gosec: disable G407 (#4983)

Author: ldez

.golangci.next.reference.yml

@@ -876,7 +876,6 @@ linters-settings:
       - G404 # Insecure random number source (rand)
       - G405 # Detect the usage of DES or RC4
       - G406 # Detect the usage of MD4 or RIPEMD160
-      - G407 # Detect the usage of hardcoded Initialization Vector(IV)/Nonce
       - G501 # Import blocklist: crypto/md5
       - G502 # Import blocklist: crypto/des
       - G503 # Import blocklist: crypto/rc4
@@ -922,7 +921,6 @@ linters-settings:
       - G404 # Insecure random number source (rand)
       - G405 # Detect the usage of DES or RC4
       - G406 # Detect the usage of MD4 or RIPEMD160
-      - G407 # Detect the usage of hardcoded Initialization Vector(IV)/Nonce
       - G501 # Import blocklist: crypto/md5
       - G502 # Import blocklist: crypto/des
       - G503 # Import blocklist: crypto/rc4

jsonschema/golangci.next.jsonschema.json

@@ -155,7 +155,6 @@
         "G404",
         "G405",
         "G406",
-        "G407",
         "G501",
         "G502",
         "G503",

pkg/golinters/gosec/gosec.go

@@ -33,6 +33,11 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter {
 	var ruleFilters []rules.RuleFilter
 	var analyzerFilters []analyzers.AnalyzerFilter
 	if settings != nil {
+		// TODO(ldez) to remove when the problem will be fixed by gosec.
+		// https://github.com/securego/gosec/issues/1211
+		// https://github.com/securego/gosec/issues/1209
+		settings.Excludes = append(settings.Excludes, "G407")
+
 		ruleFilters = createRuleFilters(settings.Includes, settings.Excludes)
 		analyzerFilters = createAnalyzerFilters(settings.Includes, settings.Excludes)
 		conf = toGosecConfig(settings)