From 854133ff019fa53fbb7d3b9e32c46694a02e826a Mon Sep 17 00:00:00 2001 From: Gusted Date: Mon, 14 Mar 2022 08:35:26 +0800 Subject: [PATCH] Add gitea's go-crypto fork to deny list (#19) - It's dangerous to use this fork over the official one. This one only will contain changes to the SSH part of x/crypto in order to fix some bugs. See https://github.com/go-gitea/gitea/pull/18711. Reviewed-on: https://gitea.com/gitea/gitea-vet/pulls/19 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: Norwin Co-authored-by: Gusted Co-committed-by: Gusted --- checks/denylisted-imports.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/checks/denylisted-imports.go b/checks/denylisted-imports.go index 6a0cf58..7fcb137 100644 --- a/checks/denylisted-imports.go +++ b/checks/denylisted-imports.go @@ -11,7 +11,7 @@ import ( ) var ( - deniedImports = []string{"io/ioutil", "encoding/json"} + deniedImports = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"} DenylistImports = &analysis.Analyzer{ Name: "denylist_imports", Doc: "check for denied imports", @@ -26,7 +26,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) { val = strings.TrimPrefix(val, `"`) val = strings.TrimSuffix(val, `"`) for _, deniedImport := range deniedImports { - if deniedImport == val { + if strings.HasPrefix(val, deniedImport) { // Allow a exemption when there is a comment 'Allow "package_name" import' allowed := false for _, comment := range file.Comments { @@ -37,7 +37,7 @@ func runDenylistImports(pass *analysis.Pass) (interface{}, error) { } if !allowed { - pass.Reportf(im.Path.Pos(), `"`+deniedImport+"\" is not allowed to be imported") + pass.Reportf(im.Path.Pos(), `"`+val+"\" is not allowed to be imported") } } }