Fix the whitelist on G104 rule and add a test

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

rules/errors.go

@@ -88,12 +88,15 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	whitelist.Add("io.PipeWriter", "CloseWithError")
 
 	if configured, ok := conf["G104"]; ok {
-		if whitelisted, ok := configured.(map[string][]string); ok {
+		if whitelisted, ok := configured.(map[string]interface{}); ok {
-			for key, val := range whitelisted {
+			for pkg, funcs := range whitelisted {
-				whitelist.AddAll(key, val...)
+				if funcs, ok := funcs.([]interface{}); ok {
+					whitelist.AddAll(pkg, toStringSlice(funcs)...)
+				}
 			}
 		}
 	}
+
 	return &noErrorCheck{
 		MetaData: gosec.MetaData{
 			ID:         id,
@@ -104,3 +107,13 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 		whitelist: whitelist,
 	}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)}
 }
+
+func toStringSlice(values []interface{}) []string {
+	result := []string{}
+	for _, value := range values {
+		if value, ok := value.(string); ok {
+			result = append(result, value)
+		}
+	}
+	return result
+}

testutils/source.go

@@ -232,7 +232,20 @@ func main() {
 }`, `
 package main
 func dummy(){}
-`}, 0, gosec.NewConfig()}}
+`}, 0, gosec.NewConfig()}, {[]string{`
+package main
+import (
+	"io/ioutil"
+	"os"
+	"fmt"
+)
+func a() {
+	fmt.Println("a")
+	ioutil.WriteFile("foo.txt", []byte("bar"), os.ModeExclusive)
+}
+func main() {
+	a()
+}`}, 0, gosec.Config{"G104": map[string]interface{}{"io/ioutil": []interface{}{"WriteFile"}}}}}
 
 	// SampleCodeG104Audit finds errors that aren't being handled in audit mode
 	SampleCodeG104Audit = []CodeSample{