mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Removed wrapping feature (#238)
This commit is contained in:
parent
419c9292c8
commit
145f1a0bf4
2 changed files with 1 additions and 44 deletions
|
@ -40,17 +40,6 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
||||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Look at the last selector identity for methods matching net/http's
|
|
||||||
if node, ok := n.(*ast.CallExpr); ok {
|
|
||||||
if selExpr, ok := node.Fun.(*ast.SelectorExpr); ok {
|
|
||||||
// Pull last selector's identity name and compare to net/http methods
|
|
||||||
if r.Contains("net/http", selExpr.Sel.Name) {
|
|
||||||
if r.ResolveVar(node, c) {
|
|
||||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -228,39 +228,7 @@ func main() {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
}
|
}
|
||||||
fmt.Println(resp.Status)
|
fmt.Println(resp.Status)
|
||||||
}`, 0}, {`
|
}`, 0}}
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
"fmt"
|
|
||||||
"os"
|
|
||||||
"strconv"
|
|
||||||
)
|
|
||||||
|
|
||||||
type httpWrapper struct {
|
|
||||||
DesiredCode string
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *httpWrapper) Get(url string) (*http.Response, error) {
|
|
||||||
return http.Get(url)
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
code := os.Getenv("STATUS_CODE")
|
|
||||||
var url = os.Getenv("URL")
|
|
||||||
client := httpWrapper{code}
|
|
||||||
resp1, err1 := client.Get(url)
|
|
||||||
if err1 != nil {
|
|
||||||
fmt.Println(err1)
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
if strconv.Itoa(resp1.StatusCode) == client.DesiredCode {
|
|
||||||
fmt.Println("True")
|
|
||||||
} else {
|
|
||||||
fmt.Println("False")
|
|
||||||
}
|
|
||||||
}`, 2}}
|
|
||||||
// SampleCodeG201 - SQL injection via format string
|
// SampleCodeG201 - SQL injection via format string
|
||||||
SampleCodeG201 = []CodeSample{
|
SampleCodeG201 = []CodeSample{
|
||||||
{`
|
{`
|
||||||
|
|
Loading…
Reference in a new issue