Golangci-lint: v1.14.0 skips some gosec linter errors
Thank you for creating the issue!
Please include the following information:
- Version of golangci-lint:
golangci-lint --version(or git commit if you don't use binary distribution)
Error: unknown flag: --version
Installed using theGO111MODULE=on go get github.com/golangci/golangci-lint/cmd/[email protected]
reinstalled the binary release
golangci-lint has version 1.14.0 built from 6c4d290 on 2019-02-11T06:59:20Z
the rest is the same
also tried
golangci-lint has version 1.13.2 built from 7b2421d on 2019-01-26T16:39:30Z
and results are still the same
Config file:
cat .golangci.yml
cat: .golangci.yml: No such file or directoryGo environment:
go version && go env
go version go1.11.5 linux/amd64
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/ivan/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/srv/work/go"
GOPROXY=""
GORACE=""
GOROOT="/home/ivan/.local/share/umake/go/go-lang"
GOTMPDIR=""
GOTOOLDIR="/home/ivan/.local/share/umake/go/go-lang/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build031574701=/tmp/go-build -gno-record-gcc-switches"
- Verbose output of running:
golangci-lint run -v
INFO [config_reader] Config search paths: [./ stripped]
INFO [lintersdb] Active 10 linters: [deadcode errcheck gosimple govet ineffassign staticcheck structcheck typecheck unused varcheck]
INFO [lintersdb] Optimized sublinters [staticcheck gosimple unused] into metalinter megacheck
INFO [loader] Go packages loading at mode load deps types and syntax took 434.685952ms
INFO [loader] SSA repr building timing: packages building 3.687078ms, total 9.45826ms
INFO [runner] worker.5 took 28.07µs with stages: varcheck: 25.011µs
INFO [runner] worker.6 took 1.561µs
INFO [runner] worker.4 took 104.357µs with stages: ineffassign: 100.731µs
INFO [runner] worker.2 took 102.872µs with stages: errcheck: 51.236µs, structcheck: 42.458µs, deadcode: 4.397µs, typecheck: 659ns
INFO [runner] worker.1 took 800.693µs with stages: govet: 795.844µs
INFO [runner] worker.3 took 138.441434ms with stages: megacheck: 138.43639ms
INFO [runner] Workers idle times: #1: 137.650728ms, #2: 138.310228ms, #4: 138.320405ms, #5: 138.348009ms, #6: 138.340465ms
INFO [runner] Issues before processing: 1, after processing: 0
INFO [runner] processing took 88.824µs with stages: exclude: 64.285µs, path_prettifier: 6.666µs, cgo: 6.589µs, autogenerated_exclude: 5.655µs, skip_dirs: 3.366µs, max_same_issues: 416ns, diff: 371ns, nolint: 364ns, skip_files: 214ns, max_from_linter: 198ns, source_code: 190ns, uniq_by_line: 181ns, max_per_file_from_linter: 165ns, path_shortener: 164ns
INFO Memory: 7 samples, avg is 88.7MB, max is 136.5MB
INFO Execution took 625.325433ms
I run it in the directory with the only following file main.go:
package main
import "os"
func main() {
f, _ := os.Create("foo")
f.Close()
}
And the output from gometalinter:
➜ gometalinter
main.go:7:9:warning: error return value not checked (f.Close()) (errcheck)
main.go:6::warning: Errors unhandled.,LOW,HIGH (gosec)
main.go:7::warning: Errors unhandled.,LOW,HIGH (gosec)
zerkms
All 6 comments
Ok, apparently it was because it was ignored by
# errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked
Well, the problem on the line f, _ := os.Create("foo") is still ignored
package main
import (
"fmt"
"os"
)
func main() {
f, _ := os.Create("foo")
fmt.Println(f)
}
➜ golangci-lint run --enable-all --exclude-use-default=false -v
INFO [config_reader] Config search paths: [./ skipped]
INFO [lintersdb] Active 31 linters: [deadcode depguard dupl errcheck gochecknoglobals gochecknoinits goconst gocritic gocyclo gofmt goimports golint gosec gosimple govet ineffassign interfacer lll maligned misspell nakedret prealloc scopelint staticcheck structcheck stylecheck typecheck unconvert unparam unused varcheck]
INFO [lintersdb] Optimized sublinters [staticcheck gosimple unused stylecheck] into metalinter megacheck
INFO [loader] Go packages loading at mode load deps types and syntax took 644.208497ms
INFO [loader] SSA repr building timing: packages building 7.049119ms, total 42.60499ms
INFO [runner] worker.6 took 11.566474ms with stages: unparam: 9.43488ms, errcheck: 1.196605ms, gosec: 781.388µs, ineffassign: 50.925µs, unconvert: 27.931µs, prealloc: 10.796µs, gocyclo: 9.066µs, goconst: 6.708µs, varcheck: 6.171µs, deadcode: 5.794µs, scopelint: 4.258µs, structcheck: 3.296µs, nakedret: 2.642µs, gochecknoinits: 1.164µs, gochecknoglobals: 1.06µs, typecheck: 946ns
INFO [runner] worker.1 took 11.480645ms with stages: interfacer: 10.839268ms, goimports: 599.064µs, lll: 21.862µs, maligned: 3.799µs, depguard: 2.372µs
INFO [runner] worker.2 took 12.826375ms with stages: govet: 12.823502ms
INFO [runner] worker.5 took 16.779261ms with stages: golint: 16.773443ms
INFO [runner] worker.3 took 35.292449ms with stages: misspell: 27.854526ms, gocritic: 7.078933ms, dupl: 180.031µs, gofmt: 167.737µs
INFO [runner] worker.4 took 196.30302ms with stages: megacheck: 196.298513ms
INFO [runner] Workers idle times: #1: 184.57155ms, #2: 183.390622ms, #3: 160.908334ms, #5: 179.439038ms, #6: 184.603268ms
INFO [runner] processing took 9.097µs with stages: max_same_issues: 6.702µs, skip_files: 413ns, path_prettifier: 399ns, skip_dirs: 257ns, nolint: 239ns, autogenerated_exclude: 205ns, diff: 143ns, exclude: 142ns, cgo: 141ns, max_from_linter: 130ns, max_per_file_from_linter: 95ns, source_code: 84ns, uniq_by_line: 74ns, path_shortener: 73ns
INFO Memory: 10 samples, avg is 129.6MB, max is 204.9MB
INFO Execution took 950.483885ms
while
➜ gosec main.go
[gosec] 2019/02/18 12:22:45 including rules: default
[gosec] 2019/02/18 12:22:45 excluding rules: default
[gosec] 2019/02/18 12:22:45 Searching directory: /srv/work/go/src/skipped/apps/prometheus-discovery/cmd/ttt
[gosec] 2019/02/18 12:22:45 Checking package: main
[gosec] 2019/02/18 12:22:45 Checking file: /srv/work/go/src/skipped/apps/prometheus-discovery/cmd/ttt/main.go
Results:
[/srv/work/go/src/skipped/apps/prometheus-discovery/cmd/ttt/main.go:9] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
> f, _ := os.Create("foo")
Summary:
Files: 1
Lines: 11
Nosec: 0
Issues: 1
and
➜ gometalinter
main.go:9::warning: Errors unhandled.,LOW,HIGH (gosec)
Seems like this might actually be a gosec problem. I replicated with this dockerfile. Run as is and nothing will be reported, run with 1.2.0 (uncomment git checkout line) and the expected error will be reported. Dockerfile must be in the same folder as main.go that should be tested.
```# docker build .
FROM golang:1-stretch
COPY . $GOPATH/src/github.com/project
RUN git clone https://github.com/securego/gosec.git && \
cd gosec && \
git fetch && \
# git checkout 1.2.0 && \
GO111MODULE=on go install ./... && \
gosec $GOPATH/src/github.com/project/main.go
```
Gobd
on 18 Feb 2019
With https://github.com/golangci/gosec it looks like 66fb7fc33547 is being used which reports no errors while master reports the expected one.
Gobd
on 18 Feb 2019
Right, sorry for the noise then.
This one should be closed then right?
zerkms
on 18 Feb 2019
hi!
since thisgosec commit you need to set "audit": "enabled" in gosec config.
Gometalinter reports the problem because it uses older gosec.
Also, I recommend using errcheck instead of gosec for errors checking.
jirfag
on 18 Feb 2019
Related issues
ferhatelmas
·
4Comments
bacongobbler
·
4Comments
moolibdensplk
·
4Comments
liubog2008
·
3Comments
nektro
·
3Comments