mirror of
https://github.com/securego/gosec.git
synced 2025-01-12 04:45:53 +00:00
Handle gracefully any panic that occurs when building the SSA representation of a package
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
ec31a3a691
commit
074353a2ab
1 changed files with 34 additions and 22 deletions
56
analyzer.go
56
analyzer.go
|
@ -282,7 +282,7 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
|
||||||
return pkgs, nil
|
return pkgs, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// CheckRules runs analysis on the given package
|
// CheckRules runs analysis on the given package.
|
||||||
func (gosec *Analyzer) CheckRules(pkg *packages.Package) {
|
func (gosec *Analyzer) CheckRules(pkg *packages.Package) {
|
||||||
gosec.logger.Println("Checking package:", pkg.Name)
|
gosec.logger.Println("Checking package:", pkg.Name)
|
||||||
for _, file := range pkg.Syntax {
|
for _, file := range pkg.Syntax {
|
||||||
|
@ -318,31 +318,14 @@ func (gosec *Analyzer) CheckRules(pkg *packages.Package) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// CheckAnalyzers runs analyzers on a given package
|
// CheckAnalyzers runs analyzers on a given package.
|
||||||
func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
||||||
ssaPass := &analysis.Pass{
|
ssaResult, err := gosec.buildSSA(pkg)
|
||||||
Analyzer: buildssa.Analyzer,
|
|
||||||
Fset: pkg.Fset,
|
|
||||||
Files: pkg.Syntax,
|
|
||||||
OtherFiles: pkg.OtherFiles,
|
|
||||||
IgnoredFiles: pkg.IgnoredFiles,
|
|
||||||
Pkg: pkg.Types,
|
|
||||||
TypesInfo: pkg.TypesInfo,
|
|
||||||
TypesSizes: pkg.TypesSizes,
|
|
||||||
ResultOf: nil,
|
|
||||||
Report: nil,
|
|
||||||
ImportObjectFact: nil,
|
|
||||||
ExportObjectFact: nil,
|
|
||||||
ImportPackageFact: nil,
|
|
||||||
ExportPackageFact: nil,
|
|
||||||
AllObjectFacts: nil,
|
|
||||||
AllPackageFacts: nil,
|
|
||||||
}
|
|
||||||
ssaResult, err := ssaPass.Analyzer.Run(ssaPass)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gosec.logger.Printf("Error running SSA analyser on package %q: %s", pkg.Name, err)
|
gosec.logger.Printf("Error building the SSA representation of the package %q: %s", pkg.Name, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
resultMap := map[*analysis.Analyzer]interface{}{
|
resultMap := map[*analysis.Analyzer]interface{}{
|
||||||
buildssa.Analyzer: &analyzers.SSAAnalyzerResult{
|
buildssa.Analyzer: &analyzers.SSAAnalyzerResult{
|
||||||
Config: gosec.Config(),
|
Config: gosec.Config(),
|
||||||
|
@ -384,6 +367,35 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
|
||||||
|
func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
|
||||||
|
defer func() {
|
||||||
|
if r := recover(); r != nil {
|
||||||
|
gosec.logger.Printf("Panic when running SSA analyser on package %q: %s", pkg.Name, r)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
ssaPass := &analysis.Pass{
|
||||||
|
Analyzer: buildssa.Analyzer,
|
||||||
|
Fset: pkg.Fset,
|
||||||
|
Files: pkg.Syntax,
|
||||||
|
OtherFiles: pkg.OtherFiles,
|
||||||
|
IgnoredFiles: pkg.IgnoredFiles,
|
||||||
|
Pkg: pkg.Types,
|
||||||
|
TypesInfo: pkg.TypesInfo,
|
||||||
|
TypesSizes: pkg.TypesSizes,
|
||||||
|
ResultOf: nil,
|
||||||
|
Report: nil,
|
||||||
|
ImportObjectFact: nil,
|
||||||
|
ExportObjectFact: nil,
|
||||||
|
ImportPackageFact: nil,
|
||||||
|
ExportPackageFact: nil,
|
||||||
|
AllObjectFacts: nil,
|
||||||
|
AllPackageFacts: nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
return ssaPass.Analyzer.Run(ssaPass)
|
||||||
|
}
|
||||||
|
|
||||||
func isGeneratedFile(file *ast.File) bool {
|
func isGeneratedFile(file *ast.File) bool {
|
||||||
for _, comment := range file.Comments {
|
for _, comment := range file.Comments {
|
||||||
for _, row := range comment.List {
|
for _, row := range comment.List {
|
||||||
|
|
Loading…
Reference in a new issue