Fix the whitelist on G104 rule and add a test

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2019-06-25 11:15:11 +02:00
parent 78a49491a8
commit f3445245a2
2 changed files with 30 additions and 4 deletions

View file

@ -88,12 +88,15 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
whitelist.Add("io.PipeWriter", "CloseWithError")
if configured, ok := conf["G104"]; ok {
if whitelisted, ok := configured.(map[string][]string); ok {
for key, val := range whitelisted {
whitelist.AddAll(key, val...)
if whitelisted, ok := configured.(map[string]interface{}); ok {
for pkg, funcs := range whitelisted {
if funcs, ok := funcs.([]interface{}); ok {
whitelist.AddAll(pkg, toStringSlice(funcs)...)
}
}
}
}
return &noErrorCheck{
MetaData: gosec.MetaData{
ID: id,
@ -104,3 +107,13 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
whitelist: whitelist,
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)}
}
func toStringSlice(values []interface{}) []string {
result := []string{}
for _, value := range values {
if value, ok := value.(string); ok {
result = append(result, value)
}
}
return result
}

View file

@ -232,7 +232,20 @@ func main() {
}`, `
package main
func dummy(){}
`}, 0, gosec.NewConfig()}}
`}, 0, gosec.NewConfig()}, {[]string{`
package main
import (
"io/ioutil"
"os"
"fmt"
)
func a() {
fmt.Println("a")
ioutil.WriteFile("foo.txt", []byte("bar"), os.ModeExclusive)
}
func main() {
a()
}`}, 0, gosec.Config{"G104": map[string]interface{}{"io/ioutil": []interface{}{"WriteFile"}}}}}
// SampleCodeG104Audit finds errors that aren't being handled in audit mode
SampleCodeG104Audit = []CodeSample{