go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-25 22:22:17 +02:00
Code Issues Releases Activity

Remove rule G307 which checks when an error is not handled when a file or socket connection is closed (#935)

Browse Source 
* Remove read only types from unsafe defer rules

* Remove rule G307 which checks when an error is not handled when a file or socket connection is closed

This doesn't seem to bring much value from security perspective, and it caused a lot of controversy since
is a very common pattern in Go.

* Mentioned in documentation that rule G307 is retired

* Clean up the test for rule G307
This commit is contained in:
Cosmin Cojocar
2023-02-24 14:04:13 +01:00
committed by GitHub
parent 27bf0e4f9b
commit d5a9c73723
6 changed files with 1 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rules/rules_test.go
View File

@@ -146,10 +146,6 @@ var _ = Describe("gosec rules", func() {
runner("G306", testutils.SampleCodeG306)
})
It("should detect unsafe defer of os.Close", func() {
runner("G307", testutils.SampleCodeG307)
})
It("should detect weak crypto algorithms", func() {
runner("G401", testutils.SampleCodeG401)
})