Add io.CopyBuffer function to rule G110

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2024-11-05 19:45:51 +00:00 · 2020-07-27 09:21:51 +02:00 · 2020-07-27 09:21:51 +02:00 · 110b62b05f
commit 110b62b05f
parent 6bcd89aa6b
2 changed files with 30 additions and 1 deletions
--- a/rules/decompression-bomb.go
+++ b/rules/decompression-bomb.go
@ -95,6 +95,7 @@ func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.

 	copyCalls := gosec.NewCallList()
 	copyCalls.Add("io", "Copy")
+	copyCalls.Add("io", "CopyBuffer")

 	return &decompressionBombCheck{
 		MetaData: gosec.MetaData{
--- a/testutils/source.go
+++ b/testutils/source.go
@ -699,12 +699,40 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	io.Copy(os.Stdout, r)
+	_, err := io.Copy(os.Stdout, r)
+	if err != nil {
+		panic(err)
+	}

 	r.Close()
 }`}, 1, gosec.NewConfig()}, {[]string{`
 package main

+import (
+	"bytes"
+	"compress/zlib"
+	"io"
+	"os"
+)
+
+func main() {
+	buff := []byte{120, 156, 202, 72, 205, 201, 201, 215, 81, 40, 207,
+		47, 202, 73, 225, 2, 4, 0, 0, 255, 255, 33, 231, 4, 147}
+	b := bytes.NewReader(buff)
+
+	r, err := zlib.NewReader(b)
+	if err != nil {
+		panic(err)
+	}
+	buf := make([]byte, 8)
+	_, err := io.CopyBuffer(os.Stdout, r, buf)
+	if err != nil {
+		panic(err)
+	}
+	r.Close()
+}`}, 1, gosec.NewConfig()}, {[]string{`
+package main
+
 import (
 	"archive/zip"
 	"io"