filter issues according to the severity and confidence

Signed-off-by: Ryan Leung <rleungx@gmail.com>
golangci · Oct 18, 2021 · c1ec2a0 · c1ec2a0
1 parent 680f3e6
commit c1ec2a0
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 3 deletions.
diff --git a/.golangci.example.yml b/.golangci.example.yml
@@ -369,6 +369,10 @@ linters-settings:
     # Available rules: https://github.com/securego/gosec#available-rules
     excludes:
       - G204
+    # Filter out the issues with a lower severity than the given value. Valid options are: low, medium, high.
+    serveity: "high"
+    # Filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high.
+    confidence: "medium"
     # To specify the configuration of rules.
     # The configuration of rules is not fully documented by gosec:
     # https://github.com/securego/gosec#configuration

diff --git a/pkg/config/linters_settings.go b/pkg/config/linters_settings.go
@@ -294,9 +294,11 @@ type GoModGuardSettings struct {
 }
 
 type GoSecSettings struct {
-	Includes []string
-	Excludes []string
-	Config   map[string]interface{} `mapstructure:"config"`
+	Includes   []string
+	Excludes   []string
+	Severity   string
+	Confidence string
+	Config     map[string]interface{} `mapstructure:"config"`
 }
 
 type GovetSettings struct {

diff --git a/pkg/golinters/gosec.go b/pkg/golinters/gosec.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/pkg/errors"
 	"github.com/securego/gosec/v2"
 	"github.com/securego/gosec/v2/rules"
 	"golang.org/x/tools/go/analysis"
@@ -68,7 +69,16 @@ func NewGosec(settings *config.GoSecSettings) *goanalysis.Linter {
 			if len(issues) == 0 {
 				return nil, nil
 			}
+			severity, err := convertToScore(settings.Severity)
+			if err != nil {
+				lintCtx.Log.Warnf("Provided severity %s, use low instead. Valid options: low, medium, high", err)
+			}
 
+			confidence, err := convertToScore(settings.Confidence)
+			if err != nil {
+				lintCtx.Log.Warnf("Provided string %s, use low instead. Valid options: low, medium, high", err)
+			}
+			issues = filterIssues(issues, severity, confidence)
 			res := make([]goanalysis.Issue, 0, len(issues))
 			for _, i := range issues {
 				text := fmt.Sprintf("%s: %s", i.RuleID, i.What) // TODO: use severity and confidence
@@ -126,3 +136,27 @@ func gosecRuleFilters(includes, excludes []string) []rules.RuleFilter {
 
 	return filters
 }
+
+func convertToScore(str string) (gosec.Score, error) {
+	str = strings.ToLower(str)
+	switch str {
+	case "", "low":
+		return gosec.Low, nil
+	case "medium":
+		return gosec.Medium, nil
+	case "high":
+		return gosec.High, nil
+	default:
+		return gosec.Low, errors.Errorf("'%s' not valid", str)
+	}
+}
+
+func filterIssues(issues []*gosec.Issue, severity, confidence gosec.Score) []*gosec.Issue {
+	res := make([]*gosec.Issue, 0)
+	for _, issue := range issues {
+		if issue.Severity >= severity && issue.Confidence >= confidence {
+			res = append(res, issue)
+		}
+	}
+	return res
+}
diff --git a/test/testdata/configs/gosec.yml b/test/testdata/configs/gosec.yml
@@ -3,6 +3,8 @@ linters-settings:
     includes:
       - G306
       - G101
+    serveity: "low"
+    confidence: "low"
     config:
       G306: "0666"
       G101: