add tests for severity and confidence

Signed-off-by: Ryan Leung <rleungx@gmail.com>

.golangci.example.yml

@@ -372,9 +372,9 @@ linters-settings:
     # Exclude generated files
     exclude-generated: true
     # Filter out the issues with a lower severity than the given value. Valid options are: low, medium, high.
-    severity: "high"
+    severity: "low"
     # Filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high.
-    confidence: "medium"
+    confidence: "low"
     # To specify the configuration of rules.
     # The configuration of rules is not fully documented by gosec:
     # https://github.com/securego/gosec#configuration

pkg/golinters/gosec.go

@@ -148,7 +148,7 @@ func convertToScore(str string) (gosec.Score, error) {
 	case "high":
 		return gosec.High, nil
 	default:
-		return gosec.Low, errors.Errorf("'%s' not valid", str)
+		return gosec.Low, errors.Errorf("%s", str)
 	}
 }
 

test/testdata/configs/gosec_severity_confidence.yml

@@ -0,0 +1,4 @@
+linters-settings:
+  gosec:
+    severity: "medium"
+    confidence: "medium"

test/testdata/gosec_severity_confidence.go

@@ -0,0 +1,31 @@
+//args: -Egosec
+//config_path: testdata/configs/gosec_severity_confidence.yml
+package testdata
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+var url string = "https://www.abcdefghijk.com"
+
+func gosecVariableURL() {
+	resp, err := http.Get(url) // ERROR "G107: Potential HTTP request made with variable url"
+	if err != nil {
+		panic(err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("%s", body)
+}
+
+func gosecHardcodedCredentials() {
+	username := "admin"
+	var password = "f62e5bcda4fae4f82370da0c6f20697b8f8447ef"
+
+	fmt.Println("Doing something with: ", username, password)
+}