return gosec default excludes: it's too annoying for users

2018-09-05 20:49:57 +03:00 · 2018-09-05 20:49:57 +03:00 · 0c82b64123
commit 0c82b64123
parent dbfcf633d5
2 changed files with 40 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -369,6 +369,21 @@ Flags:
                                    
                                      # megacheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
                                      - ineffective break statement. Did you mean to break out of the outer loop
+                                    
+                                      # gas: Too many false-positives on 'unsafe' usage
+                                      - Use of unsafe calls should be audited
+                                    
+                                      # gas: Too many false-positives for parametrized shell calls
+                                      - Subprocess launch(ed with variable|ing should be audited)
+                                    
+                                      # gas: Duplicated errcheck checks
+                                      - G104
+                                    
+                                      # gas: Too many issues in popular repos
+                                      - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
+                                    
+                                      # gas: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+                                      - Potential file inclusion via variable
                                     (default true)
      --max-issues-per-linter int   Maximum issues count per one linter. Set to 0 to disable (default 50)
      --max-same-issues int         Maximum count of issues with the same text. Set to 0 to disable (default 3)
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -54,6 +54,31 @@ var DefaultExcludePatterns = []ExcludePattern{
 		Linter:  "megacheck",
 		Why:     "Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore",
 	},
+	{
+		Pattern: "Use of unsafe calls should be audited",
+		Linter:  "gas",
+		Why:     "Too many false-positives on 'unsafe' usage",
+	},
+	{
+		Pattern: "Subprocess launch(ed with variable|ing should be audited)",
+		Linter:  "gas",
+		Why:     "Too many false-positives for parametrized shell calls",
+	},
+	{
+		Pattern: "G104",
+		Linter:  "gas",
+		Why:     "Duplicated errcheck checks",
+	},
+	{
+		Pattern: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)",
+		Linter:  "gas",
+		Why:     "Too many issues in popular repos",
+	},
+	{
+		Pattern: "Potential file inclusion via variable",
+		Linter:  "gas",
+		Why:     "False positive is triggered by 'src, err := ioutil.ReadFile(filename)'",
+	},
 }

 func GetDefaultExcludePatternsStrings() []string {