Skip to content

gosec: add G602 analyzer #4906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2024
Merged

gosec: add G602 analyzer #4906

merged 1 commit into from
Aug 14, 2024

Conversation

@ldez
Copy link
Member

@ldez ldez commented Aug 14, 2024
edited
Loading

Fixes #4904

G602 is not a rule but an analyzer inside gosec, this means that this "rule" cannot be excluded.

$ gosec -exclude=G602 ./...
[gosec] 2024/08/14 12:55:19 Including rules: default
[gosec] 2024/08/14 12:55:19 Excluding rules: G602
[gosec] 2024/08/14 12:55:19 Import directory: sandbox
[gosec] 2024/08/14 12:55:19 Checking package: sandbox
[gosec] 2024/08/14 12:55:19 Checking file: sandbox/main.go
Results:


[sandbox/main.go:7] - G602 (CWE-118): slice bounds out of range (Confidence: HIGH, Severity: LOW)
    6:  s := make([]byte, 0)
  > 7:  fmt.Println(s[:3])
    8: }

Autofix: 

Summary:
  Gosec  : dev
  Files  : 1
  Lines  : 8
  Nosec  : 0
  Issues : 1

So I removed the element of the JSONSchema and the configuration.

Related to securego/gosec#1175

@ldez ldez added bug Something isn't working linter: update Update the linter implementation inside golangci-lint labels Aug 14, 2024
@ldez ldez added this to the next milestone Aug 14, 2024
@ldez ldez merged commit ca0b09e into golangci:master Aug 14, 2024
@ldez ldez deleted the fix/gosec-g602 branch August 14, 2024 21:54
@ldez ldez mentioned this pull request Aug 20, 2024
Merged
@ldez ldez modified the milestones: next, v1.60 Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bombsimon bombsimon bombsimon approved these changes

@alexandear alexandear Awaiting requested review from alexandear

@Antonboom Antonboom Awaiting requested review from Antonboom

Assignees

No one assigned

Labels

bug Something isn't working linter: update Update the linter implementation inside golangci-lint

Projects

None yet

Milestone

v1.60

Development

Successfully merging this pull request may close these issues.

gosec rule G602 always ignored

2 participants

@ldez @bombsimon