Merge pull request #330 from ccojocar/fix-whitelist-G104

Fix the whitelist on G104 rule and add some documentation which describe how to configure the whitelist

README.md

@@ -121,6 +121,16 @@ A number of global settings can be provided in a configuration file as follows:
 # Run with a global configuration file
 $ gosec -conf config.json .
 ```
+Also some rules accept configuration. For instance on rule `G104`, it is possible to define packages along with a list 
+of functions which will be skipped when auditing the not checked errors:
+
+```JSON
+{
+    "G104": {
+        "io/ioutil": ["WriteFile"]
+    }
+}
+```
 
 ### Excluding files
 

analyzer.go

@@ -92,6 +92,16 @@ func NewAnalyzer(conf Config, tests bool, logger *log.Logger) *Analyzer {
 	}
 }
 
+// SetConfig upates the analyzer configuration
+func (gosec *Analyzer) SetConfig(conf Config) {
+	gosec.config = conf
+}
+
+// Config returns the current configuration
+func (gosec *Analyzer) Config() Config {
+	return gosec.config
+}
+
 // LoadRules instantiates all the rules to be used when analyzing source
 // packages
 func (gosec *Analyzer) LoadRules(ruleDefinitions map[string]RuleBuilder) {
@@ -329,4 +339,5 @@ func (gosec *Analyzer) Reset() {
 	gosec.context = &Context{}
 	gosec.issues = make([]*Issue, 0, 16)
 	gosec.stats = &Metrics{}
+	gosec.ruleset = NewRuleSet()
 }

analyzer_test.go

@@ -416,6 +416,22 @@ var _ = Describe("Analyzer", func() {
 				Expect(ferr[1].Err).Should(MatchRegexp(`error2`))
 			}
 		})
+
+		It("should set the config", func() {
+			config := gosec.NewConfig()
+			config["test"] = "test"
+			analyzer.SetConfig(config)
+			found := analyzer.Config()
+			Expect(config).To(Equal(found))
+		})
+
+		It("should reset the analyzer", func() {
+			analyzer.Reset()
+			issues, metrics, errors := analyzer.Report()
+			Expect(issues).To(BeEmpty())
+			Expect(*metrics).To(Equal(gosec.Metrics{}))
+			Expect(errors).To(BeEmpty())
+		})
 	})
 
 	Context("when appending errors", func() {

rules/errors.go

@@ -88,12 +88,15 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	whitelist.Add("io.PipeWriter", "CloseWithError")
 
 	if configured, ok := conf["G104"]; ok {
-		if whitelisted, ok := configured.(map[string][]string); ok {
-			for key, val := range whitelisted {
-				whitelist.AddAll(key, val...)
+		if whitelisted, ok := configured.(map[string]interface{}); ok {
+			for pkg, funcs := range whitelisted {
+				if funcs, ok := funcs.([]interface{}); ok {
+					whitelist.AddAll(pkg, toStringSlice(funcs)...)
+				}
 			}
 		}
 	}
+
 	return &noErrorCheck{
 		MetaData: gosec.MetaData{
 			ID:         id,
@@ -104,3 +107,13 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 		whitelist: whitelist,
 	}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)}
 }
+
+func toStringSlice(values []interface{}) []string {
+	result := []string{}
+	for _, value := range values {
+		if value, ok := value.(string); ok {
+			result = append(result, value)
+		}
+	}
+	return result
+}

rules/rules_test.go

@@ -12,18 +12,13 @@ import (
 	"github.com/securego/gosec/testutils"
 )
 
-type option struct {
-	name  gosec.GlobalOption
-	value string
-}
-
 var _ = Describe("gosec rules", func() {
 
 	var (
 		logger    *log.Logger
 		config    gosec.Config
 		analyzer  *gosec.Analyzer
-		runner    func(string, []testutils.CodeSample, ...option)
+		runner    func(string, []testutils.CodeSample)
 		buildTags []string
 		tests     bool
 	)
@@ -32,13 +27,11 @@ var _ = Describe("gosec rules", func() {
 		logger, _ = testutils.NewLogger()
 		config = gosec.NewConfig()
 		analyzer = gosec.NewAnalyzer(config, tests, logger)
-		runner = func(rule string, samples []testutils.CodeSample, options ...option) {
-			for _, o := range options {
-				config.SetGlobal(o.name, o.value)
-			}
-			analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, rule)).Builders())
+		runner = func(rule string, samples []testutils.CodeSample) {
 			for n, sample := range samples {
 				analyzer.Reset()
+				analyzer.SetConfig(sample.Config)
+				analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, rule)).Builders())
 				pkg := testutils.NewTestPackage()
 				defer pkg.Close()
 				for i, code := range sample.Code {
@@ -75,7 +68,7 @@ var _ = Describe("gosec rules", func() {
 		})
 
 		It("should detect errors not being checked in audit mode", func() {
-			runner("G104", testutils.SampleCodeG104Audit, option{name: gosec.Audit, value: "enabled"})
+			runner("G104", testutils.SampleCodeG104Audit)
 		})
 
 		It("should detect of big.Exp function", func() {