Add a flag to specify the severity for which the scanning will be failed

This commit is contained in:
Cosmin Cojocar 2018-07-30 09:43:41 +02:00
parent c0db486820
commit 4702cc5da7

View file

@ -91,8 +91,12 @@ var (
// go build tags
flagBuildTags = flag.String("tags", "", "Comma separated list of build tags")
// scan the vendor folder
flagScanVendor = flag.Bool("vendor", false, "Scan the vendor folder")
// fail by severity
flagSeverity = flag.String("severity", "low", "Fail the build for issues with the given or higher severity. Valid options are: low, medium, high")
logger *log.Logger
)
@ -224,6 +228,20 @@ func resolvePackage(pkg string, searchPaths []string) string {
return pkg
}
func convertToScore(severity string) (gosec.Score, error) {
severity = strings.ToLower(severity)
switch severity {
case "low":
return gosec.Low, nil
case "medium":
return gosec.Medium, nil
case "high":
return gosec.High, nil
default:
return gosec.Low, fmt.Errorf("provided severity '%s' not valid. Valid options: low, medium, high", severity)
}
}
func main() {
// Setup usage description
@ -256,6 +274,11 @@ func main() {
logger = log.New(logWriter, "[gosec] ", log.LstdFlags)
}
failSeverity, err := convertToScore(*flagSeverity)
if err != nil {
logger.Fatal(err)
}
// Load config
config, err := loadConfig(*flagConfig)
if err != nil {
@ -299,17 +322,24 @@ func main() {
// Collect the results
issues, metrics := analyzer.Report()
issuesFound := len(issues) > 0
// Exit quietly if nothing was found
if !issuesFound && *flagQuiet {
os.Exit(0)
}
// Sort the issue by severity
if *flagSortIssues {
sortIssues(issues)
}
issuesFound := false
for _, issue := range issues {
if issue.Severity >= failSeverity {
issuesFound = true
break
}
}
// Exit quietly if nothing was found
if !issuesFound && *flagQuiet {
os.Exit(0)
}
// Create output report
if err := saveOutput(*flagOutput, *flagFormat, issues, metrics); err != nil {
logger.Fatal(err)