Fix nosec to work as documented

This commit fixes the nosec feature to check for '#nosec' instead
of 'nosec'.  This should help reduce false positives associated
with comments that have 'nosec' in them somewhere.
This commit is contained in:
Travis McPeak 2016-12-02 15:45:59 -06:00
parent 39113216a8
commit 942f40acf5

View file

@ -183,11 +183,11 @@ func (gas *Analyzer) ProcessSource(filename string, source string) error {
return err return err
} }
// ignore a node (and sub-tree) if it is tagged with a "nosec" comment // ignore a node (and sub-tree) if it is tagged with a "#nosec" comment
func (gas *Analyzer) ignore(n ast.Node) bool { func (gas *Analyzer) ignore(n ast.Node) bool {
if groups, ok := gas.context.Comments[n]; ok && !gas.ignoreNosec { if groups, ok := gas.context.Comments[n]; ok && !gas.ignoreNosec {
for _, group := range groups { for _, group := range groups {
if strings.Contains(group.Text(), "nosec") { if strings.Contains(group.Text(), "#nosec") {
gas.Stats.NumNosec++ gas.Stats.NumNosec++
return true return true
} }