actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix use rule IDs to retrieve the rule config

Browse source
This commit is contained in:
robot-5 2022-03-28 21:28:02 +03:00 committed by GitHub
parent 82eaa12696
commit afc9903ba9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rules/directory-traversal.go
View file

@ -43,7 +43,7 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*go
// NewDirectoryTraversal attempts to find the use of http.Dir("/")
func NewDirectoryTraversal(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
pattern := `http\.Dir\("\/"\)|http\.Dir\('\/'\)`
if val, ok := conf["G101"]; ok {
if val, ok := conf[id]; ok {
conf := val.(map[string]interface{})
if configPattern, ok := conf["pattern"]; ok {
if cfgPattern, ok := configPattern.(string); ok {

2
rules/errors.go
View file

@ -89,7 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
whitelist.Add("hash.Hash", "Write")
whitelist.Add("os", "Unsetenv")
if configured, ok := conf["G104"]; ok {
if configured, ok := conf[id]; ok {
if whitelisted, ok := configured.(map[string]interface{}); ok {
for pkg, funcs := range whitelisted {
if funcs, ok := funcs.([]interface{}); ok {

6
rules/fileperms.go
View file

@ -64,7 +64,7 @@ func (r *filePermissions) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, err
// NewWritePerms creates a rule to detect file Writes with bad permissions.
func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G306", 0o600)
mode := getConfiguredMode(conf, id, 0o600)
return &filePermissions{
mode: mode,
pkgs: []string{"io/ioutil", "os"},
@ -81,7 +81,7 @@ func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
// NewFilePerms creates a rule to detect file creation with a more permissive than configured
// permission mask.
func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G302", 0o600)
mode := getConfiguredMode(conf, id, 0o600)
return &filePermissions{
mode: mode,
pkgs: []string{"os"},
@ -98,7 +98,7 @@ func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
// NewMkdirPerms creates a rule to detect directory creation with more permissive than
// configured permission mask.
func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G301", 0o750)
mode := getConfiguredMode(conf, id, 0o750)
return &filePermissions{
mode: mode,
pkgs: []string{"os"},

2
rules/hardcoded_credentials.go
View file

@ -122,7 +122,7 @@ func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.No
perCharThreshold := 3.0
ignoreEntropy := false
truncateString := 16
if val, ok := conf["G101"]; ok {
if val, ok := conf[id]; ok {
conf := val.(map[string]interface{})
if configPattern, ok := conf["pattern"]; ok {
if cfgPattern, ok := configPattern.(string); ok {