From 145f1a0bf413089fb73a26c7859887afe39aadfa Mon Sep 17 00:00:00 2001 From: cschoenduve-splunk <40579479+cschoenduve-splunk@users.noreply.github.com> Date: Tue, 4 Sep 2018 09:08:37 -0700 Subject: [PATCH] Removed wrapping feature (#238) --- rules/ssrf.go | 11 ----------- testutils/source.go | 34 +--------------------------------- 2 files changed, 1 insertion(+), 44 deletions(-) diff --git a/rules/ssrf.go b/rules/ssrf.go index 3185517..9be9b40 100644 --- a/rules/ssrf.go +++ b/rules/ssrf.go @@ -40,17 +40,6 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) { return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil } } - // Look at the last selector identity for methods matching net/http's - if node, ok := n.(*ast.CallExpr); ok { - if selExpr, ok := node.Fun.(*ast.SelectorExpr); ok { - // Pull last selector's identity name and compare to net/http methods - if r.Contains("net/http", selExpr.Sel.Name) { - if r.ResolveVar(node, c) { - return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil - } - } - } - } return nil, nil } diff --git a/testutils/source.go b/testutils/source.go index 34d5c35..e0a6834 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -228,39 +228,7 @@ func main() { fmt.Println(err) } fmt.Println(resp.Status) -}`, 0}, {` -package main - -import ( - "net/http" - "fmt" - "os" - "strconv" -) - -type httpWrapper struct { - DesiredCode string -} - -func (c *httpWrapper) Get(url string) (*http.Response, error) { - return http.Get(url) -} - -func main() { - code := os.Getenv("STATUS_CODE") - var url = os.Getenv("URL") - client := httpWrapper{code} - resp1, err1 := client.Get(url) - if err1 != nil { - fmt.Println(err1) - os.Exit(1) - } - if strconv.Itoa(resp1.StatusCode) == client.DesiredCode { - fmt.Println("True") - } else { - fmt.Println("False") - } -}`, 2}} +}`, 0}} // SampleCodeG201 - SQL injection via format string SampleCodeG201 = []CodeSample{ {`