Add rules package for custom ruleset support
What does this MR do?
This MR adds a rules
package for custom ruleset support. Analyzers can load custom rules by using the LoadRules()
which returns a single Rule
. That Rule
contains a description and passthrough
. You can read more about passthroughs on the issue related to this MR.
It is up to the analyzers to parse the value of the loaded rule to best override the default rules. The rules
package in common is only responsible for analyzer agnostic operations like extracting rules.
An implementation of custom rules might look something like this:
// Load custom config if available
rule, err := rules.LoadRule(rules.RulesPathSAST, "gosec")
if err != nil {
// If an err is returned that means we either couldn't load an optional custom ruleset file
// or the ruleset file did not include a `gosec` analyzer section.
// For both of these cases we should just log the error to debug as it shouldn't hold
// up continuing the analyzer scan since custom rules are optional.
log.Debug(err)
}
if rule.PassThrough.Type == "file" {
log.Info("Loading config from custom ruleset passthrough")
configPath := filepath.Join(projectPath, rule.PassThrough.Value)
st, err := os.Stat(configPath)
if err != nil {
return nil, err
} else if st.IsDir() {
return nil, fmt.Errorf("%q is a directory", configPath)
}
// Prepend -conf PATH to the arguments for gosec
gosecArgs = append([]string{"-conf", configPath}, gosecArgs...)
}
What are the relevant issue numbers?
gitlab-org/gitlab#235382 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles