You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding a #nosec exception does not work when there are multiple comments together.
Steps to reproduce the behavior
Run gosec ./... with the below file in the current directly (only file to be safe). NOTE this is a minimal/contrived example.
package main
import (
"crypto/tls"
)
funcmain() {
varSSLSkipVerifybool// Some Comment/* #nosec G402 - SSLSkipVerify defaults to false, users are warned when switching it on. */_=&tls.Config{
InsecureSkipVerify: SSLSkipVerify,
}
}
gosec version
v2.9.4 and v2.9.5
NOTE: v2.9.3 works
Go version (output of 'go version')
go version go1.16.10 darwin/amd64
Operating system / Environment
MacOS 11.6 (also affects Linux during CI runs)
Expected behavior
The #nosec should be processed and the "Issue" should not be listed
Summary
Adding a
#nosec
exception does not work when there are multiple comments together.Steps to reproduce the behavior
Run
gosec ./...
with the below file in the current directly (only file to be safe). NOTE this is a minimal/contrived example.gosec version
v2.9.4 and v2.9.5
NOTE: v2.9.3 works
Go version (output of 'go version')
Operating system / Environment
MacOS 11.6 (also affects Linux during CI runs)
Expected behavior
The
#nosec
should be processed and the "Issue" should not be listedActual behavior
Workaround
#nosec
commentThe text was updated successfully, but these errors were encountered: