Add gitea's go-crypto fork to deny list (#19)

- It's dangerous to use this fork over the official one. This one only will contain changes to the SSH part of x/crypto in order to fix some bugs. See https://github.com/go-gitea/gitea/pull/18711. Reviewed-on: https://gitea.com/gitea/gitea-vet/pulls/19 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: Norwin <noerw@noreply.gitea.io> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-committed-by: Gusted <williamzijl7@hotmail.com>
2022-03-14 08:35:26 +08:00 · 2022-03-14 08:35:26 +08:00 · 854133ff01
parent 48ebc90254
commit 854133ff01
1 changed files with 3 additions and 3 deletions
--- a/checks/denylisted-imports.go
+++ b/checks/denylisted-imports.go
@ -11,7 +11,7 @@ import (
 )

 var (
-	deniedImports   = []string{"io/ioutil", "encoding/json"}
+	deniedImports   = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"}
 	DenylistImports = &analysis.Analyzer{
 		Name: "denylist_imports",
 		Doc:  "check for denied imports",
@ -26,7 +26,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) {
 			val = strings.TrimPrefix(val, `"`)
 			val = strings.TrimSuffix(val, `"`)
 			for _, deniedImport := range deniedImports {
-				if deniedImport == val {
+				if strings.HasPrefix(val, deniedImport) {
 					// Allow a exemption when there is a comment 'Allow "package_name" import'
 					allowed := false
 					for _, comment := range file.Comments {
@ -37,7 +37,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) {
 					}

 					if !allowed {
-						pass.Reportf(im.Path.Pos(), `"`+deniedImport+"\" is not allowed to be imported")
+						pass.Reportf(im.Path.Pos(), `"`+val+"\" is not allowed to be imported")
 					}
 				}
 			}