alpTom/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2026-01-15 01:33:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

whitelist crypto/rand Read from error checks (#1446)

Browse Source
This commit is contained in:
oittaa
2025-12-31 17:57:36 +01:00
committed by GitHub
parent 095d529a90
commit 082deb6cee
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rules/errors.go
View File

@@ -89,6 +89,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
whitelist.Add("io.PipeWriter", "CloseWithError") whitelist.Add("io.PipeWriter", "CloseWithError")
whitelist.Add("hash.Hash", "Write") whitelist.Add("hash.Hash", "Write")
whitelist.Add("os", "Unsetenv") whitelist.Add("os", "Unsetenv")
whitelist.Add("rand", "Read")
if configured, ok := conf[id]; ok { if configured, ok := conf[id]; ok {
if whitelisted, ok := configured.(map[string]interface{}); ok { if whitelisted, ok := configured.(map[string]interface{}); ok {

11
testutils/g104_samples.go
View File

@@ -142,6 +142,17 @@ func main() {
b := createBuffer() b := createBuffer()
b.WriteString("*bytes.Buffer") b.WriteString("*bytes.Buffer")
} }
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "crypto/rand"
func main() {
b := make([]byte, 8)
rand.Read(b)
_ = b
}
`}, 0, gosec.NewConfig()}, `}, 0, gosec.NewConfig()},
} // it shouldn't return any errors because all method calls are whitelisted by default } // it shouldn't return any errors because all method calls are whitelisted by default