From 4702cc5da78291394471893ac331557852693aa4 Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Mon, 30 Jul 2018 09:43:41 +0200 Subject: [PATCH] Add a flag to specify the severity for which the scanning will be failed --- cmd/gosec/main.go | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go index df96840..f62f968 100644 --- a/cmd/gosec/main.go +++ b/cmd/gosec/main.go @@ -91,8 +91,12 @@ var ( // go build tags flagBuildTags = flag.String("tags", "", "Comma separated list of build tags") + // scan the vendor folder flagScanVendor = flag.Bool("vendor", false, "Scan the vendor folder") + // fail by severity + flagSeverity = flag.String("severity", "low", "Fail the build for issues with the given or higher severity. Valid options are: low, medium, high") + logger *log.Logger ) @@ -224,6 +228,20 @@ func resolvePackage(pkg string, searchPaths []string) string { return pkg } +func convertToScore(severity string) (gosec.Score, error) { + severity = strings.ToLower(severity) + switch severity { + case "low": + return gosec.Low, nil + case "medium": + return gosec.Medium, nil + case "high": + return gosec.High, nil + default: + return gosec.Low, fmt.Errorf("provided severity '%s' not valid. Valid options: low, medium, high", severity) + } +} + func main() { // Setup usage description @@ -256,6 +274,11 @@ func main() { logger = log.New(logWriter, "[gosec] ", log.LstdFlags) } + failSeverity, err := convertToScore(*flagSeverity) + if err != nil { + logger.Fatal(err) + } + // Load config config, err := loadConfig(*flagConfig) if err != nil { @@ -299,17 +322,24 @@ func main() { // Collect the results issues, metrics := analyzer.Report() - issuesFound := len(issues) > 0 - // Exit quietly if nothing was found - if !issuesFound && *flagQuiet { - os.Exit(0) - } - // Sort the issue by severity if *flagSortIssues { sortIssues(issues) } + issuesFound := false + for _, issue := range issues { + if issue.Severity >= failSeverity { + issuesFound = true + break + } + } + + // Exit quietly if nothing was found + if !issuesFound && *flagQuiet { + os.Exit(0) + } + // Create output report if err := saveOutput(*flagOutput, *flagFormat, issues, metrics); err != nil { logger.Fatal(err)