whitelist crypto/rand Read from error checks (#1446)

2026-01-15 01:33:41 +08:00 · 2025-12-31 17:57:36 +01:00
parent 095d529a90
commit 082deb6cee
2 changed files with 12 additions and 0 deletions
--- a/rules/errors.go
+++ b/rules/errors.go
@@ -89,6 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	whitelist.Add("io.PipeWriter", "CloseWithError")
 	whitelist.Add("hash.Hash", "Write")
 	whitelist.Add("os", "Unsetenv")
+	whitelist.Add("rand", "Read")

 	if configured, ok := conf[id]; ok {
 		if whitelisted, ok := configured.(map[string]interface{}); ok {
--- a/testutils/g104_samples.go
+++ b/testutils/g104_samples.go
@@ -142,6 +142,17 @@ func main() {
 	b := createBuffer()
 	b.WriteString("*bytes.Buffer")
 }
+`}, 0, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import "crypto/rand"
+
+func main() {
+	b := make([]byte, 8)
+	rand.Read(b)
+	_ = b
+}
 `}, 0, gosec.NewConfig()},
 	} // it shouldn't return any errors because all method calls are whitelisted by default