golangci-lint/test/testdata/gosec.go

//golangcitest:args -Egosec
package testdata

import (
	"crypto/md5" // want "G501: Blocklisted import crypto/md5: weak cryptographic primitive"
	"fmt"
	"log"
	"os"
	"os/exec"
)

func Gosec() {
	h := md5.New() // want "G401: Use of weak cryptographic primitive"
	log.Print(h)
}

func GosecNolintGas() {
	h := md5.New() //nolint:gas
	log.Print(h)
}

func GosecNolintGosec() {
	h := md5.New() //nolint:gosec
	log.Print(h)
}

func GosecNoErrorCheckingByDefault() {
	f, _ := os.Create("foo")
	fmt.Println(f)
}

func GosecG204SubprocWithFunc() {
	arg := func() string {
		return "/tmp/dummy"
	}

	exec.Command("ls", arg()).Run() // want "G204: Subprocess launched with a potential tainted input or cmd arguments"
}
dev: use directives instead of comments for tests (#2978) 2022-07-15 15:32:10 +02:00			`//golangcitest:args -Egosec`
support gas 2018-05-07 14:02:27 +03:00			`package testdata`

			`import (`
dev: follow standards by using 'want' instead of 'ERROR' for tests (#3104) 2022-08-20 18:53:45 +02:00			`"crypto/md5" // want "G501: Blocklisted import crypto/md5: weak cryptographic primitive"`
dev: add gosec test case 2019-02-18 11:05:28 +03:00			`"fmt"`
Load AST for fast linters in different way. Use build.Import instead of manual parser.ParseFile and paths traversal. It allows: 1. support build tags for all linters. 2. analyze files only for current GOOS/GOARCH: less false-positives. 3. analyze xtest packages (*_test) by golint: upstream golint and gometalinter can't do it! And don't break analysis on the first xtest package like it was before. 4. proper handling of xtest packages for linters like goconst where package boundary is important: less false-positives is expected. Also: 1. reuse AST parsing for golint and goconst: minor speedup. 2. allow to specify path (not only name) regexp for --skip-files and --skip-dirs 3. add more default exclude filters for golint about commits: `(comment on exported (method\|function)\|should have( a package)? comment\|comment should be of the form)` 4. print skipped dir in verbose (-v) mode 5. refactor per-linter tests: declare arguments in comments, run only one linter and in combination with slow linter 2018-06-10 17:10:56 +03:00			`"log"`
dev: add gosec test case 2019-02-18 11:05:28 +03:00			`"os"`
Update to latest securego/gosec (#792) * Update to latest securego/gosec. * Fix gosec G204 warnings. * Add gosec G204 test. 2019-10-08 02:36:21 -04:00			`"os/exec"`
support gas 2018-05-07 14:02:27 +03:00			`)`

Prepare for #164: rename GAS to gosec 1. Rename in a backward compatible way 2. Remove gosec default exclude list because gosec is already disabled by default. 3. Warn about unmatched linter names in //nolint directives 4. Process linter names in //nolint directives in upper case 5. Disable gosec for golangci-lint in .golangci.yml 2018-09-01 14:16:30 +03:00			`func Gosec() {`
dev: follow standards by using 'want' instead of 'ERROR' for tests (#3104) 2022-08-20 18:53:45 +02:00			`h := md5.New() // want "G401: Use of weak cryptographic primitive"`
support gas 2018-05-07 14:02:27 +03:00			`log.Print(h)`
			`}`
Update megacheck to the latest version Also do following improvements: - show proper sublinter name for megacheck sublinters - refactor and make more simple and robust megacheck merging/optimizing - improve handling of unknown linter names in //nolint directives - minimize diff of our megacheck version from the upstream, https://github.com/golang/go/issues/29612 blocks usage of the upstream version - support the new `stylecheck` linter - improve tests coverage for megacheck and nolint related cases - update and use upstream versions of unparam and interfacer instead of forked ones - don't use golangci/tools repo anymore - fix newly found issues after updating linters Also should be noted that megacheck works much faster and consumes less memory in the newest release, therefore golangci-lint works noticeably faster and consumes less memory for large repos. Relates: #314 2019-01-08 14:31:04 +03:00
			`func GosecNolintGas() {`
			`h := md5.New() //nolint:gas`
			`log.Print(h)`
			`}`

			`func GosecNolintGosec() {`
			`h := md5.New() //nolint:gosec`
			`log.Print(h)`
			`}`
dev: add gosec test case 2019-02-18 11:05:28 +03:00
			`func GosecNoErrorCheckingByDefault() {`
			`f, _ := os.Create("foo")`
			`fmt.Println(f)`
			`}`
Update to latest securego/gosec (#792) * Update to latest securego/gosec. * Fix gosec G204 warnings. * Add gosec G204 test. 2019-10-08 02:36:21 -04:00
			`func GosecG204SubprocWithFunc() {`
			`arg := func() string {`
			`return "/tmp/dummy"`
			`}`

dev: follow standards by using 'want' instead of 'ERROR' for tests (#3104) 2022-08-20 18:53:45 +02:00			`exec.Command("ls", arg()).Run() // want "G204: Subprocess launched with a potential tainted input or cmd arguments"`
Update to latest securego/gosec (#792) * Update to latest securego/gosec. * Fix gosec G204 warnings. * Add gosec G204 test. 2019-10-08 02:36:21 -04:00			`}`
No results found.