我正在gosec为 golangci-lint添加一个linter,除以下内容外,所有内容都已涵盖:
exec.Command(params[0], params[1:]…)
我知道我可以禁用此 lint,但我不想这样做。有没有办法修复代码以满足此 lint 的要求?
错误是:
G204: Subprocess launched with function call as argument or cmd arguments ```
对命令调用进行硬编码。没有其他选择AFAIS。
更新:从版本 1.40 开始,您gosec可以自定义选项,请参阅https://github.com/golangci/golangci-lint.golangci.example.yml存储库中的示例配置。
linters-settings:
gosec:
# To select a subset of rules to run.
# Available rules: https://github.com/securego/gosec#available-rules
includes:
- G401
- G306
- G101
# To specify a set of rules to explicitly exclude.
# Available rules: https://github.com/securego/gosec#available-rules
excludes:
- G204
# To specify the configuration of rules.
# The configuration of rules is not fully documented by gosec:
# https://github.com/securego/gosec#configuration
# https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/rules/rulelist.go#L60-L102
config:
G306: "0600"
G101:
pattern: "(?i)example"
ignore_entropy: false
entropy_threshold: "80.0"
per_char_threshold: "3.0"
truncate: "32"
您可以使用注释排除特定行,而不是禁用 linter;
exec.Command(params[0], params[1:]...) //nolint:gosec
| 归档时间: |
|
| 查看次数: |
1597 次 |
| 最近记录: |