chore: disable gosec(G115)

spiffcs · spiffcs · commit aeae19adb4b9 · 2024-09-13T13:30:48.000-04:00
A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the latest golang-ci linter. securego/gosec#1185 securego/gosec#1149 We're going to ignore this rule for the time being while waiting for gosec to get updates so that bound checking and example snippets of `valid` code is added for this rule Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -57,6 +57,9 @@ linters-settings:
     settings:
       ruleguard:
         rules: "test/rules/rules.go"
+  gosec:
+    excludes:
+      - G115
 output:
   uniq-by-line: false
 run:
diff --git a/internal/file/zip_read_closer.go b/internal/file/zip_read_closer.go
@@ -56,7 +56,7 @@ func OpenZip(filepath string) (*ZipReadCloser, error) {
 	if offset > math.MaxInt64 {
 		return nil, fmt.Errorf("archive start offset too large: %v", offset)
 	}
-	offset64 := int64(offset) //nolint:gosec // lint bug, checked above: https://github.com/securego/gosec/issues/1187
+	offset64 := int64(offset)
 
 	size := fi.Size() - offset64
 
@@ -183,7 +183,7 @@ func findDirectory64End(r io.ReaderAt, directoryEndOffset int64) (int64, error)
 	if b.uint32() != 1 { // total number of disks
 		return -1, nil // the file is not a valid zip64-file
 	}
-	return int64(p), nil //nolint:gosec
+	return int64(p), nil
 }
 
 // readDirectory64End reads the zip64 directory end and updates the
diff --git a/syft/file/cataloger/executable/elf.go b/syft/file/cataloger/executable/elf.go
@@ -175,7 +175,7 @@ func hasElfDynTag(f *elf.File, tag elf.DynTag) bool {
 			t = elf.DynTag(f.ByteOrder.Uint32(d[0:4]))
 			d = d[8:]
 		case elf.ELFCLASS64:
-			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8])) //nolint:gosec
+			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8]))
 			d = d[16:]
 		}
 		if t == tag {
diff --git a/syft/format/syftjson/to_syft_model.go b/syft/format/syftjson/to_syft_model.go
@@ -146,7 +146,7 @@ func safeFileModeConvert(val int) (fs.FileMode, error) {
 	if err != nil {
 		return 0, err
 	}
-	return os.FileMode(mode), nil //nolint:gosec
+	return os.FileMode(mode), nil
 }
 
 func toSyftLicenses(m []model.License) (p []pkg.License) {
diff --git a/syft/pkg/cataloger/debian/parse_dpkg_db.go b/syft/pkg/cataloger/debian/parse_dpkg_db.go
@@ -230,7 +230,7 @@ func handleNewKeyValue(line string) (key string, val interface{}, err error) {
 			if err != nil {
 				return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err)
 			}
-			return key, int(s), nil //nolint:gosec
+			return key, int(s), nil
 		default:
 			return key, val, nil
 		}
diff --git a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go
@@ -268,7 +268,7 @@ func newPE(filename string, r io.ReaderAt) (nativeImage, error) {
 	}
 	exportSymbolsOffset := uint64(exportSymbolsDataDirectory.VirtualAddress)
 	exports := make([]byte, exportSymbolsDataDirectory.Size)
-	_, err = r.ReadAt(exports, int64(exportSymbolsOffset)) //nolint:gosec
+	_, err = r.ReadAt(exports, int64(exportSymbolsOffset))
 	if err != nil {
 		return fileError(filename, fmt.Errorf("could not read the exported symbols data directory: %w", err))
 	}
@@ -412,7 +412,7 @@ func (ni nativeImagePE) fetchExportAttribute(i int) (uint32, error) {
 func (ni nativeImagePE) fetchExportFunctionPointer(functionsBase uint32, i uint32) (uint32, error) {
 	var pointer uint32
 
-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))
 	sz := uint32(unsafe.Sizeof(ni.t.functionPointer))
 	j := functionsBase + i*sz
 	if j+sz >= n {
@@ -457,7 +457,7 @@ func (ni nativeImagePE) fetchSbomSymbols(content *exportContentPE) {
 	sbomBytes := []byte(nativeImageSbomSymbol + "\x00")
 	sbomLengthBytes := []byte(nativeImageSbomLengthSymbol + "\x00")
 	svmVersionInfoBytes := []byte(nativeImageSbomVersionSymbol + "\x00")
-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))
 
