feat(gosec): support configuration.

ldez · ldez · commit 057648fb0670 · 2021-04-24T21:02:21.000+02:00
diff --git a/.golangci.example.yml b/.golangci.example.yml
@@ -339,12 +339,24 @@ linters-settings:
     # Available rules: https://github.com/securego/gosec#available-rules
     includes:
       - G401
-      - G501
-      - G204
+      - G306
+      - G101
     # To specify a set of rules to explicitly exclude.
     # Available rules: https://github.com/securego/gosec#available-rules
     excludes:
       - G204
+    # To specify the configuration of rules.
+    # The configuration of rules is not fully documented by gosec:
+    # https://github.com/securego/gosec#configuration
+    # https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/rules/rulelist.go#L60-L102
+    config:
+      G306: "0600"
+      G101:
+        pattern: "(?i)example"
+        ignore_entropy: false
+        entropy_threshold: "80.0"
+        per_char_threshold: "3.0"
+        truncate: "32"
 
   govet:
     # report about shadowed variables
diff --git a/pkg/config/linters_settings.go b/pkg/config/linters_settings.go
@@ -272,6 +272,7 @@ type GoModGuardSettings struct {
 type GoSecSettings struct {
 	Includes []string
 	Excludes []string
+	Config   map[string]interface{} `mapstructure:"config"`
 }
 
 type GovetSettings struct {
diff --git a/pkg/golinters/gosec.go b/pkg/golinters/gosec.go
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"log"
 	"strconv"
+	"strings"
 	"sync"
 
 	"github.com/securego/gosec/v2"
@@ -30,6 +31,12 @@ func NewGosec(settings *config.GoSecSettings) *goanalysis.Linter {
 	var filters []rules.RuleFilter
 	if settings != nil {
 		filters = gosecRuleFilters(settings.Includes, settings.Excludes)
+
+		for k, v := range settings.Config {
+			// Uses ToUpper because the parsing of the map's key change the key to lowercase.
+			// The value is not impacted by that: the case is respected.
+			gasConfig.Set(strings.ToUpper(k), v)
+		}
 	}
 
 	ruleDefinitions := rules.Generate(filters...)
diff --git a/test/testdata/configs/gosec.yml b/test/testdata/configs/gosec.yml
@@ -0,0 +1,13 @@
+linters-settings:
+  gosec:
+    includes:
+      - G306
+      - G101
+    config:
+      G306: "0666"
+      G101:
+        pattern: "(?i)simple"
+        ignore_entropy: false
+        entropy_threshold: "80.0"
+        per_char_threshold: "3.0"
+        truncate: "32"
diff --git a/test/testdata/gosec_rules_config.go b/test/testdata/gosec_rules_config.go
@@ -0,0 +1,12 @@
+//args: -Egosec
+//config_path: testdata/configs/gosec.yml
+package testdata
+
+import "io/ioutil"
+
+const gosecToken = "62ebc7a03d6ca24dca1258fd4b48462f6fed1545"
+const gosecSimple = "62ebc7a03d6ca24dca1258fd4b48462f6fed1545" // ERROR "G101: Potential hardcoded credentials"
+
+func gosecCustom() {
+	ioutil.WriteFile("filename", []byte("test"), 0755) // ERROR "G306: Expect WriteFile permissions to be 0666 or less"
+}

Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,7 @@ type GoModGuardSettings struct {`
`272`	`272`	`type GoSecSettings struct {`
`273`	`273`	`Includes []string`
`274`	`274`	`Excludes []string`
	`275`	+ Config map[string]interface{} `mapstructure:"config"`
`275`	`276`	`}`
`276`	`277`
`277`	`278`	`type GovetSettings struct {`