mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Remove space between //
and #nosec
in examples and internal use
Comments intended for machines to read do not have the space by convention.
This commit is contained in:
parent
35af340d07
commit
d23ab2d997
8 changed files with 34 additions and 34 deletions
|
@ -277,7 +277,7 @@ AST so can apply to a whole block or more granularly to a single expression.
|
||||||
|
|
||||||
```go
|
```go
|
||||||
|
|
||||||
import "md5" // #nosec
|
import "md5" //#nosec
|
||||||
|
|
||||||
|
|
||||||
func main(){
|
func main(){
|
||||||
|
@ -293,11 +293,11 @@ func main(){
|
||||||
|
|
||||||
When a specific false positive has been identified and verified as safe, you may wish to suppress only that single rule (or a specific set of rules)
|
When a specific false positive has been identified and verified as safe, you may wish to suppress only that single rule (or a specific set of rules)
|
||||||
within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within
|
within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within
|
||||||
the `#nosec` annotation, e.g: `/* #nosec G401 */` or `// #nosec G201 G202 G203`
|
the `#nosec` annotation, e.g: `/* #nosec G401 */` or `//#nosec G201 G202 G203`
|
||||||
|
|
||||||
You could put the description or justification text for the annotation. The
|
You could put the description or justification text for the annotation. The
|
||||||
justification should be after the rule(s) to suppress and start with two or
|
justification should be after the rule(s) to suppress and start with two or
|
||||||
more dashes, e.g: `// #nosec G101 G102 -- This is a false positive`
|
more dashes, e.g: `//#nosec G101 G102 -- This is a false positive`
|
||||||
|
|
||||||
In some cases you may also want to revisit places where `#nosec` annotations
|
In some cases you may also want to revisit places where `#nosec` annotations
|
||||||
have been used. To run the scanner and ignore any `#nosec` annotations you
|
have been used. To run the scanner and ignore any `#nosec` annotations you
|
||||||
|
|
|
@ -146,7 +146,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -181,7 +181,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G401", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec G401", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -198,7 +198,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G301", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec G301", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -215,7 +215,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G301 G401", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec G301 G401", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -267,7 +267,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -291,7 +291,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -339,7 +339,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -613,7 +613,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G401 -- Justification", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec G401 -- Justification", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -633,7 +633,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec", 1)
|
nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() //#nosec", 1)
|
||||||
nosecPackage.AddFile("md5.go", nosecSource)
|
nosecPackage.AddFile("md5.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
@ -691,7 +691,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
|
|
||||||
nosecPackage := testutils.NewTestPackage()
|
nosecPackage := testutils.NewTestPackage()
|
||||||
defer nosecPackage.Close()
|
defer nosecPackage.Close()
|
||||||
nosecSource := strings.Replace(source, "}", "} // #nosec G101 -- Justification", 1)
|
nosecSource := strings.Replace(source, "}", "} //#nosec G101 -- Justification", 1)
|
||||||
nosecPackage.AddFile("pwd.go", nosecSource)
|
nosecPackage.AddFile("pwd.go", nosecSource)
|
||||||
err := nosecPackage.Build()
|
err := nosecPackage.Build()
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
|
|
@ -70,7 +70,7 @@ func (a *arrayFlags) Set(value string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// #nosec flag
|
//#nosec flag
|
||||||
flagIgnoreNoSec = flag.Bool("nosec", false, "Ignores #nosec comments when set")
|
flagIgnoreNoSec = flag.Bool("nosec", false, "Ignores #nosec comments when set")
|
||||||
|
|
||||||
// show ignored
|
// show ignored
|
||||||
|
@ -79,7 +79,7 @@ var (
|
