Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to ignore rule by pattern matching? Something like // #nosec G104 /Print/ #949

Open
DavidGamba opened this issue Apr 11, 2023 · 2 comments
Open

How to ignore rule by pattern matching? Something like // #nosec G104 /Print/ #949

DavidGamba opened this issue Apr 11, 2023 · 2 comments
Labels
enhancement help wanted

Comments

@DavidGamba
Copy link

Summary

I would like to ignore the unhandled errors rule by pattern matching against the function name.
I am getting G104 errors from fatih/color Fprintf calls.

Steps to reproduce the behavior

import 	"github.com/fatih/color"

color.New(color.FgBlack, color.BgRed, color.Bold).Fprintf(os.Stderr, msg)

gosec version

2.15.0

Go version (output of 'go version')

go version go1.20.1 darwin/arm64

Operating system / Environment

MacOS 13

Expected behavior

Updating the // #nosec G104 annotation to allow for an additional function pattern match:

// #nosec G104 /Fprint/ /Print/
package main

Or in a config file somewhere.

Actual behavior

Nosec annotation can only be added globally without exceptions or per line.
@DavidGamba DavidGamba changed the title How to ignore rule by pattern matching? Something like G104 /Print/ How to ignore rule by pattern matching? Something like // #nosec G104 /Print/ Apr 11, 2023
@ccojocar
Copy link
Member

@DavidGamba This functionality is not available at the moment. It is possible to ignore one rule for an entire line by just adding the following comment:

// #nosec G104

I think this feature makes sense when there are multiple function calls returning the same warning (e.g. G104 for not checking the returned error) and one wants to ignore only some of these errors. Is this what you are thinking of?

@DavidGamba
Copy link
Author

Yes, adding the // #nosec G104 per line does the trick but given that I know that I want to ignore error for all Fprintf calls it would be great to do it globally. The code already ignores the stdlibs Fprintf calls globally by default.

The config file didn't work for me, even after trying different permutations:

{
	"G104": {
		"github.com/fatih/color": ["Fprintf"],
		"color": ["Fprintf"],
		"color": ["New"]
	}
}

issues:
    - severity: 0
      confidence: 2
      cwe:
        id: "703"
        name: Improper Check or Handling of Exceptional Conditions
        description: The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
      ruleid: G104
      what: Errors unhandled.
      file: /Users/davidgamba/xxx/cmd/k/main.go
      code: |
        100: 		case strings.Contains(kcontext, "pro"):
        101: 			color.New(color.FgBlack, color.BgRed, color.Bold).Fprintf(os.Stderr, msg)
        102: 		case strings.Contains(kcontext, "dev"):
      line: "101"
      col: "4"
      nosec: false
      suppressions: []
stats:
    numfiles: 1
    numlines: 260
    numnosec: 0
    numfound: 1
gosecversion: 2.16.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ccojocar @DavidGamba