mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
Ignore the issues from generated files when using the analysis framework (#1079)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
43b7cbf661
commit
eb256a7d70
2 changed files with 69 additions and 2 deletions
23
analyzer.go
23
analyzer.go
|
@ -414,6 +414,9 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
||||||
SSA: ssaResult.(*buildssa.SSA),
|
SSA: ssaResult.(*buildssa.SSA),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generatedFiles := gosec.generatedFiles(pkg)
|
||||||
|
|
||||||
for _, analyzer := range gosec.analyzerList {
|
for _, analyzer := range gosec.analyzerList {
|
||||||
pass := &analysis.Pass{
|
pass := &analysis.Pass{
|
||||||
Analyzer: analyzer,
|
Analyzer: analyzer,
|
||||||
|
@ -441,6 +444,11 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
||||||
if result != nil {
|
if result != nil {
|
||||||
if passIssues, ok := result.([]*issue.Issue); ok {
|
if passIssues, ok := result.([]*issue.Issue); ok {
|
||||||
for _, iss := range passIssues {
|
for _, iss := range passIssues {
|
||||||
|
if gosec.excludeGenerated {
|
||||||
|
if _, ok := generatedFiles[iss.File]; ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
gosec.updateIssues(iss)
|
gosec.updateIssues(iss)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -448,6 +456,21 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
|
||||||
|
generatedFiles := map[string]bool{}
|
||||||
|
for _, file := range pkg.Syntax {
|
||||||
|
if isGeneratedFile(file) {
|
||||||
|
fp := pkg.Fset.File(file.Pos())
|
||||||
|
if fp == nil {
|
||||||
|
// skip files which cannot be located
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
generatedFiles[fp.Name()] = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return generatedFiles
|
||||||
|
}
|
||||||
|
|
||||||
// buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
|
// buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
|
||||||
func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
|
func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
|
||||||
defer func() {
|
defer func() {
|
||||||
|
|
|
@ -471,7 +471,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
issues, _, _ := customAnalyzer.Report()
|
issues, _, _ := customAnalyzer.Report()
|
||||||
Expect(issues).Should(HaveLen(1))
|
Expect(issues).Should(HaveLen(1))
|
||||||
})
|
})
|
||||||
It("should be able to scan generated files if NOT excluded", func() {
|
It("should be able to scan generated files if NOT excluded when using the rules", func() {
|
||||||
customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
|
customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
|
||||||
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
||||||
pkg := testutils.NewTestPackage()
|
pkg := testutils.NewTestPackage()
|
||||||
|
@ -492,7 +492,7 @@ var _ = Describe("Analyzer", func() {
|
||||||
issues, _, _ := customAnalyzer.Report()
|
issues, _, _ := customAnalyzer.Report()
|
||||||
Expect(issues).Should(HaveLen(1))
|
Expect(issues).Should(HaveLen(1))
|
||||||
})
|
})
|
||||||
It("should be able to skip generated files if excluded", func() {
|
It("should be able to skip generated files if excluded when using the rules", func() {
|
||||||
customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
|
customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
|
||||||
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
||||||
pkg := testutils.NewTestPackage()
|
pkg := testutils.NewTestPackage()
|
||||||
|
@ -513,6 +513,50 @@ var _ = Describe("Analyzer", func() {
|
||||||
issues, _, _ := customAnalyzer.Report()
|
issues, _, _ := customAnalyzer.Report()
|
||||||
Expect(issues).Should(BeEmpty())
|
Expect(issues).Should(BeEmpty())
|
||||||
})
|
})
|
||||||
|
It("should be able to scan generated files if NOT excluded when using the analyzes", func() {
|
||||||
|
customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
|
||||||
|
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
||||||
|
pkg := testutils.NewTestPackage()
|
||||||
|
defer pkg.Close()
|
||||||
|
pkg.AddFile("foo.go", `
|
||||||
|
package main
|
||||||
|
// Code generated some-generator DO NOT EDIT.
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
values := []string{}
|
||||||
|
fmt.Println(values[0])
|
||||||
|
}`)
|
||||||
|
err := pkg.Build()
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
err = customAnalyzer.Process(buildTags, pkg.Path)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
issues, _, _ := customAnalyzer.Report()
|
||||||
|
Expect(issues).Should(HaveLen(1))
|
||||||
|
})
|
||||||
|
It("should be able to skip generated files if excluded when using the analyzes", func() {
|
||||||
|
customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
|
||||||
|
customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
|
||||||
|
pkg := testutils.NewTestPackage()
|
||||||
|
defer pkg.Close()
|
||||||
|
pkg.AddFile("foo.go", `
|
||||||
|
package main
|
||||||
|
// Code generated some-generator DO NOT EDIT.
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
values := []string{}
|
||||||
|
fmt.Println(values[0])
|
||||||
|
}`)
|
||||||
|
err := pkg.Build()
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
err = customAnalyzer.Process(buildTags, pkg.Path)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
issues, _, _ := customAnalyzer.Report()
|
||||||
|
Expect(issues).Should(BeEmpty())
|
||||||
|
})
|
||||||
})
|
})
|
||||||
It("should be able to analyze Cgo files", func() {
|
It("should be able to analyze Cgo files", func() {
|
||||||
analyzer.LoadRules(rules.Generate(false).RulesInfo())
|
analyzer.LoadRules(rules.Generate(false).RulesInfo())
|
||||||
|
|
Loading…
Reference in a new issue