Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gosec: add G602 analyzer #4906

Merged
merged 1 commit into from
Aug 14, 2024
Merged

gosec: add G602 analyzer #4906

merged 1 commit into from
Aug 14, 2024

Conversation

ldez
Copy link
Member

@ldez ldez commented Aug 14, 2024

Fixes #4904

G602 is not a rule but an analyzer inside gosec, this means that this "rule" cannot be excluded.

$ gosec -exclude=G602 ./...
[gosec] 2024/08/14 12:55:19 Including rules: default
[gosec] 2024/08/14 12:55:19 Excluding rules: G602
[gosec] 2024/08/14 12:55:19 Import directory: sandbox
[gosec] 2024/08/14 12:55:19 Checking package: sandbox
[gosec] 2024/08/14 12:55:19 Checking file: sandbox/main.go
Results:


[sandbox/main.go:7] - G602 (CWE-118): slice bounds out of range (Confidence: HIGH, Severity: LOW)
    6:  s := make([]byte, 0)
  > 7:  fmt.Println(s[:3])
    8: }

Autofix: 

Summary:
  Gosec  : dev
  Files  : 1
  Lines  : 8
  Nosec  : 0
  Issues : 1

So I removed the element of the JSONSchema and the configuration.

Related to securego/gosec#1175

@ldez ldez added bug Something isn't working linter: update Update the linter implementation inside golangci-lint labels Aug 14, 2024
@ldez ldez added this to the next milestone Aug 14, 2024
@ldez ldez merged commit ca0b09e into golangci:master Aug 14, 2024
16 checks passed
@ldez ldez deleted the fix/gosec-g602 branch August 14, 2024 21:54
@ldez ldez modified the milestones: next, v1.60 Aug 20, 2024
uudashr pushed a commit to uudashr/golangci-lint that referenced this pull request Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working linter: update Update the linter implementation inside golangci-lint
Projects
None yet
Development

Successfully merging this pull request may close these issues.

gosec rule G602 always ignored
2 participants