Add a flag to filter issues by confidence (#316)

Refactor also how the issues are filtered by severity. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2024-12-30 21:19:46 +02:00 · 2019-05-10 10:15:09 +02:00 · 2019-05-10 10:15:09 +02:00 · ee80733faf
commit ee80733faf
parent 29cec138dc
1 changed files with 25 additions and 12 deletions
--- a/cmd/gosec/main.go
+++ b/cmd/gosec/main.go
@ -93,7 +93,10 @@ var (
 	flagScanVendor = flag.Bool("vendor", false, "Scan the vendor folder")

 	// fail by severity
-	flagSeverity = flag.String("severity", "low", "Fail the scanning for issues with the given or higher severity. Valid options are: low, medium, high")
+	flagSeverity = flag.String("severity", "low", "Filter out the issues with a lower severity than the given value. Valid options are: low, medium, high")
+
+	// fail by confidence
+	flagConfidence = flag.String("confidence", "low", "Filter out the issues with a lower confidence than the given value. Valid options are: low, medium, high")

 	// do not fail
 	flagNoFail = flag.Bool("no-fail", false, "Do not fail the scanning, even if issues were found")
@ -199,6 +202,16 @@ func convertToScore(severity string) (gosec.Score, error) {
 	}
 }

+func filterIssues(issues []*gosec.Issue, severity gosec.Score, confidence gosec.Score) []*gosec.Issue {
+	result := []*gosec.Issue{}
+	for _, issue := range issues {
+		if issue.Severity >= severity && issue.Confidence >= confidence {
+			result = append(result, issue)
+		}
+	}
+	return result
+}
+
 func main() {
 	// Setup usage description
 	flag.Usage = usage
@ -232,10 +245,15 @@ func main() {

 	failSeverity, err := convertToScore(*flagSeverity)
 	if err != nil {
-		logger.Fatal(err)
+		logger.Fatalf("Invalid severity value: %v", err)
 	}

-	// Load config
+	failConfidence, err := convertToScore(*flagConfidence)
+	if err != nil {
+		logger.Fatalf("Invalid confidence value: %v", err)
+	}
+
+	// Load the analyzer configuration
 	config, err := loadConfig(*flagConfig)
 	if err != nil {
 		logger.Fatal(err)
@ -284,16 +302,11 @@ func main() {
 		sortIssues(issues)
 	}

-	issuesFound := false
-	for _, issue := range issues {
-		if issue.Severity >= failSeverity {
-			issuesFound = true
-			break
-		}
-	}
+	// Filter the issues by severity and confidence
+	issues = filterIssues(issues, failSeverity, failConfidence)

 	// Exit quietly if nothing was found
-	if !issuesFound && *flagQuiet {
+	if len(issues) == 0 && *flagQuiet {
 		os.Exit(0)
 	}

@ -307,7 +320,7 @@ func main() {
 	logWriter.Close() // #nosec

 	// Do we have an issue? If so exit 1 unless NoFail is set
-	if (issuesFound || len(errors) != 0) && !*flagNoFail {
+	if (len(issues) > 0 || len(errors) > 0) && !*flagNoFail {
 		os.Exit(1)
 	}
 }