From f3445245a2b55e066be171dfa566999f796b40bf Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Tue, 25 Jun 2019 11:15:11 +0200 Subject: [PATCH] Fix the whitelist on G104 rule and add a test Signed-off-by: Cosmin Cojocar --- rules/errors.go | 19 ++++++++++++++++--- testutils/source.go | 15 ++++++++++++++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/rules/errors.go b/rules/errors.go index c50f66a721..d2e98b530e 100644 --- a/rules/errors.go +++ b/rules/errors.go @@ -88,12 +88,15 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { whitelist.Add("io.PipeWriter", "CloseWithError") if configured, ok := conf["G104"]; ok { - if whitelisted, ok := configured.(map[string][]string); ok { - for key, val := range whitelisted { - whitelist.AddAll(key, val...) + if whitelisted, ok := configured.(map[string]interface{}); ok { + for pkg, funcs := range whitelisted { + if funcs, ok := funcs.([]interface{}); ok { + whitelist.AddAll(pkg, toStringSlice(funcs)...) + } } } } + return &noErrorCheck{ MetaData: gosec.MetaData{ ID: id, @@ -104,3 +107,13 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { whitelist: whitelist, }, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)} } + +func toStringSlice(values []interface{}) []string { + result := []string{} + for _, value := range values { + if value, ok := value.(string); ok { + result = append(result, value) + } + } + return result +} diff --git a/testutils/source.go b/testutils/source.go index 260a37d4f7..181e383021 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -232,7 +232,20 @@ func main() { }`, ` package main func dummy(){} -`}, 0, gosec.NewConfig()}} +`}, 0, gosec.NewConfig()}, {[]string{` +package main +import ( + "io/ioutil" + "os" + "fmt" +) +func a() { + fmt.Println("a") + ioutil.WriteFile("foo.txt", []byte("bar"), os.ModeExclusive) +} +func main() { + a() +}`}, 0, gosec.Config{"G104": map[string]interface{}{"io/ioutil": []interface{}{"WriteFile"}}}}} // SampleCodeG104Audit finds errors that aren't being handled in audit mode SampleCodeG104Audit = []CodeSample{