Ignore the issues from generated files when using the analysis framew…

…ork (#1079) Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
securego · Nov 30, 2023 · eb256a7 · eb256a7
1 parent 43b7cbf
commit eb256a7
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 2 deletions.
diff --git a/analyzer.go b/analyzer.go
@@ -414,6 +414,9 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 			SSA:    ssaResult.(*buildssa.SSA),
 		},
 	}
+
+	generatedFiles := gosec.generatedFiles(pkg)
+
 	for _, analyzer := range gosec.analyzerList {
 		pass := &analysis.Pass{
 			Analyzer:          analyzer,
@@ -441,13 +444,33 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 		if result != nil {
 			if passIssues, ok := result.([]*issue.Issue); ok {
 				for _, iss := range passIssues {
+					if gosec.excludeGenerated {
+						if _, ok := generatedFiles[iss.File]; ok {
+							continue
+						}
+					}
 					gosec.updateIssues(iss)
 				}
 			}
 		}
 	}
 }
 
+func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
+	generatedFiles := map[string]bool{}
+	for _, file := range pkg.Syntax {
+		if isGeneratedFile(file) {
+			fp := pkg.Fset.File(file.Pos())
+			if fp == nil {
+				// skip files which cannot be located
+				continue
+			}
+			generatedFiles[fp.Name()] = true
+		}
+	}
+	return generatedFiles
+}
+
 // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
 func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
 	defer func() {

diff --git a/analyzer_test.go b/analyzer_test.go
@@ -471,7 +471,7 @@ var _ = Describe("Analyzer", func() {
 			issues, _, _ := customAnalyzer.Report()
 			Expect(issues).Should(HaveLen(1))
 		})
-		It("should be able to scan generated files if NOT excluded", func() {
+		It("should be able to scan generated files if NOT excluded when using the rules", func() {
 			customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
 			customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
 			pkg := testutils.NewTestPackage()
@@ -492,7 +492,7 @@ var _ = Describe("Analyzer", func() {
 			issues, _, _ := customAnalyzer.Report()
 			Expect(issues).Should(HaveLen(1))
 		})
-		It("should be able to skip generated files if excluded", func() {
+		It("should be able to skip generated files if excluded when using the rules", func() {
 			customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
 			customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
 			pkg := testutils.NewTestPackage()
@@ -513,6 +513,50 @@ var _ = Describe("Analyzer", func() {
 			issues, _, _ := customAnalyzer.Report()
 			Expect(issues).Should(BeEmpty())
 		})
+		It("should be able to scan generated files if NOT excluded when using the analyzes", func() {
+			customAnalyzer := gosec.NewAnalyzer(nil, true, false, false, 1, logger)
+			customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
+			pkg := testutils.NewTestPackage()
+			defer pkg.Close()
+			pkg.AddFile("foo.go", `
+				package main
+				// Code generated some-generator DO NOT EDIT.
+        import (
+          "fmt"
+        )
+        func main() {
+          values := []string{}
+          fmt.Println(values[0])
+				}`)
+			err := pkg.Build()
+			Expect(err).ShouldNot(HaveOccurred())
+			err = customAnalyzer.Process(buildTags, pkg.Path)
+			Expect(err).ShouldNot(HaveOccurred())
+			issues, _, _ := customAnalyzer.Report()
+			Expect(issues).Should(HaveLen(1))
+		})
+		It("should be able to skip generated files if excluded when using the analyzes", func() {
+			customAnalyzer := gosec.NewAnalyzer(nil, true, true, false, 1, logger)
+			customAnalyzer.LoadRules(rules.Generate(false).RulesInfo())
+			pkg := testutils.NewTestPackage()
+			defer pkg.Close()
+			pkg.AddFile("foo.go", `
+				package main
+				// Code generated some-generator DO NOT EDIT.
+        import (
+          "fmt"
+        )
+        func main() {
+          values := []string{}
+          fmt.Println(values[0])
+				}`)
+			err := pkg.Build()
+			Expect(err).ShouldNot(HaveOccurred())
+			err = customAnalyzer.Process(buildTags, pkg.Path)
+			Expect(err).ShouldNot(HaveOccurred())
+			issues, _, _ := customAnalyzer.Report()
+			Expect(issues).Should(BeEmpty())
+		})
 	})
 	It("should be able to analyze Cgo files", func() {
 		analyzer.LoadRules(rules.Generate(false).RulesInfo())