mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
parent
6c0b34426c
commit
35af340d07
2 changed files with 22 additions and 5 deletions
|
@ -319,16 +319,16 @@ func (gosec *Analyzer) ignore(n ast.Node) map[string]SuppressionInfo {
|
|||
}
|
||||
|
||||
for _, group := range groups {
|
||||
|
||||
foundDefaultTag := strings.HasPrefix(group.Text(), noSecDefaultTag)
|
||||
foundAlternativeTag := strings.HasPrefix(group.Text(), noSecAlternativeTag)
|
||||
comment := strings.TrimSpace(group.Text())
|
||||
foundDefaultTag := strings.HasPrefix(comment, noSecDefaultTag)
|
||||
foundAlternativeTag := strings.HasPrefix(comment, noSecAlternativeTag)
|
||||
|
||||
if foundDefaultTag || foundAlternativeTag {
|
||||
gosec.stats.NumNosec++
|
||||
|
||||
// Extract the directive and the justification.
|
||||
justification := ""
|
||||
commentParts := regexp.MustCompile(`-{2,}`).Split(group.Text(), 2)
|
||||
commentParts := regexp.MustCompile(`-{2,}`).Split(comment, 2)
|
||||
directive := commentParts[0]
|
||||
if len(commentParts) > 1 {
|
||||
justification = strings.TrimSpace(strings.TrimRight(commentParts[1], "\n"))
|
||||
|
|
|
@ -139,7 +139,7 @@ var _ = Describe("Analyzer", func() {
|
|||
}
|
||||
})
|
||||
|
||||
It("should not report errors when a nosec comment is present", func() {
|
||||
It("should not report errors when a nosec line comment is present", func() {
|
||||
sample := testutils.SampleCodeG401[0]
|
||||
source := sample.Code[0]
|
||||
analyzer.LoadRules(rules.Generate(false, rules.NewRuleFilter(false, "G401")).RulesInfo())
|
||||
|
@ -156,6 +156,23 @@ var _ = Describe("Analyzer", func() {
|
|||
Expect(nosecIssues).Should(BeEmpty())
|
||||
})
|
||||
|
||||
It("should not report errors when a nosec block comment is present", func() {
|
||||
sample := testutils.SampleCodeG401[0]
|
||||
source := sample.Code[0]
|
||||
analyzer.LoadRules(rules.Generate(false, rules.NewRuleFilter(false, "G401")).RulesInfo())
|
||||
|
||||
nosecPackage := testutils.NewTestPackage()
|
||||
defer nosecPackage.Close()
|
||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() /* #nosec */", 1)
|
||||
nosecPackage.AddFile("md5.go", nosecSource)
|
||||
err := nosecPackage.Build()
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
err = analyzer.Process(buildTags, nosecPackage.Path)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
nosecIssues, _, _ := analyzer.Report()
|
||||
Expect(nosecIssues).Should(BeEmpty())
|
||||
})
|
||||
|
||||
It("should not report errors when an exclude comment is present for the correct rule", func() {
|
||||
// Rule for MD5 weak crypto usage
|
||||
sample := testutils.SampleCodeG401[0]
|
||||
|
|
Loading…
Reference in a new issue