Comments (2)
Here's a quick implementation that could be wired up to golangci-lint. It hard-codes the name of the function that must defer for now, but that could be passed via config.
package analyzer
import (
"go/ast"
"golang.org/x/tools/go/analysis"
"golang.org/x/tools/go/analysis/passes/inspect"
"golang.org/x/tools/go/ast/inspector"
)
func run(pass *analysis.Pass) (any, error) {
insp := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
nodeFilter := []ast.Node{
(*ast.ExprStmt)(nil),
(*ast.DeferStmt)(nil),
}
insp.Preorder(nodeFilter, func(node ast.Node) {
// if we have a *ast.ExprStmt that calls internal.CloseAndLogError, report a problem.
// (if the function is correctly called in a defer statement, the node will have type *ast.DeferStmt)
switch t := node.(type) {
case *ast.ExprStmt:
if !isExprStmtAllowed(t, pass) {
pass.Reportf(t.Pos(), "internal.CloseAndLogError must be called in defer")
}
}
})
return nil, nil
}
func isExprStmtAllowed(e *ast.ExprStmt, pass *analysis.Pass) bool {
call, ok := e.X.(*ast.CallExpr)
if !ok {
return true
}
sel, ok := call.Fun.(*ast.SelectorExpr)
if !ok {
return true
}
obj := pass.TypesInfo.Uses[sel.Sel]
if obj == nil {
return true
}
pkg := obj.Pkg()
if pkg == nil {
return true
}
if pkg.Path() == "github.com/anchore/syft/internal" && sel.Sel.Name == "CloseAndLogError" {
return false
}
return true
}
func NewAnalyzer() *analysis.Analyzer {
analyzer := analysis.Analyzer{
Name: "mustdefer",
Doc: "functions whose doc comemnt includes `*mustdefer*` must be invoked with the defer keyword",
Run: run,
Requires: []*analysis.Analyzer{inspect.Analyzer},
}
return &analyzer
}
With a main function like this:
func main() {
singlechecker.Main(analyzer.NewAnalyzer())
}
This is invoked like this:
$ ../investigations/golangci-custom-lint/mustdefer/main ./...
/Users/willmurphy/work/syft-clean/syft/linux/identify_release.go:74:4: internal.CloseAndLogError must be called in defer
/Users/willmurphy/work/syft-clean/syft/pkg/cataloger/generic/cataloger.go:132:3: internal.CloseAndLogError must be called in defer
/Users/willmurphy/work/syft-clean/syft/pkg/cataloger/golang/parse_go_binary.go:70:2: internal.CloseAndLogError must be called in defer
/Users/willmurphy/work/syft-clean/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go:595:3: internal.CloseAndLogError must be called in defer
from syft.
Related Issues (20)
- Regression in 1.1 cataloging openjdk: generates version containing a null byte HOT 13
- Syft reports some fw* packages, which are nowhere to find HOT 4
- Add support for dnf packages HOT 1
- Support Swift Package Manager Package.resolved schema version 3 HOT 2
- Catalog TiDB binary
- Redis not listed in the artifact lists of the bitnami/redis image HOT 2
- License not pickedup for binaries like java (openjdk), node (nodejs) HOT 4
- Ignore Go compiler affecting CVE when Docker image only contains a binary compiled with Go HOT 2
- Pom parser not resolving all dependency versions
- SBOM is generated with empty name HOT 4
- components inside tar.gz / tgz not picked up HOT 2
- Golang: Search remote licenses not working in a CI pipeline when scanning Docker image HOT 5
- Clearly document the fact that CPE strings could be made up HOT 1
- Recognition of files in a folder works inconsistently between Linux distributions. HOT 1
- New version 1.3.0 leads to "too many open files" while scanning bigger images HOT 1
- Add `bun-lock-cataloger` & `bun-binary-cataloger` catalogers HOT 1
- Binary copied to image omitted from SBOM HOT 4
- Relationships / Dependencies are present in Syft json and SPDX json files but not in Cyclonedx json file format HOT 3
- Not all the packages are getting imported in Blackduck scanner HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syft.