如何禁用 "TLS InsecureSkipVerify may be true" 错误
How can I disable "TLS InsecureSkipVerify may be true" error
我有这样的代码:
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
当我 运行 golangci-lint run
它识别 nolint
指令并忽略该错误,但是当 Sonarqube 运行s 它一直失败并显示消息“TLS InsecureSkipVerify 可能是真的
这个问题 https://github.com/securego/gosec/issues/278 讨论了在评论中使用 #nosec
来禁用该错误。
这里讲的是在语句https://github.com/securego/gosec/issues/278#issuecomment-745209803
的特定部分使用它
所以我试过了:
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
// NOSONAR #nosec
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(), // NOSONAR #nosec
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(), /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: cfg.GetRedisInsecure(), /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: cfg.GetRedisInsecure() /* #nosec */, /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: /* #nosec */ cfg.GetRedisInsecure() /* #nosec */, /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify /* #nosec */ :/* #nosec */ cfg.GetRedisInsecure(), /* #nosec */
}
}
我已经在gosec项目中打开了这个问题https://github.com/securego/gosec/issues/780
在 gosec 中我还能做什么来忽略这个?
我有这样的代码:
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
当我 运行 golangci-lint run
它识别 nolint
指令并忽略该错误,但是当 Sonarqube 运行s 它一直失败并显示消息“TLS InsecureSkipVerify 可能是真的
这个问题 https://github.com/securego/gosec/issues/278 讨论了在评论中使用 #nosec
来禁用该错误。
这里讲的是在语句https://github.com/securego/gosec/issues/278#issuecomment-745209803
所以我试过了:
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
// NOSONAR #nosec
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(), // NOSONAR #nosec
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(),
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
InsecureSkipVerify: cfg.GetRedisInsecure(), /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: cfg.GetRedisInsecure(), /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: cfg.GetRedisInsecure() /* #nosec */, /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify: /* #nosec */ cfg.GetRedisInsecure() /* #nosec */, /* #nosec */
}
}
和
if cfg.GetRedisTLS() {
clientOpts.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
//nolint:gosec // NOSONAR #nosec need insecure TLS option for testing and development
/* #nosec */ InsecureSkipVerify /* #nosec */ :/* #nosec */ cfg.GetRedisInsecure(), /* #nosec */
}
}
我已经在gosec项目中打开了这个问题https://github.com/securego/gosec/issues/780
在 gosec 中我还能做什么来忽略这个?