From afc9903ba923317e0f200ba528cf18d23b0b6bf1 Mon Sep 17 00:00:00 2001 From: robot-5 <45511560+robot-5@users.noreply.github.com> Date: Mon, 28 Mar 2022 21:28:02 +0300 Subject: [PATCH] Fix use rule IDs to retrieve the rule config --- rules/directory-traversal.go | 2 +- rules/errors.go | 2 +- rules/fileperms.go | 6 +++--- rules/hardcoded_credentials.go | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rules/directory-traversal.go b/rules/directory-traversal.go index 04237fa..c373427 100644 --- a/rules/directory-traversal.go +++ b/rules/directory-traversal.go @@ -43,7 +43,7 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*go // NewDirectoryTraversal attempts to find the use of http.Dir("/") func NewDirectoryTraversal(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { pattern := `http\.Dir\("\/"\)|http\.Dir\('\/'\)` - if val, ok := conf["G101"]; ok { + if val, ok := conf[id]; ok { conf := val.(map[string]interface{}) if configPattern, ok := conf["pattern"]; ok { if cfgPattern, ok := configPattern.(string); ok { diff --git a/rules/errors.go b/rules/errors.go index f3360ec..0838382 100644 --- a/rules/errors.go +++ b/rules/errors.go @@ -89,7 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { whitelist.Add("hash.Hash", "Write") whitelist.Add("os", "Unsetenv") - if configured, ok := conf["G104"]; ok { + if configured, ok := conf[id]; ok { if whitelisted, ok := configured.(map[string]interface{}); ok { for pkg, funcs := range whitelisted { if funcs, ok := funcs.([]interface{}); ok { diff --git a/rules/fileperms.go b/rules/fileperms.go index 93265dd..a379a8c 100644 --- a/rules/fileperms.go +++ b/rules/fileperms.go @@ -64,7 +64,7 @@ func (r *filePermissions) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, err // NewWritePerms creates a rule to detect file Writes with bad permissions. func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { - mode := getConfiguredMode(conf, "G306", 0o600) + mode := getConfiguredMode(conf, id, 0o600) return &filePermissions{ mode: mode, pkgs: []string{"io/ioutil", "os"}, @@ -81,7 +81,7 @@ func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { // NewFilePerms creates a rule to detect file creation with a more permissive than configured // permission mask. func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { - mode := getConfiguredMode(conf, "G302", 0o600) + mode := getConfiguredMode(conf, id, 0o600) return &filePermissions{ mode: mode, pkgs: []string{"os"}, @@ -98,7 +98,7 @@ func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { // NewMkdirPerms creates a rule to detect directory creation with more permissive than // configured permission mask. func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { - mode := getConfiguredMode(conf, "G301", 0o750) + mode := getConfiguredMode(conf, id, 0o750) return &filePermissions{ mode: mode, pkgs: []string{"os"}, diff --git a/rules/hardcoded_credentials.go b/rules/hardcoded_credentials.go index 791bb5d..cf2e663 100644 --- a/rules/hardcoded_credentials.go +++ b/rules/hardcoded_credentials.go @@ -122,7 +122,7 @@ func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.No perCharThreshold := 3.0 ignoreEntropy := false truncateString := 16 - if val, ok := conf["G101"]; ok { + if val, ok := conf[id]; ok { conf := val.(map[string]interface{}) if configPattern, ok := conf["pattern"]; ok { if cfgPattern, ok := configPattern.(string); ok {