From bf4a66a07d618628f6a26609404cb5c608e99ff8 Mon Sep 17 00:00:00 2001
From: Ludovic Fernandez <ldez@users.noreply.github.com>
Date: Wed, 4 Sep 2024 20:49:53 +0200
Subject: [PATCH] gosec: disable G407 (#4983)

---
 .golangci.next.reference.yml             | 2 --
 jsonschema/golangci.next.jsonschema.json | 1 -
 pkg/golinters/gosec/gosec.go             | 5 +++++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.golangci.next.reference.yml b/.golangci.next.reference.yml
index b227a3ec4a8b..4d5d5c88aad3 100644
--- a/.golangci.next.reference.yml
+++ b/.golangci.next.reference.yml
@@ -876,7 +876,6 @@ linters-settings:
       - G404 # Insecure random number source (rand)
       - G405 # Detect the usage of DES or RC4
       - G406 # Detect the usage of MD4 or RIPEMD160
-      - G407 # Detect the usage of hardcoded Initialization Vector(IV)/Nonce
       - G501 # Import blocklist: crypto/md5
       - G502 # Import blocklist: crypto/des
       - G503 # Import blocklist: crypto/rc4
@@ -922,7 +921,6 @@ linters-settings:
       - G404 # Insecure random number source (rand)
       - G405 # Detect the usage of DES or RC4
       - G406 # Detect the usage of MD4 or RIPEMD160
-      - G407 # Detect the usage of hardcoded Initialization Vector(IV)/Nonce
       - G501 # Import blocklist: crypto/md5
       - G502 # Import blocklist: crypto/des
       - G503 # Import blocklist: crypto/rc4
diff --git a/jsonschema/golangci.next.jsonschema.json b/jsonschema/golangci.next.jsonschema.json
index d90e78ba662d..e137b14c6d39 100644
--- a/jsonschema/golangci.next.jsonschema.json
+++ b/jsonschema/golangci.next.jsonschema.json
@@ -155,7 +155,6 @@
         "G404",
         "G405",
         "G406",
-        "G407",
         "G501",
         "G502",
         "G503",
diff --git a/pkg/golinters/gosec/gosec.go b/pkg/golinters/gosec/gosec.go
index 3e362d729375..a5367399b8fb 100644
--- a/pkg/golinters/gosec/gosec.go
+++ b/pkg/golinters/gosec/gosec.go
@@ -33,6 +33,11 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter {
 	var ruleFilters []rules.RuleFilter
 	var analyzerFilters []analyzers.AnalyzerFilter
 	if settings != nil {
+		// TODO(ldez) to remove when the problem will be fixed by gosec.
+		// https://github.com/securego/gosec/issues/1211
+		// https://github.com/securego/gosec/issues/1209
+		settings.Excludes = append(settings.Excludes, "G407")
+
 		ruleFilters = createRuleFilters(settings.Includes, settings.Excludes)
 		analyzerFilters = createAnalyzerFilters(settings.Includes, settings.Excludes)
 		conf = toGosecConfig(settings)