CheckAnalyzers doesn't seem to respect exclude or nosec (e.g. G602)

[imirkin]

I'm getting false positives with rule G602 and v2.20.0. I can't seem to find a way of supressing them. Adding to -exclude on the cmdline doesn't work, nor does adding // #nosec G602 comments.

As an aside, the code is fine... it's like

if len(x) == 1 {
  ...
} else if len(x) == 2 {
  if x[0].foo() == bar {
    return Pair{x[0], x[1]}
  } else if x[0].baz() == bar {
    return Pair{x[1], x[0]}
  }
} else {
  ...
}

and it generates errors for each of the 4 lines inside the len(x) == 2 block. But the fact that it's not excludable is most worrying.

Downgrading to v2.17.0 is not an option as I now get a panic when it is built with Go 1.22 (upgrading from Go 1.20).

[imirkin]

Do you have any advice for how to fix this? The "analyzers" don't appear to be rules, and thus don't get the filtering benefits that rules do. Should a new section be added for analyzers separate from rules for tracking them? Should they all become part of the same list?

[imirkin]

@ccojocar The change added support for excluding globally, but not per-line/block #nosec comments. I think that's also important to do.