 	// Find SBOM, SBOM Length, and SVM Version Symbol
 	for i := uint32(0); i < content.numberOfNames; i++ {
diff --git a/syft/pkg/cataloger/php/parse_pecl_serialized.go b/syft/pkg/cataloger/php/parse_pecl_serialized.go
@@ -60,10 +60,10 @@ func readStruct(metadata any, fields ...string) string {
 	if len(fields) > 0 {
 		value, ok := metadata.(map[any]any)
 		if !ok {
-			log.Tracef("unable to read '%s' from: %v", fields[0], metadata) //nolint:gosec
+			log.Tracef("unable to read '%s' from: %v", fields[0], metadata)
 			return ""
 		}
-		return readStruct(value[fields[0]], fields[1:]...) //nolint:gosec
+		return readStruct(value[fields[0]], fields[1:]...)
 	}
 	value, ok := metadata.(string)
 	if !ok {
diff --git a/syft/pkg/cataloger/redhat/parse_rpm_archive.go b/syft/pkg/cataloger/redhat/parse_rpm_archive.go
@@ -88,12 +88,12 @@ func mapFiles(files []rpmutils.FileInfo, digestAlgorithm string) []pkg.RpmFileRe
 		}
 		out = append(out, pkg.RpmFileRecord{
 			Path:      f.Name(),
-			Mode:      pkg.RpmFileMode(f.Mode()), //nolint:gosec
+			Mode:      pkg.RpmFileMode(f.Mode()),
 			Size:      int(f.Size()),
 			Digest:    digest,
 			UserName:  f.UserName(),
 			GroupName: f.GroupName(),
-			Flags:     rpmdb.FileFlags(f.Flags()).String(), //nolint:gosec
+			Flags:     rpmdb.FileFlags(f.Flags()).String(),
 		})
 	}
 	return out

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ func OpenZip(filepath string) (*ZipReadCloser, error) {`
`56`	`56`	`if offset > math.MaxInt64 {`
`57`	`57`	`return nil, fmt.Errorf("archive start offset too large: %v", offset)`
`58`	`58`	`}`
`59`		`- offset64 := int64(offset) //nolint:gosec // lint bug, checked above: https://github.com/securego/gosec/issues/1187`
	`59`	`+ offset64 := int64(offset)`
`60`	`60`
`61`	`61`	`size := fi.Size() - offset64`
`62`	`62`
`@@ -183,7 +183,7 @@ func findDirectory64End(r io.ReaderAt, directoryEndOffset int64) (int64, error)`
`183`	`183`	`if b.uint32() != 1 { // total number of disks`
`184`	`184`	`return -1, nil // the file is not a valid zip64-file`
`185`	`185`	`}`
`186`		`- return int64(p), nil //nolint:gosec`
	`186`	`+ return int64(p), nil`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	`// readDirectory64End reads the zip64 directory end and updates the`
Original file line number	Diff line number	Diff line change
`@@ -175,7 +175,7 @@ func hasElfDynTag(f *elf.File, tag elf.DynTag) bool {`
`175`	`175`	`t = elf.DynTag(f.ByteOrder.Uint32(d[0:4]))`
`176`	`176`	`d = d[8:]`
`177`	`177`	`case elf.ELFCLASS64:`
`178`		`- t = elf.DynTag(f.ByteOrder.Uint64(d[0:8])) //nolint:gosec`
	`178`	`+ t = elf.DynTag(f.ByteOrder.Uint64(d[0:8]))`
`179`	`179`	`d = d[16:]`
`180`	`180`	`}`
`181`	`181`	`if t == tag {`
Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ func safeFileModeConvert(val int) (fs.FileMode, error) {`
`146`	`146`	`if err != nil {`
`147`	`147`	`return 0, err`
`148`	`148`	`}`
`149`		`- return os.FileMode(mode), nil //nolint:gosec`
	`149`	`+ return os.FileMode(mode), nil`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`func toSyftLicenses(m []model.License) (p []pkg.License) {`
Original file line number	Diff line number	Diff line change
`@@ -230,7 +230,7 @@ func handleNewKeyValue(line string) (key string, val interface{}, err error) {`
`230`	`230`	`if err != nil {`
`231`	`231`	`return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err)`
`232`	`232`	`}`
`233`		`- return key, int(s), nil //nolint:gosec`
	`233`	`+ return key, int(s), nil`
`234`	`234`	`default:`
`235`	`235`	`return key, val, nil`
`236`	`236`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,10 +60,10 @@ func readStruct(metadata any, fields ...string) string {`
`60`	`60`	`if len(fields) > 0 {`
`61`	`61`	`value, ok := metadata.(map[any]any)`
`62`	`62`	`if !ok {`
`63`		`- log.Tracef("unable to read '%s' from: %v", fields[0], metadata) //nolint:gosec`
	`63`	`+ log.Tracef("unable to read '%s' from: %v", fields[0], metadata)`
`64`	`64`	`return ""`
`65`	`65`	`}`
`66`		`- return readStruct(value[fields[0]], fields[1:]...) //nolint:gosec`
	`66`	`+ return readStruct(value[fields[0]], fields[1:]...)`
`67`	`67`	`}`
`68`	`68`	`value, ok := metadata.(string)`
`69`	`69`	`if !ok {`