mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Fix the whitelist on G104 rule and add a test
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
78a49491a8
commit
f3445245a2
2 changed files with 30 additions and 4 deletions
|
@ -88,12 +88,15 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
whitelist.Add("io.PipeWriter", "CloseWithError")
|
||||
|
||||
if configured, ok := conf["G104"]; ok {
|
||||
if whitelisted, ok := configured.(map[string][]string); ok {
|
||||
for key, val := range whitelisted {
|
||||
whitelist.AddAll(key, val...)
|
||||
if whitelisted, ok := configured.(map[string]interface{}); ok {
|
||||
for pkg, funcs := range whitelisted {
|
||||
if funcs, ok := funcs.([]interface{}); ok {
|
||||
whitelist.AddAll(pkg, toStringSlice(funcs)...)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return &noErrorCheck{
|
||||
MetaData: gosec.MetaData{
|
||||
ID: id,
|
||||
|
@ -104,3 +107,13 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
whitelist: whitelist,
|
||||
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)}
|
||||
}
|
||||
|
||||
func toStringSlice(values []interface{}) []string {
|
||||
result := []string{}
|
||||
for _, value := range values {
|
||||
if value, ok := value.(string); ok {
|
||||
result = append(result, value)
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
|
|
@ -232,7 +232,20 @@ func main() {
|
|||
}`, `
|
||||
package main
|
||||
func dummy(){}
|
||||
`}, 0, gosec.NewConfig()}}
|
||||
`}, 0, gosec.NewConfig()}, {[]string{`
|
||||
package main
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"fmt"
|
||||
)
|
||||
func a() {
|
||||
fmt.Println("a")
|
||||
ioutil.WriteFile("foo.txt", []byte("bar"), os.ModeExclusive)
|
||||
}
|
||||
func main() {
|
||||
a()
|
||||
}`}, 0, gosec.Config{"G104": map[string]interface{}{"io/ioutil": []interface{}{"WriteFile"}}}}}
|
||||
|
||||
// SampleCodeG104Audit finds errors that aren't being handled in audit mode
|
||||
SampleCodeG104Audit = []CodeSample{
|
||||
|
|
Loading…
Reference in a new issue