Fix use rule IDs to retrieve the rule config

This commit is contained in:
robot-5 2022-03-28 21:28:02 +03:00 committed by GitHub
parent 82eaa12696
commit afc9903ba9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 6 deletions

View file

@ -43,7 +43,7 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*go
// NewDirectoryTraversal attempts to find the use of http.Dir("/") // NewDirectoryTraversal attempts to find the use of http.Dir("/")
func NewDirectoryTraversal(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { func NewDirectoryTraversal(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
pattern := `http\.Dir\("\/"\)|http\.Dir\('\/'\)` pattern := `http\.Dir\("\/"\)|http\.Dir\('\/'\)`
if val, ok := conf["G101"]; ok { if val, ok := conf[id]; ok {
conf := val.(map[string]interface{}) conf := val.(map[string]interface{})
if configPattern, ok := conf["pattern"]; ok { if configPattern, ok := conf["pattern"]; ok {
if cfgPattern, ok := configPattern.(string); ok { if cfgPattern, ok := configPattern.(string); ok {

View file

@ -89,7 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
whitelist.Add("hash.Hash", "Write") whitelist.Add("hash.Hash", "Write")
whitelist.Add("os", "Unsetenv") whitelist.Add("os", "Unsetenv")
if configured, ok := conf["G104"]; ok { if configured, ok := conf[id]; ok {
if whitelisted, ok := configured.(map[string]interface{}); ok { if whitelisted, ok := configured.(map[string]interface{}); ok {
for pkg, funcs := range whitelisted { for pkg, funcs := range whitelisted {
if funcs, ok := funcs.([]interface{}); ok { if funcs, ok := funcs.([]interface{}); ok {

View file

@ -64,7 +64,7 @@ func (r *filePermissions) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, err
// NewWritePerms creates a rule to detect file Writes with bad permissions. // NewWritePerms creates a rule to detect file Writes with bad permissions.
func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G306", 0o600) mode := getConfiguredMode(conf, id, 0o600)
return &filePermissions{ return &filePermissions{
mode: mode, mode: mode,
pkgs: []string{"io/ioutil", "os"}, pkgs: []string{"io/ioutil", "os"},
@ -81,7 +81,7 @@ func NewWritePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
// NewFilePerms creates a rule to detect file creation with a more permissive than configured // NewFilePerms creates a rule to detect file creation with a more permissive than configured
// permission mask. // permission mask.
func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G302", 0o600) mode := getConfiguredMode(conf, id, 0o600)
return &filePermissions{ return &filePermissions{
mode: mode, mode: mode,
pkgs: []string{"os"}, pkgs: []string{"os"},
@ -98,7 +98,7 @@ func NewFilePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
// NewMkdirPerms creates a rule to detect directory creation with more permissive than // NewMkdirPerms creates a rule to detect directory creation with more permissive than
// configured permission mask. // configured permission mask.
func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
mode := getConfiguredMode(conf, "G301", 0o750) mode := getConfiguredMode(conf, id, 0o750)
return &filePermissions{ return &filePermissions{
mode: mode, mode: mode,
pkgs: []string{"os"}, pkgs: []string{"os"},

View file

@ -122,7 +122,7 @@ func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.No
perCharThreshold := 3.0 perCharThreshold := 3.0
ignoreEntropy := false ignoreEntropy := false
truncateString := 16 truncateString := 16
if val, ok := conf["G101"]; ok { if val, ok := conf[id]; ok {
conf := val.(map[string]interface{}) conf := val.(map[string]interface{})
if configPattern, ok := conf["pattern"]; ok { if configPattern, ok := conf["pattern"]; ok {
if cfgPattern, ok := configPattern.(string); ok { if cfgPattern, ok := configPattern.(string); ok {