||||||
// format output
|
// format output
|
||||||
flagFormat = flag.String("fmt", "text", "Set output format. Valid options are: json, yaml, csv, junit-xml, html, sonarqube, golint, sarif or text")
|
flagFormat = flag.String("fmt", "text", "Set output format. Valid options are: json, yaml, csv, junit-xml, html, sonarqube, golint, sarif or text")
|
||||||
|
|
||||||
// #nosec alternative tag
|
//#nosec alternative tag
|
||||||
flagAlternativeNoSec = flag.String("nosec-tag", "", "Set an alternative string for #nosec. Some examples: #dontanalyze, #falsepositive")
|
flagAlternativeNoSec = flag.String("nosec-tag", "", "Set an alternative string for #nosec. Some examples: #dontanalyze, #falsepositive")
|
||||||
|
|
||||||
// output file
|
// output file
|
||||||
|
@ -141,7 +141,7 @@ var (
|
||||||
logger *log.Logger
|
logger *log.Logger
|
||||||
)
|
)
|
||||||
|
|
||||||
// #nosec
|
//#nosec
|
||||||
func usage() {
|
func usage() {
|
||||||
usageText := fmt.Sprintf(usageText, Version, GitTag, BuildDate)
|
usageText := fmt.Sprintf(usageText, Version, GitTag, BuildDate)
|
||||||
fmt.Fprintln(os.Stderr, usageText)
|
fmt.Fprintln(os.Stderr, usageText)
|
||||||
|
@ -166,12 +166,12 @@ func usage() {
|
||||||
func loadConfig(configFile string) (gosec.Config, error) {
|
func loadConfig(configFile string) (gosec.Config, error) {
|
||||||
config := gosec.NewConfig()
|
config := gosec.NewConfig()
|
||||||
if configFile != "" {
|
if configFile != "" {
|
||||||
// #nosec
|
//#nosec
|
||||||
file, err := os.Open(configFile)
|
file, err := os.Open(configFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer file.Close() // #nosec G307
|
defer file.Close() //#nosec G307
|
||||||
if _, err := config.ReadFrom(file); err != nil {
|
if _, err := config.ReadFrom(file); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -242,7 +242,7 @@ func saveReport(filename, format string, rootPaths []string, reportInfo *gosec.R
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer outfile.Close() // #nosec G307
|
defer outfile.Close() //#nosec G307
|
||||||
err = report.CreateReport(outfile, format, false, rootPaths, reportInfo)
|
err = report.CreateReport(outfile, format, false, rootPaths, reportInfo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -309,7 +309,7 @@ func main() {
|
||||||
|
|
||||||
// Ensure at least one file was specified
|
// Ensure at least one file was specified
|
||||||
if flag.NArg() == 0 {
|
if flag.NArg() == 0 {
|
||||||
fmt.Fprintf(os.Stderr, "\nError: FILE [FILE...] or './...' expected\n") // #nosec
|
fmt.Fprintf(os.Stderr, "\nError: FILE [FILE...] or './...' expected\n") //#nosec
|
||||||
flag.Usage()
|
flag.Usage()
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
@ -417,7 +417,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Finalize logging
|
// Finalize logging
|
||||||
logWriter.Close() // #nosec
|
logWriter.Close() //#nosec
|
||||||
|
|
||||||
// Do we have an issue? If so exit 1 unless NoFail is set
|
// Do we have an issue? If so exit 1 unless NoFail is set
|
||||||
if (len(issues) > 0 || len(errors) > 0) && !*flagNoFail {
|
if (len(issues) > 0 || len(errors) > 0) && !*flagNoFail {
|
||||||
|
|
|
@ -76,12 +76,12 @@ func (u *utilities) run(args ...string) {
|
||||||
func shouldSkip(path string) bool {
|
func shouldSkip(path string) bool {
|
||||||
st, e := os.Stat(path)
|
st, e := os.Stat(path)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
// #nosec
|
//#nosec
|
||||||
fmt.Fprintf(os.Stderr, "Skipping: %s - %s\n", path, e)
|
fmt.Fprintf(os.Stderr, "Skipping: %s - %s\n", path, e)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
if st.IsDir() {
|
if st.IsDir() {
|
||||||
// #nosec
|
//#nosec
|
||||||
fmt.Fprintf(os.Stderr, "Skipping: %s - directory\n", path)
|
fmt.Fprintf(os.Stderr, "Skipping: %s - directory\n", path)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -99,12 +99,12 @@ func dumpAst(files ...string) {
|
||||||
fset := token.NewFileSet() // positions are relative to fset
|
fset := token.NewFileSet() // positions are relative to fset
|
||||||
f, err := parser.ParseFile(fset, arg, nil, 0)
|
f, err := parser.ParseFile(fset, arg, nil, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// #nosec
|
//#nosec
|
||||||
fmt.Fprintf(os.Stderr, "Unable to parse file %s\n", err)
|
fmt.Fprintf(os.Stderr, "Unable to parse file %s\n", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// #nosec -- Print the AST.
|
//#nosec -- Print the AST.
