diff --git a/rules/pprof.go b/rules/pprof.go index cb2f462..9f5e8cd 100644 --- a/rules/pprof.go +++ b/rules/pprof.go @@ -20,7 +20,7 @@ func (p *pprofCheck) ID() string { // Match checks for pprof imports func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) { if node, ok := n.(*ast.ImportSpec); ok { - if p.importPath == unquote(node.Path.Value) && p.importName == node.Name.Name { + if p.importPath == unquote(node.Path.Value) && node.Name != nil && p.importName == node.Name.Name { return gosec.NewIssue(c, node, p.ID(), p.What, p.Severity, p.Confidence), nil } } diff --git a/testutils/source.go b/testutils/source.go index 1f98d68..8d7360c 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -420,7 +420,22 @@ func main() { fmt.Fprintf(w, "Hello World!") }) log.Fatal(http.ListenAndServe(":8080", nil)) -}`}, 1, gosec.NewConfig()}} +}`}, 1, gosec.NewConfig()}, {[]string{` +package main + +import ( + "fmt" + "log" + "net/http" + "net/http/pprof" +) + +func main() { + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, "Hello World!") + }) + log.Fatal(http.ListenAndServe(":8080", nil)) +}`}, 0, gosec.NewConfig()}} // SampleCodeG201 - SQL injection via format string SampleCodeG201 = []CodeSample{ {[]string{`