)
|
||||
}
|
||||
} else {
|
||||
// check if only a sub-folder of the path is excluded
|
||||
if strings.Contains(path, p) {
|
||||
if logger != nil {
|
||||
logger.Printf("skipping: %s\n", path)
|
||||
}
|
||||
return true
|
||||
continue
|
||||
}
|
||||
if r.MatchString(path) {
|
||||
if logger != nil {
|
||||
logger.Printf("skipping: %s\n", path)
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
// check if only a sub-folder of the path is excluded
|
||||
if strings.Contains(path, p) {
|
||||
if logger != nil {
|
||||
logger.Printf("skipping: %s\n", path)
|
||||
}
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
/*
|
||||
func (f fileList) Dump() {
|
||||
for k, _ := range f.paths {
|
||||
println(k)
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
|
|
@ -28,7 +28,7 @@ func Test_newFileList(t *testing.T) {
|
|||
name: "have paths",
|
||||
args: args{paths: []string{"*_test.go"}},
|
||||
want: &fileList{patterns: map[string]struct{}{
|
||||
"*_test.go": struct{}{},
|
||||
".*_test.go": struct{}{},
|
||||
}},
|
||||
},
|
||||
}
|
||||
|
|
6
main.go
6
main.go
|
@ -153,9 +153,9 @@ func main() {
|
|||
// Setup usage description
|
||||
flag.Usage = usage
|
||||
|
||||
// Exclude files
|
||||
excluded := newFileList("*_test.go")
|
||||
flag.Var(excluded, "skip", "File pattern to exclude from scan. Uses simple * globs and requires full or partial match")
|
||||
// Exclude test files and files starting with _ or .
|
||||
excluded := newFileList("*_test.go", "(^|.*[^a-zA-Z0-9_]+)?_[a-zA-Z0-9_]+.go", "(^|.*[^a-zA-Z0-9_]+)?\\.[a-zA-Z0-9_]+.go")
|
||||
flag.Var(excluded, "skip", "File pattern to exclude from scan. Uses simple * globs or a regexp and requires full or partial match")
|
||||
|
||||
incRules := ""
|
||||
flag.StringVar(&incRules, "include", "", "Comma separated list of rules IDs to include. (see rule list)")
|
||||
|
|
32
main_test.go
32
main_test.go
|
@ -36,6 +36,38 @@ func Test_shouldInclude(t *testing.T) {
|
|||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: ".go file starting with _ are excluded",
|
||||
args: args{
|
||||
path: "_thing.go",
|
||||
excluded: newFileList("(^|.*[^a-zA-Z0-9_]+)?_[a-zA-Z0-9_]+.go"),
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: ".go file starting with _ in a path are excluded",
|
||||
args: args{
|
||||
path: "/test/_thing.go",
|
||||
excluded: newFileList("(^|.*[^a-zA-Z0-9_]+)?_[a-zA-Z0-9_]+.go"),
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: ".go file starting with . are excluded",
|
||||
args: args{
|
||||
path: ".thing.go",
|
||||
excluded: newFileList("(^|.*[^a-zA-Z0-9_]+)?\\.[a-zA-Z0-9_]+.go"),
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
{
|
||||
name: ".go file starting with . in a path are excluded",
|
||||
args: args{
|
||||
path: "/test/.thing.go",
|
||||
excluded: newFileList("(^|.*[^a-zA-Z0-9_]+)?\\.[a-zA-Z0-9_]+.go"),
|
||||
},
|
||||
want: false,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if got := shouldInclude(tt.args.path, tt.args.excluded); got != tt.want {
|
||||
|
|
|
@ -4,4 +4,3 @@ github.com/GoAstScanner/gas
|
|||
# import
|
||||
github.com/GoASTScanner/gas cc52ef5
|
||||
github.com/nbutton23/zxcvbn-go a22cb81
|
||||
github.com/ryanuber/go-glob v0.1
|
||||
|
|
Loading…
Reference in a new issue