mirror of
https://github.com/securego/gosec.git
synced 2024-11-05 19:45:51 +00:00
Append the package load errors to analyser's errors
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar
Cosmin Cojocar
parent
aac9b00845
commit
3e69a8c8a2
3 changed files with 68 additions and 24 deletions
30
analyzer.go
30
analyzer.go
|
|
@ -107,7 +107,7 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
|
|||
for _, pkgPath := range packagePaths {
|
||||
pkgs, err := gosec.load(pkgPath, config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("loading pkg dir %q: %v", pkgPath, err)
|
||||
gosec.AppendError(pkgPath, err)
|
||||
}
|
||||
for _, pkg := range pkgs {
|
||||
if pkg.Name != "" {
|
||||
|
|
@ -124,10 +124,14 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
|
|||
}
|
||||
|
||||
func (gosec *Analyzer) pkgConfig(buildTags []string) *packages.Config {
|
||||
tagsFlag := "-tags=" + strings.Join(buildTags, " ")
|
||||
flags := []string{}
|
||||
if len(buildTags) > 0 {
|
||||
tagsFlag := "-tags=" + strings.Join(buildTags, " ")
|
||||
flags = append(flags, tagsFlag)
|
||||
}
|
||||
return &packages.Config{
|
||||
Mode: packages.LoadSyntax,
|
||||
BuildFlags: []string{tagsFlag},
|
||||
BuildFlags: flags,
|
||||
Tests: gosec.tests,
|
||||
}
|
||||
}
|
||||
|
|
@ -142,7 +146,7 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
|
|||
gosec.logger.Println("Import directory:", abspath)
|
||||
basePackage, err := build.Default.ImportDir(pkgPath, build.ImportComment)
|
||||
if err != nil {
|
||||
return []*packages.Package{}, err
|
||||
return []*packages.Package{}, fmt.Errorf("importing dir %q: %v", pkgPath, err)
|
||||
}
|
||||
|
||||
var packageFiles []string
|
||||
|
|
@ -161,7 +165,7 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
|
|||
|
||||
pkgs, err := packages.Load(conf, packageFiles...)
|
||||
if err != nil {
|
||||
return []*packages.Package{}, err
|
||||
return []*packages.Package{}, fmt.Errorf("loading files from package %q: %v", pkgPath, err)
|
||||
}
|
||||
return pkgs, nil
|
||||
}
|
||||
|
|
@ -218,6 +222,22 @@ func (gosec *Analyzer) ParseErrors(pkg *packages.Package) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// AppendError appends an error to the file errors
|
||||
func (gosec *Analyzer) AppendError(file string, err error) {
|
||||
// Do not report the error for empty packages (e.g. files excluded from build with a tag
|
||||
r := regexp.MustCompile(`no buildable Go source files in`)
|
||||
if r.MatchString(err.Error()) {
|
||||
return
|
||||
}
|
||||
errors := []Error{}
|
||||
if ferrs, ok := gosec.errors[file]; ok {
|
||||
errors = ferrs
|
||||
}
|
||||
ferr := NewError(0, 0, err.Error())
|
||||
errors = append(errors, *ferr)
|
||||
gosec.errors[file] = errors
|
||||
}
|
||||
|
||||
// ignore a node (and sub-tree) if it is tagged with a "#nosec" comment
|
||||
func (gosec *Analyzer) ignore(n ast.Node) ([]string, bool) {
|
||||
if groups, ok := gosec.context.Comments[n]; ok && !gosec.ignoreNosec {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package gosec_test
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
|
|
@ -30,17 +31,18 @@ var _ = Describe("Analyzer", func() {
|
|||
|
||||
Context("when processing a package", func() {
|
||||
|
||||
It("should return an error if the package contains no Go files", func() {
|
||||
It("should not report an error if the package contains no Go files", func() {
|
||||
analyzer.LoadRules(rules.Generate().Builders())
|
||||
dir, err := ioutil.TempDir("", "empty")
|
||||
defer os.RemoveAll(dir)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
err = analyzer.Process(buildTags, dir)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
Expect(err.Error()).Should(MatchRegexp("no buildable Go source files"))
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
_, _, errors := analyzer.Report()
|
||||
Expect(len(errors)).To(Equal(0))
|
||||
})
|
||||
|
||||
It("should return an error if the package fails to build", func() {
|
||||
It("should report an error if the package fails to build", func() {
|
||||
analyzer.LoadRules(rules.Generate().Builders())
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
|
|
@ -48,9 +50,12 @@ var _ = Describe("Analyzer", func() {
|
|||
err := pkg.Build()
|
||||
Expect(err).Should(HaveOccurred())
|
||||
err = analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
Expect(err.Error()).Should(MatchRegexp(`expected 'package'`))
|
||||
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
_, _, errors := analyzer.Report()
|
||||
Expect(len(errors)).To(Equal(1))
|
||||
for _, ferr := range errors {
|
||||
Expect(len(ferr)).To(Equal(1))
|
||||
}
|
||||
})
|
||||
|
||||
It("should be able to analyze multiple Go files", func() {
|
||||
|
|
@ -216,9 +221,9 @@ var _ = Describe("Analyzer", func() {
|
|||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
pkg.AddFile("tags.go", source)
|
||||
buildTags = append(buildTags, "test")
|
||||
err := analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
tags := []string{"tag"}
|
||||
err := analyzer.Process(tags, pkg.Path)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should process an empty package with test file", func() {
|
||||
|
|
@ -236,14 +241,6 @@ var _ = Describe("Analyzer", func() {
|
|||
Expect(err).ShouldNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should report an error when the package is empty", func() {
|
||||
analyzer.LoadRules(rules.Generate().Builders())
|
||||
pkg := testutils.NewTestPackage()
|
||||
defer pkg.Close()
|
||||
err := analyzer.Process(buildTags, pkg.Path)
|
||||
Expect(err).Should(HaveOccurred())
|
||||
})
|
||||
|
||||
It("should be possible to overwrite nosec comments, and report issues", func() {
|
||||
// Rule for MD5 weak crypto usage
|
||||
sample := testutils.SampleCodeG401[0]
|
||||
|
|
@ -416,4 +413,31 @@ var _ = Describe("Analyzer", func() {
|
|||
}
|
||||
})
|
||||
})
|
||||
|
||||
Context("when appending errors", func() {
|
||||
It("should skip error for non-buildable packages", func() {
|
||||
analyzer.AppendError("test", errors.New(`loading file from package "pkg/test": no buildable Go source files in pkg/test`))
|
||||
_, _, errors := analyzer.Report()
|
||||
Expect(len(errors)).To(Equal(0))
|
||||
})
|
||||
|
||||
It("should add a new error", func() {
|
||||
pkg := &packages.Package{
|
||||
Errors: []packages.Error{
|
||||
packages.Error{
|
||||
Pos: "file:1:2",
|
||||
Msg: "build error",
|
||||
},
|
||||
},
|
||||
}
|
||||
err := analyzer.ParseErrors(pkg)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
analyzer.AppendError("file", errors.New("file build error"))
|
||||
_, _, errors := analyzer.Report()
|
||||
Expect(len(errors)).To(Equal(1))
|
||||
for _, ferr := range errors {
|
||||
Expect(len(ferr)).To(Equal(2))
|
||||
}
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -1135,7 +1135,7 @@ func main() {
|
|||
}`}, 1}}
|
||||
// SampleCode601 - Go build tags
|
||||
SampleCode601 = []CodeSample{{[]string{`
|
||||
// +build test
|
||||
// +build tag
|
||||
|
||||
package main
|
||||
func main() {
|
||||
|
|
|
|||
Loading…
Reference in a new issue