gosec/rules/pprof.go

44 lines
1.1 KiB
Go
Raw Normal View History

package rules
import (
"go/ast"
"github.com/securego/gosec/v2"
2023-02-15 19:44:13 +00:00
"github.com/securego/gosec/v2/issue"
)
type pprofCheck struct {
2023-02-15 19:44:13 +00:00
issue.MetaData
importPath string
importName string
}
// ID returns the ID of the check
func (p *pprofCheck) ID() string {
return p.MetaData.ID
}
// Match checks for pprof imports
2023-02-15 19:44:13 +00:00
func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
if node, ok := n.(*ast.ImportSpec); ok {
if p.importPath == unquote(node.Path.Value) && node.Name != nil && p.importName == node.Name.Name {
2023-02-15 19:44:13 +00:00
return c.NewIssue(node, p.ID(), p.What, p.Severity, p.Confidence), nil
}
}
return nil, nil
}
// NewPprofCheck detects when the profiling endpoint is automatically exposed
func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
return &pprofCheck{
2023-02-15 19:44:13 +00:00
MetaData: issue.MetaData{
ID: id,
2023-02-15 19:44:13 +00:00
Severity: issue.High,
Confidence: issue.High,
What: "Profiling endpoint is automatically exposed on /debug/pprof",
},
importPath: "net/http/pprof",
importName: "_",
}, []ast.Node{(*ast.ImportSpec)(nil)}
}