|
||||||
ast.Print(fset, f)
|
ast.Print(fset, f)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -122,7 +122,7 @@ func createContext(filename string) *context {
|
||||||
fileset := token.NewFileSet()
|
fileset := token.NewFileSet()
|
||||||
root, e := parser.ParseFile(fileset, filename, nil, parser.ParseComments)
|
root, e := parser.ParseFile(fileset, filename, nil, parser.ParseComments)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
// #nosec
|
//#nosec
|
||||||
fmt.Fprintf(os.Stderr, "Unable to parse file: %s. Reason: %s\n", filename, e)
|
fmt.Fprintf(os.Stderr, "Unable to parse file: %s. Reason: %s\n", filename, e)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -138,7 +138,7 @@ func createContext(filename string) *context {
|
||||||
config := types.Config{Importer: importer.Default()}
|
config := types.Config{Importer: importer.Default()}
|
||||||
pkg, e := config.Check("main.go", fileset, []*ast.File{root}, info)
|
pkg, e := config.Check("main.go", fileset, []*ast.File{root}, info)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
// #nosec
|
//#nosec
|
||||||
fmt.Fprintf(os.Stderr, "Type check failed for file: %s. Reason: %s\n", filename, e)
|
fmt.Fprintf(os.Stderr, "Type check failed for file: %s. Reason: %s\n", filename, e)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -163,7 +163,7 @@ func printObject(obj types.Object) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkContext(ctx *context, file string) bool {
|
func checkContext(ctx *context, file string) bool {
|
||||||
// #nosec
|
//#nosec
|
||||||
if ctx == nil {
|
if ctx == nil {
|
||||||
fmt.Fprintln(os.Stderr, "Failed to create context for file: ", file)
|
fmt.Fprintln(os.Stderr, "Failed to create context for file: ", file)
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -66,7 +66,7 @@ type goTLSConfiguration struct {
|
||||||
|
|
||||||
// getTLSConfFromURL retrieves the json containing the TLS configurations from the specified URL.
|
// getTLSConfFromURL retrieves the json containing the TLS configurations from the specified URL.
|
||||||
func getTLSConfFromURL(url string) (*ServerSideTLSJson, error) {
|
func getTLSConfFromURL(url string) (*ServerSideTLSJson, error) {
|
||||||
r, err := http.Get(url) // #nosec G107
|
r, err := http.Get(url) //#nosec G107
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -190,5 +190,5 @@ func main() {
|
||||||
outputPath := filepath.Join(dir, *outputFile)
|
outputPath := filepath.Join(dir, *outputFile)
|
||||||
if err := ioutil.WriteFile(outputPath, src, 0o644); err != nil {
|
if err := ioutil.WriteFile(outputPath, src, 0o644); err != nil {
|
||||||
log.Fatalf("Writing output: %s", err)
|
log.Fatalf("Writing output: %s", err)
|
||||||
} // #nosec G306
|
} //#nosec G306
|
||||||
}
|
}
|
||||||
|
|
2
issue.go
2
issue.go
|
@ -180,7 +180,7 @@ func NewIssue(ctx *Context, node ast.Node, ruleID, desc string, severity Score,
|
||||||
|
|
||||||
var code string
|
var code string
|
||||||
if file, err := os.Open(fobj.Name()); err == nil {
|
if file, err := os.Open(fobj.Name()); err == nil {
|
||||||
defer file.Close() // #nosec
|
defer file.Close() //#nosec
|
||||||
s := codeSnippetStartLine(node, fobj)
|
s := codeSnippetStartLine(node, fobj)
|
||||||
e := codeSnippetEndLine(node, fobj)
|
e := codeSnippetEndLine(node, fobj)
|
||||||
code, err = codeSnippet(file, s, e, node)
|
code, err = codeSnippet(file, s, e, node)
|
||||||
|
|
|
@ -55,7 +55,7 @@ func (p *TestPackage) write() error {
|
||||||
for filename, content := range p.Files {
|
for filename, content := range p.Files {
|
||||||
if e := ioutil.WriteFile(filename, []byte(content), 0o644); e != nil {
|
if e := ioutil.WriteFile(filename, []byte(content), 0o644); e != nil {
|
||||||
return e
|
return e
|
||||||
} // #nosec G306
|
} //#nosec G306
|
||||||
}
|
}
|
||||||
p.onDisk = true
|
p.onDisk = true
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -1999,7 +1999,7 @@ func unzip(archive, target string) error {
|
||||||
for _, file := range reader.File {
|
for _, file := range reader.File {
|
||||||
path := filepath.Join(target, file.Name)
|
path := filepath.Join(target, file.Name)
|
||||||
if file.FileInfo().IsDir() {
|
if file.FileInfo().IsDir() {
|
||||||
os.MkdirAll(path, file.Mode()) // #nosec
|
os.MkdirAll(path, file.Mode()) //#nosec
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2045,7 +2045,7 @@ func unzip(archive, target string) error {
|
||||||
archiveFile := file.Name
|
archiveFile := file.Name
|
||||||
path := filepath.Join(target, archiveFile)
|
path := filepath.Join(target, archiveFile)
|
||||||
if file.FileInfo().IsDir() {
|
if file.FileInfo().IsDir() {
|
||||||
os.MkdirAll(path, file.Mode()) // #nosec
|
os.MkdirAll(path, file.Mode()) //#nosec
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue