Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more lines in rule code section #268

Closed
oxdef opened this issue Dec 17, 2018 · 1 comment · Fixed by #497
Closed

Add more lines in rule code section #268

oxdef opened this issue Dec 17, 2018 · 1 comment · Fixed by #497

Comments

@oxdef
Copy link

oxdef commented Dec 17, 2018

Summary

For more readability it will be great to add more lines in the rule code section (like in Bandit)

Steps to reproduce the behavior

  1. Scan some code and get report

Expected behavior

{
		"severity": "HIGH",
		"confidence": "HIGH",
		"rule_id": "G402",
		"details": "TLS InsecureSkipVerify set true.",
		"file": "request.go",
		"code": "122 //some previous code\n 123 InsecureSkipVerify: true\n 124 //...",
		"line": "123"
}

Actual behavior

{
		"severity": "HIGH",
		"confidence": "HIGH",
		"rule_id": "G402",
		"details": "TLS InsecureSkipVerify set true.",
		"file": "request.go",
		"code": "InsecureSkipVerify: true",
		"line": "123"
}
@gcmurphy
Copy link
Member

gcmurphy commented Apr 4, 2019

We extract the code segment from the file by using the positional coordinates reported by the AST node here: https://github.com/securego/gosec/blob/master/issue.go#L107

It should be possible to add more context there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants