Skip to content

Check for both default and alternative nosec tags #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 6, 2020
Merged

Check for both default and alternative nosec tags #426

merged 4 commits into from
Jan 6, 2020

Conversation

rafaveira3
Copy link
Contributor

@rafaveira3 rafaveira3 commented Dec 27, 2019
edited
Loading

Closes #425

This PR aims to add an OR statement when checking a specific line of code for both default and alternative flag. If any of them is found, the line should be considered as a false positive.

Changes

  • analyze.go: Added an OR logic to check for both tags and updated the function description.
  • analyze_test.go: Updated one function description and adjusted another test as the default tag should also be considered when the alternative is set.
  • Makefile: Added a few aliases to avoid errors when working outside the GOPATH

@ccojocar
Copy link
Member

ccojocar commented Jan 2, 2020
edited
Loading

@rafaveira3 Thanks for this contribution! It seems that one test is failing:

Analyzer when processing a package 
  should not ignore vulnerabilities
  /home/travis/gopath/src/github.com/securego/gosec/analyzer_test.go:292
• Failure [0.238 seconds]
Analyzer
/home/travis/gopath/src/github.com/securego/gosec/analyzer_test.go:19
  when processing a package
  /home/travis/gopath/src/github.com/securego/gosec/analyzer_test.go:32
    should not ignore vulnerabilities [It]
    /home/travis/gopath/src/github.com/securego/gosec/analyzer_test.go:292
    Expected
        <[]*gosec.Issue | len:0, cap:16>: []
    to have length 1
    /home/travis/gopath/src/github.com/securego/gosec/analyzer_test.go:312

ccojocar
ccojocar approved these changes Jan 2, 2020
View reviewed changes
Copy link
Member

@ccojocar ccojocar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good! Please could you fix the test? Thanks!

@codecov-io
Copy link

codecov-io commented Jan 4, 2020
edited
Loading

Codecov Report

Merging #426 into master will increase coverage by 0.14%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #426      +/-   ##
==========================================
+ Coverage   71.38%   71.52%   +0.14%     
==========================================
  Files           9        9              
  Lines         601      604       +3     
==========================================
+ Hits          429      432       +3     
  Misses        154      154              
  Partials       18       18
Impacted Files Coverage Δ
analyzer.go 92.48% <100%> (+0.13%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 79fbf3a...21d827a. Read the comment docs.

@rafaveira3
Copy link
Contributor Author

Sure, @ccojocar! Sorry about that. I have adjusted the failing test to now pass as the default #nosec tag is being used at b00176a.

I have also proposed at 694b37d changes in the Makefile to add a few aliases to avoid errors when working outside the GOPATH.

@ccojocar ccojocar merged commit f43a957 into securego:master Jan 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccojocar ccojocar ccojocar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check for both tags when handling false positives
3 participants
@rafaveira3 @ccojocar @codecov-io