Merge pull request #225 from jvmatl/jvmatl-patch-1

Document #nosec use with a list of rules
This commit is contained in:
Cosmin Cojocar 2018-08-03 10:02:42 +02:00 committed by GitHub
commit 90a1c1d625
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -77,7 +77,7 @@ that are not considered build artifacts by the compiler (so test files).
As with all automated detection tools there will be cases of false positives. In cases where gosec reports a failure that has been manually verified as being safe it is possible to annotate the code with a '#nosec' comment.
The annotation causes gosec to stop processing any further nodes within the
The annotation causes gosec to stop processing any further nodes within the
AST so can apply to a whole block or more granularly to a single expression.
```go
@ -96,6 +96,8 @@ func main(){
```
When a specific false positive has been identified and verified as safe, you may wish to suppress only that single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the `#nosec` annotation, e.g: `/* #nosec G401 */` or `// #nosec G201 G202 G203 `
In some cases you may also want to revisit places where #nosec annotations
have been used. To run the scanner and ignore any #nosec annotations you
can do the following: