build(deps): bump github.com/securego/gosec/v2 from 2.8.1 to 2.9.1 (golangci#2299)

dependabot[bot] · ldez · SeigeC · commit f1bf4adbd498 · 2023-04-04T17:25:42.000+08:00
Co-authored-by: Fernandez Ludovic &lt;ldez@users.noreply.github.com&gt;
diff --git a/.golangci.example.yml b/.golangci.example.yml
@@ -369,6 +369,8 @@ linters-settings:
     # Available rules: https://github.com/securego/gosec#available-rules
     excludes:
       - G204
+    # Exclude generated files
+    exclude-generated: true
     # To specify the configuration of rules.
     # The configuration of rules is not fully documented by gosec:
     # https://github.com/securego/gosec#configuration
diff --git a/go.mod b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/ryancurrah/gomodguard v1.2.3
 	github.com/ryanrolds/sqlclosecheck v0.3.0
 	github.com/sanposhiho/wastedassign/v2 v2.0.6
-	github.com/securego/gosec/v2 v2.8.1
+	github.com/securego/gosec/v2 v2.9.1
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c
 	github.com/shirou/gopsutil/v3 v3.21.9
 	github.com/sirupsen/logrus v1.8.1
diff --git a/go.sum b/go.sum
diff --git a/pkg/config/linters_settings.go b/pkg/config/linters_settings.go
@@ -294,9 +294,10 @@ type GoModGuardSettings struct {
 }
 
 type GoSecSettings struct {
-	Includes []string
-	Excludes []string
-	Config   map[string]interface{} `mapstructure:"config"`
+	Includes         []string
+	Excludes         []string
+	ExcludeGenerated bool                   `mapstructure:"exclude-generated"`
+	Config           map[string]interface{} `mapstructure:"config"`
 }
 
 type GovetSettings struct {
diff --git a/pkg/golinters/gosec.go b/pkg/golinters/gosec.go
@@ -54,7 +54,7 @@ func NewGosec(settings *config.GoSecSettings) *goanalysis.Linter {
 		nil,
 	).WithContextSetter(func(lintCtx *linter.Context) {
 		analyzer.Run = func(pass *analysis.Pass) (interface{}, error) {
-			gosecAnalyzer := gosec.NewAnalyzer(gasConfig, true, logger)
+			gosecAnalyzer := gosec.NewAnalyzer(gasConfig, true, settings.ExcludeGenerated, logger)
 			gosecAnalyzer.LoadRules(ruleDefinitions.Builders())
 
 			pkg := &packages.Package{
diff --git a/test/testdata/gosec.go b/test/testdata/gosec.go
@@ -34,5 +34,5 @@ func GosecG204SubprocWithFunc() {
 		return "/tmp/dummy"
 	}
 
-	exec.Command("ls", arg()).Run() // ERROR "G204: Subprocess launched with function call as argument or cmd arguments"
+	exec.Command("ls", arg()).Run() // ERROR "G204: Subprocess launched with a potential tainted input or cmd arguments"
 }

Original file line number	Diff line number	Diff line change
`@@ -294,9 +294,10 @@ type GoModGuardSettings struct {`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	`type GoSecSettings struct {`
`297`		`- Includes []string`
`298`		`- Excludes []string`
`299`		- Config map[string]interface{} `mapstructure:"config"`
	`297`	`+ Includes []string`
	`298`	`+ Excludes []string`
	`299`	+ ExcludeGenerated bool `mapstructure:"exclude-generated"`
	`300`	+ Config map[string]interface{} `mapstructure:"config"`
`300`	`301`	`}`
`301`	`302`
`302`	`303`	`type GovetSettings struct {`
Original file line number	Diff line number	Diff line change
`@@ -34,5 +34,5 @@ func GosecG204SubprocWithFunc() {`
`34`	`34`	`return "/tmp/dummy"`
`35`	`35`	`}`
`36`	`36`
`37`		`- exec.Command("ls", arg()).Run() // ERROR "G204: Subprocess launched with function call as argument or cmd arguments"`
	`37`	`+ exec.Command("ls", arg()).Run() // ERROR "G204: Subprocess launched with a potential tainted input or cmd arguments"`
`38`	`38`	`}`