我正在为 golangci-lint 添加 gosec 的 linter,除以下内容外,所有内容均已涵盖:
exec.Command(params[0], params[1:]…)
我知道我可以禁用此 lint,但我不想这样做。有没有办法修复代码以满足这种 lint?
错误是:
G204: Subprocess launched with function call as argument or cmd arguments ```
【问题讨论】:
标签: go
您可以使用注释排除特定行,而不是禁用 linter;
exec.Command(params[0], params[1:]...) //nolint:gosec
【讨论】:
如果你想禁用只这个检查,你可以
exec.Command(params[0], params[1:]...) // #nosec G204
【讨论】:
硬编码命令调用。有no other optionsAFAIS。
更新:从版本 1.40 开始,您的 gosec 选项可自定义,请参阅 https://github.com/golangci/golangci-lint 存储库中的示例配置 .golangci.example.yml。
linter-settings:
gosec:
# To select a subset of rules to run.
# Available rules: https://github.com/securego/gosec#available-rules
includes:
- G401
- G306
- G101
# To specify a set of rules to explicitly exclude.
# Available rules: https://github.com/securego/gosec#available-rules
excludes:
- G204
# To specify the configuration of rules.
# The configuration of rules is not fully documented by gosec:
# https://github.com/securego/gosec#configuration
# https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/rules/rulelist.go#L60-L102
config:
G306: "0600"
G101:
pattern: "(?i)example"
ignore_entropy: false
entropy_threshold: "80.0"
per_char_threshold: "3.0"
truncate: "32"
【讨论】:
gosec 不会抱怨。或者您可以禁用消息。