Removed wrapping feature (#238)

This commit is contained in:
cschoenduve-splunk 2018-09-04 09:08:37 -07:00 committed by Cosmin Cojocar
parent 419c9292c8
commit 145f1a0bf4
2 changed files with 1 additions and 44 deletions

View file

@ -40,17 +40,6 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
}
}
// Look at the last selector identity for methods matching net/http's
if node, ok := n.(*ast.CallExpr); ok {
if selExpr, ok := node.Fun.(*ast.SelectorExpr); ok {
// Pull last selector's identity name and compare to net/http methods
if r.Contains("net/http", selExpr.Sel.Name) {
if r.ResolveVar(node, c) {
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
}
}
}
}
return nil, nil
}

View file

@ -228,39 +228,7 @@ func main() {
fmt.Println(err)
}
fmt.Println(resp.Status)
}`, 0}, {`
package main
import (
"net/http"
"fmt"
"os"
"strconv"
)
type httpWrapper struct {
DesiredCode string
}
func (c *httpWrapper) Get(url string) (*http.Response, error) {
return http.Get(url)
}
func main() {
code := os.Getenv("STATUS_CODE")
var url = os.Getenv("URL")
client := httpWrapper{code}
resp1, err1 := client.Get(url)
if err1 != nil {
fmt.Println(err1)
os.Exit(1)
}
if strconv.Itoa(resp1.StatusCode) == client.DesiredCode {
fmt.Println("True")
} else {
fmt.Println("False")
}
}`, 2}}
}`, 0}}
// SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{
{`