mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Add a flag which allows to scan also the tests files
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
f1d49a6945
commit
b49c9532a8
4 changed files with 22 additions and 8 deletions
15
analyzer.go
15
analyzer.go
|
@ -66,10 +66,11 @@ type Analyzer struct {
|
|||
issues []*Issue
|
||||
stats *Metrics
|
||||
errors map[string][]Error // keys are file paths; values are the golang errors in those files
|
||||
tests bool
|
||||
}
|
||||
|
||||
// NewAnalyzer builds a new analyzer.
|
||||
func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
|
||||
func NewAnalyzer(conf Config, tests bool, logger *log.Logger) *Analyzer {
|
||||
ignoreNoSec := false
|
||||
if enabled, err := conf.IsGlobalEnabled(Nosec); err == nil {
|
||||
ignoreNoSec = enabled
|
||||
|
@ -86,6 +87,7 @@ func NewAnalyzer(conf Config, logger *log.Logger) *Analyzer {
|
|||
issues: make([]*Issue, 0, 16),
|
||||
stats: &Metrics{},
|
||||
errors: make(map[string][]Error),
|
||||
tests: tests,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -123,7 +125,7 @@ func (gosec *Analyzer) pkgConfig(buildTags []string) *packages.Config {
|
|||
return &packages.Config{
|
||||
Mode: packages.LoadSyntax,
|
||||
BuildFlags: []string{tagsFlag},
|
||||
Tests: true,
|
||||
Tests: gosec.tests,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -145,6 +147,15 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
|
|||
packageFiles = append(packageFiles, path.Join(pkgPath, filename))
|
||||
}
|
||||
|
||||
if gosec.tests {
|
||||
testsFiles := []string{}
|
||||
testsFiles = append(testsFiles, basePackage.TestGoFiles...)
|
||||
testsFiles = append(testsFiles, basePackage.XTestGoFiles...)
|
||||
for _, filename := range testsFiles {
|
||||
packageFiles = append(packageFiles, path.Join(pkgPath, filename))
|
||||
}
|
||||
}
|
||||
|
||||
pkgs, err := packages.Load(conf, packageFiles...)
|
||||
if err != nil {
|
||||
return []*packages.Package{}, err
|
||||
|
|
|
@ -20,10 +20,11 @@ var _ = Describe("Analyzer", func() {
|
|||
analyzer *gosec.Analyzer
|
||||
logger *log.Logger
|
||||
buildTags []string
|
||||
tests bool
|
||||
)
|
||||
BeforeEach(func() {
|
||||
logger, _ = testutils.NewLogger()
|
||||
analyzer = gosec.NewAnalyzer(nil, logger)
|
||||
analyzer = gosec.NewAnalyzer(nil, tests, logger)
|
||||
})
|
||||
|
||||
Context("when processing a package", func() {
|
||||
|
@ -226,7 +227,7 @@ var _ = Describe("Analyzer", func() {
|
|||
// overwrite nosec option
|
||||
nosecIgnoreConfig := gosec.NewConfig()
|
||||
nosecIgnoreConfig.SetGlobal(gosec.Nosec, "true")
|
||||
customAnalyzer := gosec.NewAnalyzer(nosecIgnoreConfig, logger)
|
||||
customAnalyzer := gosec.NewAnalyzer(nosecIgnoreConfig, tests, logger)
|
||||
customAnalyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, "G401")).Builders())
|
||||
|
||||
nosecPackage := testutils.NewTestPackage()
|
||||
|
|
|
@ -98,12 +98,14 @@ var (
|
|||
// do not fail
|
||||
flagNoFail = flag.Bool("no-fail", false, "Do not fail the scanning, even if issues were found")
|
||||
|
||||
// scan tests files
|
||||
flagScanTests = flag.Bool("tests", false, "Scan tests files")
|
||||
|
||||
logger *log.Logger
|
||||
)
|
||||
|
||||
// #nosec
|
||||
func usage() {
|
||||
|
||||
usageText := fmt.Sprintf(usageText, Version, GitTag, BuildDate)
|
||||
fmt.Fprintln(os.Stderr, usageText)
|
||||
fmt.Fprint(os.Stderr, "OPTIONS:\n\n")
|
||||
|
@ -198,7 +200,6 @@ func convertToScore(severity string) (gosec.Score, error) {
|
|||
}
|
||||
|
||||
func main() {
|
||||
|
||||
// Setup usage description
|
||||
flag.Usage = usage
|
||||
|
||||
|
@ -247,7 +248,7 @@ func main() {
|
|||
}
|
||||
|
||||
// Create the analyzer
|
||||
analyzer := gosec.NewAnalyzer(config, logger)
|
||||
analyzer := gosec.NewAnalyzer(config, *flagScanTests, logger)
|
||||
analyzer.LoadRules(ruleDefinitions.Builders())
|
||||
|
||||
var vendor *regexp.Regexp
|
||||
|
|
|
@ -25,12 +25,13 @@ var _ = Describe("gosec rules", func() {
|
|||
analyzer *gosec.Analyzer
|
||||
runner func(string, []testutils.CodeSample, ...option)
|
||||
buildTags []string
|
||||
tests bool
|
||||
)
|
||||
|
||||
BeforeEach(func() {
|
||||
logger, _ = testutils.NewLogger()
|
||||
config = gosec.NewConfig()
|
||||
analyzer = gosec.NewAnalyzer(config, logger)
|
||||
analyzer = gosec.NewAnalyzer(config, tests, logger)
|
||||
runner = func(rule string, samples []testutils.CodeSample, options ...option) {
|
||||
for _, o := range options {
|
||||
config.SetGlobal(o.name, o.value)
|
||||
|
|
Loading…
Reference in a new issue