mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Fix use rule IDs to retrieve the rule config
This commit is contained in:
parent
82eaa12696
commit
afc9903ba9
4 changed files with 6 additions and 6 deletions
|
@ -43,7 +43,7 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*go
|
|||
// NewDirectoryTraversal attempts to find the use of http.Dir("/")
|
||||
func NewDirectoryTraversal(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
pattern := `http\.Dir\("\/"\)|http\.Dir\('\/'\)`
|
||||
if val, ok := conf["G101"]; ok {
|
||||
if val, ok := conf[id]; ok {
|
||||
conf := val.(map[string]interface{})
|
||||
if configPattern, ok := conf["pattern"]; ok {
|
||||
if cfgPattern, ok := configPattern.(string); ok {
|
||||
|
|
|
@ -89,7 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
whitelist.Add("hash.Hash", "Write")
|
||||
whitelist.Add("os", "Unsetenv")
|
||||
|
||||
if configured, ok := conf["G104"]; ok {
|
||||
if configured, ok := conf[id]; ok {
|
||||
if whitelisted, ok := configured.(map[string]interface{}); ok {
|
||||
for pkg, funcs := range whitelisted {
|
||||
if funcs, ok := funcs.([]interface{}); ok {
|
||||
|
|
|
@ -64,7 +64,7 @@ func (r *filePermissions) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, err
|
|||
|
||||
// NewWritePerms creates a rule to detect file Writes with bad permissions.
|
||||
func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
mode := getConfiguredMode(conf, "G306", 0o600)
|
||||
mode := getConfiguredMode(conf, id, 0o600)
|
||||
return &filePermissions{
|
||||
mode: mode,
|
||||
pkgs: []string{"io/ioutil", "os"},
|
||||
|
@ -81,7 +81,7 @@ func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
// NewFilePerms creates a rule to detect file creation with a more permissive than configured
|
||||
// permission mask.
|
||||
func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
mode := getConfiguredMode(conf, "G302", 0o600)
|
||||
mode := getConfiguredMode(conf, id, 0o600)
|
||||
return &filePermissions{
|
||||
mode: mode,
|
||||
pkgs: []string{"os"},
|
||||
|
@ -98,7 +98,7 @@ func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
// NewMkdirPerms creates a rule to detect directory creation with more permissive than
|
||||
// configured permission mask.
|
||||
func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
mode := getConfiguredMode(conf, "G301", 0o750)
|
||||
mode := getConfiguredMode(conf, id, 0o750)
|
||||
return &filePermissions{
|
||||
mode: mode,
|
||||
pkgs: []string{"os"},
|
||||
|
|
|
@ -122,7 +122,7 @@ func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.No
|
|||
perCharThreshold := 3.0
|
||||
ignoreEntropy := false
|
||||
truncateString := 16
|
||||
if val, ok := conf["G101"]; ok {
|
||||
if val, ok := conf[id]; ok {
|
||||
conf := val.(map[string]interface{})
|
||||
if configPattern, ok := conf["pattern"]; ok {
|
||||
if cfgPattern, ok := configPattern.(string); ok {
|
||||
|
|
Loading…
Reference in a new issue