diff --git a/analyzer.go b/analyzer.go index d7c2ab9..25b5318 100644 --- a/analyzer.go +++ b/analyzer.go @@ -154,16 +154,16 @@ func (gas *Analyzer) ignore(n ast.Node) ([]string, bool) { for _, group := range groups { if strings.Contains(group.Text(), "#nosec") { gas.stats.NumNosec++ - return nil, true - } - - if strings.Contains(group.Text(), "#exclude") { - gas.stats.NumNosec++ // Pull out the specific rules that are listed to be ignored. - re := regexp.MustCompile("!(G\\d{3})") + re := regexp.MustCompile("(G\\d{3})") matches := re.FindAllStringSubmatch(group.Text(), -1) + // If no specific rules were given, ignore everything. + if matches == nil || len(matches) == 0 { + return nil, true + } + // Find the rule IDs to ignore. var ignores []string for _, v := range matches { diff --git a/analyzer_test.go b/analyzer_test.go index 3bd947c..aca14a8 100644 --- a/analyzer_test.go +++ b/analyzer_test.go @@ -135,7 +135,7 @@ var _ = Describe("Analyzer", func() { nosecPackage := testutils.NewTestPackage() defer nosecPackage.Close() - nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #exclude !G401", 1) + nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G401", 1) nosecPackage.AddFile("md5.go", nosecSource) nosecPackage.Build() @@ -152,7 +152,7 @@ var _ = Describe("Analyzer", func() { nosecPackage := testutils.NewTestPackage() defer nosecPackage.Close() - nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #exclude !G301", 1) + nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G301", 1) nosecPackage.AddFile("md5.go", nosecSource) nosecPackage.Build() @@ -169,7 +169,7 @@ var _ = Describe("Analyzer", func() { nosecPackage := testutils.NewTestPackage() defer nosecPackage.Close() - nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #exclude !G301 !G401", 1) + nosecSource := strings.Replace(source, "h := md5.New()", "h := md5.New() // #nosec G301 G401", 1) nosecPackage.AddFile("md5.go", nosecSource) nosecPackage.Build()