rules/sdk: exclude "testutil" and other packages from map ranging checks

This change excludes: * "gogoreflection" * "simapp" * "simulation" * "testutil" from map ranging checks given that such code is used for testing and no need to flag natural code to iterate over tests. Fixes #50
cosmos · Sep 24, 2022 · cffc933 · cffc933
1 parent 8d0d8e0
commit cffc933
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/rules/sdk/iterate_over_maps.go b/rules/sdk/iterate_over_maps.go
@@ -37,7 +37,24 @@ func (mr *mapRanging) ID() string {
 	return mr.MetaData.ID
 }
 
+// There are some packages that inherently need map ranging such as "testutil"
+// so return true if we detect such.
+func pkgExcusedFromMapRangingChecks(ctx *gosec.Context) bool {
+	switch pkg := ctx.Pkg.Name(); pkg {
+	case "gogoreflection", "simapp", "simulation", "testutil":
+		return true
+	default:
+		return false
+	}
+}
+
 func (mr *mapRanging) Match(node ast.Node, ctx *gosec.Context) (*gosec.Issue, error) {
+	if pkgExcusedFromMapRangingChecks(ctx) {
+		// Do nothing for such packages like "testutil".
+		// Please see https://github.com/cosmos/gosec/issues/50
+		return nil, nil
+	}
+
 	rangeStmt, ok := node.(*ast.RangeStmt)
 	if !ok {
 		return nil, nil