mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Track both #nosec and #nosec rulelist for one violation (#741)
This commit is contained in:
parent
e0f354aa0d
commit
2d1c1a6df7
2 changed files with 28 additions and 6 deletions
11
analyzer.go
11
analyzer.go
|
@ -394,10 +394,13 @@ func (gosec *Analyzer) Visit(n ast.Node) ast.Visitor {
|
||||||
|
|
||||||
for _, rule := range gosec.ruleset.RegisteredFor(n) {
|
for _, rule := range gosec.ruleset.RegisteredFor(n) {
|
||||||
// Check if all rules are ignored.
|
// Check if all rules are ignored.
|
||||||
suppressions, ignored := ignores[aliasOfAllRules]
|
generalSuppressions, generalIgnored := ignores[aliasOfAllRules]
|
||||||
if !ignored {
|
// Check if the specific rule is ignored
|
||||||
suppressions, ignored = ignores[rule.ID()]
|
ruleSuppressions, ruleIgnored := ignores[rule.ID()]
|
||||||
}
|
|
||||||
|
ignored := generalIgnored || ruleIgnored
|
||||||
|
suppressions := append(generalSuppressions, ruleSuppressions...)
|
||||||
|
|
||||||
// Track external suppressions.
|
// Track external suppressions.
|
||||||
if gosec.ruleset.IsRuleSuppressed(rule.ID()) {
|
if gosec.ruleset.IsRuleSuppressed(rule.ID()) {
|
||||||
ignored = true
|
ignored = true
|
||||||
|
|
|
@ -620,7 +620,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
err = analyzer.Process(buildTags, nosecPackage.Path)
|
err = analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
issues, _, _ := analyzer.Report()
|
issues, _, _ := analyzer.Report()
|
||||||
Expect(issues).To(HaveLen(1))
|
Expect(issues).To(HaveLen(sample.Errors))
|
||||||
Expect(issues[0].Suppressions).To(HaveLen(1))
|
Expect(issues[0].Suppressions).To(HaveLen(1))
|
||||||
Expect(issues[0].Suppressions[0].Kind).To(Equal("inSource"))
|
Expect(issues[0].Suppressions[0].Kind).To(Equal("inSource"))
|
||||||
Expect(issues[0].Suppressions[0].Justification).To(Equal("Justification"))
|
Expect(issues[0].Suppressions[0].Justification).To(Equal("Justification"))
|
||||||
|
@ -640,12 +640,31 @@ var _ = Describe("Analyzer", func() {
|
||||||
err = analyzer.Process(buildTags, nosecPackage.Path)
|
err = analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
issues, _, _ := analyzer.Report()
|
issues, _, _ := analyzer.Report()
|
||||||
Expect(issues).To(HaveLen(1))
|
Expect(issues).To(HaveLen(sample.Errors))
|
||||||
Expect(issues[0].Suppressions).To(HaveLen(1))
|
Expect(issues[0].Suppressions).To(HaveLen(1))
|
||||||
Expect(issues[0].Suppressions[0].Kind).To(Equal("inSource"))
|
Expect(issues[0].Suppressions[0].Kind).To(Equal("inSource"))
|
||||||
Expect(issues[0].Suppressions[0].Justification).To(Equal(""))
|
Expect(issues[0].Suppressions[0].Justification).To(Equal(""))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("should track multiple suppressions if the violation is suppressed by both #nosec and #nosec RuleList", func() {
|
||||||
|
sample := testutils.SampleCodeG101[0]
|
||||||
|
source := sample.Code[0]
|
||||||
|
analyzer.LoadRules(rules.Generate(false, rules.NewRuleFilter(false, "G101")).RulesInfo())
|
||||||
|
|
||||||
|
nosecPackage := testutils.NewTestPackage()
|
||||||
|
defer nosecPackage.Close()
|
||||||
|
nosecSource := strings.Replace(source, "}", "} //#nosec G101 -- Justification", 1)
|
||||||
|
nosecSource = strings.Replace(nosecSource, "func", "//#nosec\nfunc", 1)
|
||||||
|
nosecPackage.AddFile("pwd.go", nosecSource)
|
||||||
|
err := nosecPackage.Build()
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
err = analyzer.Process(buildTags, nosecPackage.Path)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
issues, _, _ := analyzer.Report()
|
||||||
|
Expect(issues).To(HaveLen(sample.Errors))
|
||||||
|
Expect(issues[0].Suppressions).To(HaveLen(2))
|
||||||
|
})
|
||||||
|
|
||||||
It("should not report an error if the rule is not included", func() {
|
It("should not report an error if the rule is not included", func() {
|
||||||
sample := testutils.SampleCodeG101[0]
|
sample := testutils.SampleCodeG101[0]
|
||||||
source := sample.Code[0]
|
source := sample.Code[0]
|
||||||
|
|
Loading…
Reference in a new issue