From 942f40acf5c2b6891d6b2bc4d0922fa2787858d2 Mon Sep 17 00:00:00 2001 From: Travis McPeak Date: Fri, 2 Dec 2016 15:45:59 -0600 Subject: [PATCH] Fix nosec to work as documented This commit fixes the nosec feature to check for '#nosec' instead of 'nosec'. This should help reduce false positives associated with comments that have 'nosec' in them somewhere. --- core/analyzer.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/analyzer.go b/core/analyzer.go index 8661732..83e3631 100644 --- a/core/analyzer.go +++ b/core/analyzer.go @@ -183,11 +183,11 @@ func (gas *Analyzer) ProcessSource(filename string, source string) error { return err } -// ignore a node (and sub-tree) if it is tagged with a "nosec" comment +// ignore a node (and sub-tree) if it is tagged with a "#nosec" comment func (gas *Analyzer) ignore(n ast.Node) bool { if groups, ok := gas.context.Comments[n]; ok && !gas.ignoreNosec { for _, group := range groups { - if strings.Contains(group.Text(), "nosec") { + if strings.Contains(group.Text(), "#nosec") { gas.Stats.NumNosec++ return true }