mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Removed wrapping feature (#238)
This commit is contained in:
parent
419c9292c8
commit
145f1a0bf4
2 changed files with 1 additions and 44 deletions
|
@ -40,17 +40,6 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
|||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
}
|
||||
// Look at the last selector identity for methods matching net/http's
|
||||
if node, ok := n.(*ast.CallExpr); ok {
|
||||
if selExpr, ok := node.Fun.(*ast.SelectorExpr); ok {
|
||||
// Pull last selector's identity name and compare to net/http methods
|
||||
if r.Contains("net/http", selExpr.Sel.Name) {
|
||||
if r.ResolveVar(node, c) {
|
||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -228,39 +228,7 @@ func main() {
|
|||
fmt.Println(err)
|
||||
}
|
||||
fmt.Println(resp.Status)
|
||||
}`, 0}, {`
|
||||
package main
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"fmt"
|
||||
"os"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
type httpWrapper struct {
|
||||
DesiredCode string
|
||||
}
|
||||
|
||||
func (c *httpWrapper) Get(url string) (*http.Response, error) {
|
||||
return http.Get(url)
|
||||
}
|
||||
|
||||
func main() {
|
||||
code := os.Getenv("STATUS_CODE")
|
||||
var url = os.Getenv("URL")
|
||||
client := httpWrapper{code}
|
||||
resp1, err1 := client.Get(url)
|
||||
if err1 != nil {
|
||||
fmt.Println(err1)
|
||||
os.Exit(1)
|
||||
}
|
||||
if strconv.Itoa(resp1.StatusCode) == client.DesiredCode {
|
||||
fmt.Println("True")
|
||||
} else {
|
||||
fmt.Println("False")
|
||||
}
|
||||
}`, 2}}
|
||||
}`, 0}}
|
||||
// SampleCodeG201 - SQL injection via format string
|
||||
SampleCodeG201 = []CodeSample{
|
||||
{`
|
||||
|
|
Loading…
Reference in a new issue