Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing to run if code uses github.com/samber/lo Map #804

Closed
mniak opened this issue Apr 5, 2022 · 2 comments
Closed

Failing to run if code uses github.com/samber/lo Map #804

mniak opened this issue Apr 5, 2022 · 2 comments

Comments

@mniak
Copy link

mniak commented Apr 5, 2022

Summary

When I import github.com/samber/lo and uses the lo.Map method, it raises an error when I run gosec ./...

Steps to reproduce the behavior

Create the files below, then run gosec ./...:

main.go
package main

import "github.com/samber/lo"

func main() {
	_ = lo.Map(nil, func(key string, idx int) string {
		return key
	})
}
go.mod
module test-crash

go 1.18

require github.com/samber/lo v1.11.0

require golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect
go.sum
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/samber/lo v1.11.0 h1:JfeYozXL1xfkhRUFOfH13ociyeiLSC/GRJjGKI668xM=
github.com/samber/lo v1.11.0/go.mod h1:2I7tgIv8Q1SG2xEIkRq0F2i2zgxVpnyPOP0d3Gj2r+A=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/thoas/go-funk v0.9.1 h1:O549iLZqPpTUQ10ykd26sZhzD+rmR5pWhuElrhbC20M=
golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 h1:3MTrJm4PyNL9NBqvYDSj3DHl46qQakyfqfWo4jgfaEM=
golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=

gosec version

I tested this behavior with two versions:

  • 2.11.0 installed using go install github.com/securego/gosec/v2/cmd/gosec@v2.11.0
  • The most recent commit on the master branch (89dfdc0) installed using go install github.com/securego/gosec/v2/cmd/gosec@89dfdc0c972655dfaa4eec7a115742a28e0bc216

Both produce the exact same failures.

Go version (output of 'go version')

❯ go version
go version go1.18 **darwin/arm64**

Operating system / Environment

macOS Monterey
Version 12.2.1 (21D62)

Expected behavior

To run without failures, return exit code 0 and print a summary.

❯ gosec ./...      
[gosec] 2022/04/05 11:52:17 Including rules: default
[gosec] 2022/04/05 11:52:17 Excluding rules: default
[gosec] 2022/04/05 11:52:17 Import directory: /Users/mniak/Projects/test-crash
[gosec] 2022/04/05 11:52:17 Checking package: main
[gosec] 2022/04/05 11:52:17 Checking file: /Users/andre/Projects/test-crash/main.go
Results:


Summary:
  Gosec  : dev
  Files  : 1
  Lines  : 9
  Nosec  : 0
  Issues : 0

Actual behavior

Crashes with exit code 1 and does not print a summary.

[gosec] 2022/04/05 11:55:50 Including rules: default
[gosec] 2022/04/05 11:55:50 Excluding rules: default
[gosec] 2022/04/05 11:55:50 Import directory: /Users/mniak/Projects/test-crash
2022/04/05 11:55:50 Unexpected package creation during export data loading
@cschneider4711
Copy link

Same here for a Go 1.18 project.

Probably related to golang/go#51629

@ccojocar
Copy link
Member

ccojocar commented Apr 7, 2022

@mniak Thanks for this issue but problem is in the golang.org/x/tools/go/packages package, more specifically packages.Load function which is used by gosec to load the Go packages.

The gosec's dependencies will be automatically updated when they will release a fix, therefore I'll close this issue for now.

@ccojocar ccojocar closed this as completed Apr 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ccojocar @mniak @cschneider4711