diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go index 6175ce7..f64013a 100644 --- a/cmd/gosec/main.go +++ b/cmd/gosec/main.go @@ -23,6 +23,8 @@ import ( "sort" "strings" + "github.com/securego/gosec/v2/cmd/vflag" + "github.com/securego/gosec/v2" "github.com/securego/gosec/v2/report" "github.com/securego/gosec/v2/rules" @@ -94,14 +96,13 @@ var ( flagRulesInclude = flag.String("include", "", "Comma separated list of rules IDs to include. (see rule list)") // rules to explicitly exclude - flagRulesExclude = flag.String("exclude", "", "Comma separated list of rules IDs to exclude. (see rule list)") + flagRulesExclude = vflag.ValidatedFlag{} // rules to explicitly exclude flagExcludeGenerated = flag.Bool("exclude-generated", false, "Exclude generated files") // log to file or stderr flagLogfile = flag.String("log", "", "Log messages to file rather than stderr") - // sort the issues by severity flagSortIssues = flag.Bool("sort", true, "Sort issues by severity") @@ -293,6 +294,9 @@ func main() { fmt.Fprintf(os.Stderr, "\nError: failed to exclude the %q directory from scan", ".git") } + // set for exclude + flag.Var(&flagRulesExclude, "exclude", "Comma separated list of rules IDs to exclude. (see rule list)") + // Parse command line arguments flag.Parse() @@ -342,7 +346,7 @@ func main() { } // Load enabled rule definitions - ruleDefinitions := loadRules(*flagRulesInclude, *flagRulesExclude) + ruleDefinitions := loadRules(*flagRulesInclude, flagRulesExclude.String()) if len(ruleDefinitions) == 0 { logger.Fatal("No rules are configured") } diff --git a/cmd/vflag/flag.go b/cmd/vflag/flag.go new file mode 100644 index 0000000..6830234 --- /dev/null +++ b/cmd/vflag/flag.go @@ -0,0 +1,25 @@ +package vflag + +import ( + "errors" + "strings" +) + +// ValidatedFlag cli string type +type ValidatedFlag struct { + Value string +} + +func (f *ValidatedFlag) String() string { + return f.Value +} + +// Set will be called for flag that is of validateFlag type +func (f *ValidatedFlag) Set(value string) error { + if strings.Contains(value, "-") { + return errors.New("flag value cannot start with -") + } + + f.Value = value + return nil +} diff --git a/flag_test.go b/flag_test.go new file mode 100644 index 0000000..c0d95b0 --- /dev/null +++ b/flag_test.go @@ -0,0 +1,42 @@ +package gosec_test + +import ( + "flag" + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/securego/gosec/v2/cmd/vflag" +) + +var _ = Describe("Cli", func() { + Context("vflag test", func() { + It("value must be empty as parameter value contains invalid character", func() { + os.Args = []string{"gosec", "-test1=-incorrect"} + f := vflag.ValidatedFlag{} + flag.Var(&f, "test1", "") + flag.CommandLine.Init("test1", flag.ContinueOnError) + flag.Parse() + Expect(flag.Parsed()).Should(Equal(true)) + Expect(f.Value).Should(Equal(``)) + }) + It("value must be empty as parameter value contains invalid character without equal sign", func() { + os.Args = []string{"gosec", "-test2= -incorrect"} + f := vflag.ValidatedFlag{} + flag.Var(&f, "test2", "") + flag.CommandLine.Init("test2", flag.ContinueOnError) + flag.Parse() + Expect(flag.Parsed()).Should(Equal(true)) + Expect(f.Value).Should(Equal(``)) + }) + It("value must not be empty as parameter value contains valid character", func() { + os.Args = []string{"gosec", "-test3=correct"} + f := vflag.ValidatedFlag{} + flag.Var(&f, "test3", "") + flag.CommandLine.Init("test3", flag.ContinueOnError) + flag.Parse() + Expect(flag.Parsed()).Should(Equal(true)) + Expect(f.Value).Should(Equal(`correct`)) + }) + }) +})