From 0588031ceb02bb56ff86d0c6e30eb41ce0fb2885 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Tue, 20 Aug 2024 22:01:24 +0200 Subject: [PATCH] build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe (#4927) --- .golangci.next.reference.yml | 16 ++++++++++-- .golangci.yml | 15 +++++++++++ go.mod | 8 +++--- go.sum | 32 ++++++++++++------------ jsonschema/golangci.next.jsonschema.json | 8 +++++- pkg/goanalysis/runners.go | 4 +-- pkg/golinters/gosec/gosec.go | 30 +++++++++++++++++++--- 7 files changed, 84 insertions(+), 29 deletions(-) diff --git a/.golangci.next.reference.yml b/.golangci.next.reference.yml index b662012a8ae7..1d82ca94076f 100644 --- a/.golangci.next.reference.yml +++ b/.golangci.next.reference.yml @@ -853,6 +853,7 @@ linters-settings: - G112 # Potential slowloris attack - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772) - G114 # Use of net/http serve function that has no support for setting timeouts + - G115 # Potential integer overflow when converting between integer types - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates @@ -864,16 +865,21 @@ linters-settings: - G305 # File traversal when extracting zip/tar archive - G306 # Poor file permissions used when writing to a new file - G307 # Poor file permissions used when creating a file with os.Create - - G401 # Detect the usage of DES, RC4, MD5 or SHA1 + - G401 # Detect the usage of MD5 or SHA1 - G402 # Look for bad TLS connection settings - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) + - G405 # Detect the usage of DES or RC4 + - G406 # Detect the usage of MD4 or RIPEMD160 - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 - G504 # Import blocklist: net/http/cgi - G505 # Import blocklist: crypto/sha1 + - G506 # Import blocklist: golang.org/x/crypto/md4 + - G507 #Import blocklist: golang.org/x/crypto/ripemd160 - G601 # Implicit memory aliasing of items from a range statement + - G602 # Slice access out of bounds # To specify a set of rules to explicitly exclude. # Available rules: https://github.com/securego/gosec#available-rules @@ -892,6 +898,7 @@ linters-settings: - G112 # Potential slowloris attack - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772) - G114 # Use of net/http serve function that has no support for setting timeouts + - G115 # Potential integer overflow when converting between integer types - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates @@ -903,16 +910,21 @@ linters-settings: - G305 # File traversal when extracting zip/tar archive - G306 # Poor file permissions used when writing to a new file - G307 # Poor file permissions used when creating a file with os.Create - - G401 # Detect the usage of DES, RC4, MD5 or SHA1 + - G401 # Detect the usage of MD5 or SHA1 - G402 # Look for bad TLS connection settings - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) + - G405 # Detect the usage of DES or RC4 + - G406 # Detect the usage of MD4 or RIPEMD160 - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 - G504 # Import blocklist: net/http/cgi - G505 # Import blocklist: crypto/sha1 + - G506 # Import blocklist: golang.org/x/crypto/md4 + - G507 #Import blocklist: golang.org/x/crypto/ripemd160 - G601 # Implicit memory aliasing of items from a range statement + - G602 # Slice access out of bounds # Exclude generated files # Default: false diff --git a/.golangci.yml b/.golangci.yml index 381d97c8d32a..7b12bf801e99 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -204,6 +204,21 @@ issues: linters: [gocritic] text: "rangeValCopy: each iteration copies 160 bytes \\(consider pointers or indexing\\)" + # Related