Documentation on adding new rules and analyzers #1262
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add some docs for developers who want to extend gosec
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #1262 +/- ##
==========================================
- Coverage 68.49% 66.66% -1.84%
==========================================
Files 75 75
Lines 4384 5186 +802
==========================================
+ Hits 3003 3457 +454
- Misses 1233 1581 +348
Partials 148 148 ☔ View full report in Codecov by Sentry. |
ccojocar
reviewed
Dec 12, 2024
|
I would also add a link in the README to this doc. Maybe in the development section https://github.com/securego/gosec?tab=readme-ov-file#development. |
alexandear
reviewed
Dec 13, 2024
Co-authored-by: Oleksandr Redko <[email protected]>
alexandear
reviewed
Dec 13, 2024
Co-authored-by: Oleksandr Redko <[email protected]>
Co-authored-by: Oleksandr Redko <[email protected]>
Co-authored-by: Oleksandr Redko <[email protected]>
alexandear
reviewed
Dec 14, 2024
Co-authored-by: Oleksandr Redko <[email protected]>
ccoVeille
reviewed
Dec 14, 2024
Fix phrasing to be clearer
ccoVeille
reviewed
Dec 15, 2024
|
|
||
| ### Adding an Analyzer | ||
|
|
||
| 1. Create a new go file under `./analyzers/` with the following scaffolding in it: |
There was a problem hiding this comment.
Nitpicking
Suggested change
| 1. Create a new go file under `./analyzers/` with the following scaffolding in it: | |
| 1. Create a new Go file under `./analyzers/` with the following scaffolding in it: |
Suggested change
| 1. Create a new go file under `./analyzers/` with the following scaffolding in it: | |
| 1. Create a new .go file under `./analyzers/` with the following scaffolding in it: |
|
|
||
| 2. Add the analyzer to `./analyzers/analyzerslist.go` in the `defaultAnalyzers` variable under an entry like `{"G999", "My test analyzer", newMyAnalyzer}` | ||
| 3. Add a RuleID to CWE ID mapping for your rule to the `ruleToCWE` map in `./issue/issue.go`. If you need a CWE that isn't already defined in `./cwe/data.go`, add it to the `idWeaknessess` map in that file. | ||
| 4. `make`; then run the `gosec` binary produced. You should see the output from our print statement. |
There was a problem hiding this comment.
It's about the make command
Suggested change
| 4. `make`; then run the `gosec` binary produced. You should see the output from our print statement. | |
| 4. Run `make`; then run the `gosec` binary produced. You should see the output from our print statement. |
Or anything like that
ccojocar
approved these changes
Dec 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add some docs for developers who want to extend gosec-- this is based on my personal notes I took while attempting to add a taint analyzer (it didn't pan out, but I intend to keep looking into it).
I've also drawn a diagram in miro, which I will add in a future PR once I figure out how to export it to useful file format.