search

alecthomas / gometalinter

DEPRECATED: Use https://github.com/golangci/golangci-lint
MIT License
3.51k stars 267 forks source link

Added 'Command' parameter to 'gosec' cannot get expected output #529

Closed lnshi closed 6 years ago

lnshi commented 6 years ago

My original .gometalinter.json

{
    "DisableAll": true,
    "Enable": [
        "deadcode",
        "dupl",
        "gosec",
        "goconst",
        "gofmt",
        "goimports",
        "golint",
        "gosimple",
        "gotype",
        "interfacer",
        "ineffassign",
        "misspell",
        "megacheck",
        "nakedret",
        "structcheck",
        "staticcheck",
        "testify",
        "unconvert",
        "unparam",
        "varcheck",
        "vet",
        "vetshadow"
    ],
    "Exclude": [
        "pkg/grpcconnpool/test.pb.go",
        "tests/internal/grpcrp/test.pb.go"
    ]
}

when i run i can see some expected output like below:

pkg/util/strings.go:4::warning: Blacklisted import crypto/md5: weak cryptographic primitive,MEDIUM,HIGH (gosec)
pkg/util/strings.go:11::warning: Use of weak cryptographic primitive,MEDIUM,HIGH (gosec)
daemon/httpserving/gzip_handler.go:15::warning: Errors unhandled.,LOW,HIGH (gosec)
daemon/httpserving/gzip_handler.go:63::warning: Errors unhandled.,LOW,HIGH (gosec)
daemon/httpserving/tf/api/v2/predict.go:163::warning: Errors unhandled.,LOW,HIGH (gosec)

I tried to exclude the rule G501(G501: Import blacklist: crypto/md5) for gosec, so i changed my .gometalinter.json to:

{
    "DisableAll": true,
    "Enable": [
        "deadcode",
        "dupl",
        "gosec",
        "goconst",
        "gofmt",
        "goimports",
        "golint",
        "gosimple",
        "gotype",
        "interfacer",
        "ineffassign",
        "misspell",
        "megacheck",
        "nakedret",
        "structcheck",
        "staticcheck",
        "testify",
        "unconvert",
        "unparam",
        "varcheck",
        "vet",
        "vetshadow"
    ],
    "Exclude": [
        "pkg/grpcconnpool/test.pb.go",
        "tests/internal/grpcrp/test.pb.go"
    ],
    "Linters": {
        "gosec": {
            "Command": "gosec -exclude=G501"
        }
    }
}

which when i run, all the output are gone, not only the checks for G501, also those checks for G104(Errors unhandled) are gone, which is incorrect behaviours.

but when i run gometalinter --debug, i can see below output related to gosec, which looks ok ....

DEBUG: [Sep  6 09:15:05.300] [gosec.12]: executing /Users/leonard/go_projects/bin/gosec -exclude=G501 ./... .
DEBUG: [Sep  6 09:15:34.117] [gosec.12]: warning: /Users/leonard/go_projects/bin/gosec returned exit status 1: [gosec] 2018/09/06 17:15:05 including rules: default
[gosec] 2018/09/06 17:15:05 excluding rules: G501
[gosec] 2018/09/06 17:15:08 Searching directory: /Users/leonard/go_projects/src/x/y/z
[gosec] 2018/09/06 17:15:08 Searching directory: /Users/leonard/go_projects/src/x/y/z/1
Results:

[/Users/leonard/go_projects/src/x/y/z/pkg/util/strings.go:11] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum([]byte(s))

[/Users/leonard/go_projects/src/x/y/z/daemon/httpserving/gzip_handler.go:15] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > w, _ := gzip.NewWriterLevel(nil, gzip.BestSpeed)

[/Users/leonard/go_projects/src/x/y/z/pkg/gokitlog/logger.go:69] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > level.Debug(logger).Log(kvs...)

Summary:
   Files: 36
   Lines: 29946
   Nosec: 0
  Issues: 15

DEBUG: [Sep  6 09:15:34.616] [gosec.12]: gosec hits 0: ^(?P<path>.*?\.go),(?P<line>\d+),(?P<message>[^,]+,[^,]+,[^,]+)
DEBUG: [Sep  6 09:15:34.616] [gosec.12]: gosec linter took 29.316038526s
DEBUG: [Sep  6 09:15:39.755] total elapsed time 34.507926876s

What am missing? Or this is a bug? Pls help.

alecthomas commented 6 years ago

You're missing the -fmt=csv argument.

lnshi commented 6 years ago

Sorry, add the -fmt=csv to the command line or the config file?

Also how come if i didn't add that exclude argument for gosec everything is working properly without -fmt=csv?

On Thu, 6 Sep 2018 at 18:05, Alec Thomas notifications@github.com wrote:

Closed #529 https://github.com/alecthomas/gometalinter/issues/529.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/alecthomas/gometalinter/issues/529#event-1829988367, or mute the thread https://github.com/notifications/unsubscribe-auth/AXcQEuKqAb94nrshiieYXhcNsO6jn1FSks5uYPNcgaJpZM4WcjFY .

dnephin commented 6 years ago

You add it to the config Command.

What that does is override this line: https://github.com/alecthomas/gometalinter/blob/2b0b5f3/linters.go#L235.

Omitting it changes the output format, which makes it impossible for gometalinter to parse the output.

lnshi commented 6 years ago

Verified, solved, thank u very much.