to file sizes. + - path: pkg/goanalysis/runner_loadingpackage.go + linters: [gosec] + text: "G115: integer overflow conversion uintptr -> int" + + # Related to PID. + - path: test/bench/bench_test.go + linters: [gosec] + text: "G115: integer overflow conversion int -> int32" + + # Related to the result of computation but divided multiple times by 1024. + - path: test/bench/bench_test.go + linters: [gosec] + text: "G115: integer overflow conversion uint64 -> int" + exclude-dirs: - test/testdata_etc # test files - internal/cache # extracted from Go code diff --git a/go.mod b/go.mod index 8dcf92de1168..3c1792f14488 100644 --- a/go.mod +++ b/go.mod @@ -92,7 +92,7 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/sashamelentyev/interfacebloat v1.1.0 github.com/sashamelentyev/usestdlibvars v1.27.0 - github.com/securego/gosec/v2 v2.20.1-0.20240525090044-5f0084eb01a9 + github.com/securego/gosec/v2 v2.20.1-0.20240820084340-81cda2f91fbe github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c github.com/shirou/gopsutil/v3 v3.24.5 github.com/sirupsen/logrus v1.9.3 @@ -125,7 +125,7 @@ require ( go-simpler.org/musttag v0.12.2 go-simpler.org/sloglint v0.7.2 go.uber.org/automaxprocs v1.5.3 - golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/tools v0.24.0 gopkg.in/yaml.v3 v3.0.1 honnef.co/go/tools v0.5.1 @@ -193,8 +193,8 @@ require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.23.0 // indirect - golang.org/x/text v0.15.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + golang.org/x/text v0.17.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index d048a66002ab..23813621e113 100644 --- a/go.sum +++ b/go.sum @@ -160,8 +160,8 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= @@ -266,8 +266,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -399,10 +399,10 @@ github.com/nunnatsa/ginkgolinter v0.16.2 h1:8iLqHIZvN4fTLDC0Ke9tbSZVcyVHoBs0HIbn github.com/nunnatsa/ginkgolinter v0.16.2/go.mod h1:4tWRinDN1FeJgU+iJANW/kz7xKN5nYRAOfJDQUS9dOQ= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= -github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= +github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= @@ -474,8 +474,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= github.com/sashamelentyev/usestdlibvars v1.27.0 h1:t/3jZpSXtRPRf2xr0m63i32ZrusyurIGT9E5wAvXQnI= github.com/sashamelentyev/usestdlibvars v1.27.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= -github.com/securego/gosec/v2 v2.20.1-0.20240525090044-5f0084eb01a9 h1:rnO6Zp1YMQwv8AyxzuwsVohljJgp4L0ZqiCgtACsPsc= -github.com/securego/gosec/v2 v2.20.1-0.20240525090044-5f0084eb01a9/go.mod h1:dg7lPlu/xK/Ut9SedURCoZbVCR4yC7fM65DtH9/CDHs= +github.com/securego/gosec/v2 v2.20.1-0.20240820084340-81cda2f91fbe h1:exdneYmXwZ4+VaIWv9mQ47uIHkTQSN50DYdCjXJ1cdQ= +github.com/securego/gosec/v2 v2.20.1-0.20240820084340-81cda2f91fbe/go.mod h1:iyeMMRw8QEmueUSZ2VqmkQMiDyDcobfPnG00CV/NWdE= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI= @@ -623,8 +623,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM= -golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8= @@ -795,8 +795,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -941,8 +941,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/jsonschema/golangci.next.jsonschema.json b/jsonschema/golangci.next.jsonschema.json index 69f7e28da245..c1140fc4cc31 100644 --- a/jsonschema/golangci.next.jsonschema.json +++ b/jsonschema/golangci.next.jsonschema.json @@ -137,6 +137,7 @@ "G112", "G113", "G114", + "G115", "G201", "G202", "G203", @@ -152,12 +153,17 @@ "G402", "G403", "G404", + "G405", + "G406", "G501", "G502", "G503", "G504", "G505", - "G601" + "G506", + "G507", + "G601", + "G602" ] }, "govet-analyzers": { diff --git a/pkg/goanalysis/runners.go b/pkg/goanalysis/runners.go index 58777ed0e41e..79e52f52a3e0 100644 --- a/pkg/goanalysis/runners.go +++ b/pkg/goanalysis/runners.go @@ -134,7 +134,7 @@ func saveIssuesToCache(allPkgs []*packages.Package, pkgsFromCache map[*packages. perPkgIssues[i.Pkg] = append(perPkgIssues[i.Pkg], *i) } - savedIssuesCount := int32(0) + var savedIssuesCount int64 = 0 lintResKey := getIssuesCacheKey(analyzers) workerCount := runtime.GOMAXPROCS(-1) @@ -162,7 +162,7 @@ func saveIssuesToCache(allPkgs []*packages.Package, pkgsFromCache map[*packages. }) } - atomic.AddInt32(&savedIssuesCount, int32(len(encodedIssues))) + atomic.AddInt64(&savedIssuesCount, int64(len(encodedIssues))) if err := lintCtx.PkgCache.Put(pkg, pkgcache.HashModeNeedAllDeps, lintResKey, encodedIssues); err != nil { lintCtx.Log.Infof("Failed to save package %s issues (%d) to cache: %s", pkg, len(pkgIssues), err) } else { diff --git a/pkg/golinters/gosec/gosec.go b/pkg/golinters/gosec/gosec.go index 0a484a94b2c6..3e362d729375 100644 --- a/pkg/golinters/gosec/gosec.go +++ b/pkg/golinters/gosec/gosec.go @@ -10,6 +10,7 @@ import ( "sync" "github.com/securego/gosec/v2" + "github.com/securego/gosec/v2/analyzers" "github.com/securego/gosec/v2/issue" "github.com/securego/gosec/v2/rules" "golang.org/x/tools/go/analysis" @@ -27,16 +28,20 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter { var mu sync.Mutex var resIssues []goanalysis.Issue - var filters []rules.RuleFilter conf := gosec.NewConfig() + + var ruleFilters []rules.RuleFilter + var analyzerFilters []analyzers.AnalyzerFilter if settings != nil { - filters = gosecRuleFilters(settings.Includes, settings.Excludes) + ruleFilters = createRuleFilters(settings.Includes, settings.Excludes) + analyzerFilters = createAnalyzerFilters(settings.Includes, settings.Excludes) conf = toGosecConfig(settings) } logger := log.New(io.Discard, "", 0) - ruleDefinitions := rules.Generate(false, filters...) + ruleDefinitions := rules.Generate(false, ruleFilters...) + analyzerDefinitions := analyzers.Generate(false, analyzerFilters...) analyzer := &analysis.Analyzer{ Name: linterName, @@ -53,7 +58,9 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter { analyzer.Run = func(pass *analysis.Pass) (any, error) { // The `gosecAnalyzer` is here because of concurrency issue. gosecAnalyzer := gosec.NewAnalyzer(conf, true, settings.ExcludeGenerated, false, settings.Concurrency, logger) + gosecAnalyzer.LoadRules(ruleDefinitions.RulesInfo()) + gosecAnalyzer.LoadAnalyzers(analyzerDefinitions.AnalyzersInfo()) issues := runGoSec(lintCtx, pass, settings, gosecAnalyzer) @@ -176,8 +183,23 @@ func convertGosecGlobals(globalOptionFromConfig any, conf gosec.Config) { } } +// based on https://github.com/securego/gosec/blob/81cda2f91fbe1bf4735feb55febcae03e697a92b/cmd/gosec/main.go#L258-L275 +func createAnalyzerFilters(includes, excludes []string) []analyzers.AnalyzerFilter { + var filters []analyzers.AnalyzerFilter + + if len(includes) > 0 { + filters = append(filters, analyzers.NewAnalyzerFilter(false, includes...)) + } + + if len(excludes) > 0 { + filters = append(filters, analyzers.NewAnalyzerFilter(true, excludes...)) + } + + return filters +} + // based on https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/cmd/gosec/main.go#L170-L188 -func gosecRuleFilters(includes, excludes []string) []rules.RuleFilter { +func createRuleFilters(includes, excludes []string) []rules.RuleFilter { var filters []rules.RuleFilter if len(includes) > 0 {