Add gitea's go-crypto fork to deny list (#19)
- It's dangerous to use this fork over the official one. This one only will contain changes to the SSH part of x/crypto in order to fix some bugs. See https://github.com/go-gitea/gitea/pull/18711. Reviewed-on: https://gitea.com/gitea/gitea-vet/pulls/19 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: Norwin <noerw@noreply.gitea.io> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-committed-by: Gusted <williamzijl7@hotmail.com>
This commit is contained in:
parent
48ebc90254
commit
854133ff01
|
@ -11,7 +11,7 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
deniedImports = []string{"io/ioutil", "encoding/json"}
|
||||
deniedImports = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"}
|
||||
DenylistImports = &analysis.Analyzer{
|
||||
Name: "denylist_imports",
|
||||
Doc: "check for denied imports",
|
||||
|
@ -26,7 +26,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) {
|
|||
val = strings.TrimPrefix(val, `"`)
|
||||
val = strings.TrimSuffix(val, `"`)
|
||||
for _, deniedImport := range deniedImports {
|
||||
if deniedImport == val {
|
||||
if strings.HasPrefix(val, deniedImport) {
|
||||
// Allow a exemption when there is a comment 'Allow "package_name" import'
|
||||
allowed := false
|
||||
for _, comment := range file.Comments {
|
||||
|
@ -37,7 +37,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) {
|
|||
}
|
||||
|
||||
if !allowed {
|
||||
pass.Reportf(im.Path.Pos(), `"`+deniedImport+"\" is not allowed to be imported")
|
||||
pass.Reportf(im.Path.Pos(), `"`+val+"\" is not allowed to be imported")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue