actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-12-26 04:25:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ignore the issues from generated files when using the analysis framework (#1079)

Browse source 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
Cosmin Cojocar 2023-11-30 17:42:44 +01:00 committed by GitHub
parent 43b7cbf661
commit eb256a7d70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
analyzer.go
View file

@ -414,6 +414,9 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
SSA: ssaResult.(*buildssa.SSA), SSA: ssaResult.(*buildssa.SSA),
}, },
} }
generatedFiles := gosec.generatedFiles(pkg)
for _, analyzer := range gosec.analyzerList { for _, analyzer := range gosec.analyzerList {
pass := &analysis.Pass{ pass := &analysis.Pass{
Analyzer: analyzer, Analyzer: analyzer,
@ -441,6 +444,11 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
if result != nil { if result != nil {
if passIssues, ok := result.([]*issue.Issue); ok { if passIssues, ok := result.([]*issue.Issue); ok {
for _, iss := range passIssues { for _, iss := range passIssues {
if gosec.excludeGenerated {
if _, ok := generatedFiles[iss.File]; ok {
continue
}
}
gosec.updateIssues(iss) gosec.updateIssues(iss)
} }
} }
@ -448,6 +456,21 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
} }
} }
func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
generatedFiles := map[string]bool{}
for _, file := range pkg.Syntax {
if isGeneratedFile(file) {
fp := pkg.Fset.File(file.Pos())
if fp == nil {
// skip files which cannot be located
continue
}
generatedFiles[fp.Name()] = true
}
}
return generatedFiles
}
// buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic. // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) { func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
defer func() { defer func() {

48
analyzer_test.go
View file

@ -471,7 +471,7 @@ var _ = Describe("Analyzer", func() {
issues, _, _ := customAnalyzer.Report() issues, _, _ := customAnalyzer.Report()
Expect(issues).Should(HaveLen(1)) Expect(issues).Should(HaveLen(1))
}) })
It("should be able to scan generated files if NOT excluded", func() { It("should be able to scan generated files if NOT excluded when using the rules", func() {
customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger) customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo()) customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
pkg := testutils.NewTestPackage() pkg := testutils.NewTestPackage()
@ -492,7 +492,7 @@ var _ = Describe("Analyzer", func() {
issues, _, _ := customAnalyzer.Report() issues, _, _ := customAnalyzer.Report()
Expect(issues).Should(HaveLen(1)) Expect(issues).Should(HaveLen(1))
}) })
It("should be able to skip generated files if excluded", func() { It("should be able to skip generated files if excluded when using the rules", func() {
customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger) customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo()) customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
pkg := testutils.NewTestPackage() pkg := testutils.NewTestPackage()
@ -513,6 +513,50 @@ var _ = Describe("Analyzer", func() {
issues, _, _ := customAnalyzer.Report() issues, _, _ := customAnalyzer.Report()
Expect(issues).Should(BeEmpty()) Expect(issues).Should(BeEmpty())
}) })
It("should be able to scan generated files if NOT excluded when using the analyzes", func() {
customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", `
package main
// Code generated some-generator DO NOT EDIT.
import (
"fmt"
)
func main() {
values := []string{}
fmt.Println(values[0])
}`)
err := pkg.Build()
Expect(err).ShouldNot(HaveOccurred())
err = customAnalyzer.Process(buildTags, pkg.Path)
Expect(err).ShouldNot(HaveOccurred())
issues, _, _ := customAnalyzer.Report()
Expect(issues).Should(HaveLen(1))
})
It("should be able to skip generated files if excluded when using the analyzes", func() {
customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
pkg := testutils.NewTestPackage()
defer pkg.Close()
pkg.AddFile("foo.go", `
package main
// Code generated some-generator DO NOT EDIT.
import (
"fmt"
)
func main() {
values := []string{}
fmt.Println(values[0])
}`)
err := pkg.Build()
Expect(err).ShouldNot(HaveOccurred())
err = customAnalyzer.Process(buildTags, pkg.Path)
Expect(err).ShouldNot(HaveOccurred())
issues, _, _ := customAnalyzer.Report()
Expect(issues).Should(BeEmpty())
})
}) })
It("should be able to analyze Cgo files", func() { It("should be able to analyze Cgo files", func() {
analyzer.LoadRules(rules.Generate(false).RulesInfo()) analyzer.LoadRules(rules.Generate(false).RulesInfo())