Fix the rule G108/pporf to handle the case when the pporf import has not name

This is causing a crash.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2019-09-24 10:10:00 +02:00 committed by Grant Murphy
parent b504783a71
commit 29341f6e9c
2 changed files with 17 additions and 2 deletions

View file

@ -20,7 +20,7 @@ func (p *pprofCheck) ID() string {
// Match checks for pprof imports // Match checks for pprof imports
func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) { func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
if node, ok := n.(*ast.ImportSpec); ok { if node, ok := n.(*ast.ImportSpec); ok {
if p.importPath == unquote(node.Path.Value) && p.importName == node.Name.Name { if p.importPath == unquote(node.Path.Value) && node.Name != nil && p.importName == node.Name.Name {
return gosec.NewIssue(c, node, p.ID(), p.What, p.Severity, p.Confidence), nil return gosec.NewIssue(c, node, p.ID(), p.What, p.Severity, p.Confidence), nil
} }
} }

View file

@ -420,7 +420,22 @@ func main() {
fmt.Fprintf(w, "Hello World!") fmt.Fprintf(w, "Hello World!")
}) })
log.Fatal(http.ListenAndServe(":8080", nil)) log.Fatal(http.ListenAndServe(":8080", nil))
}`}, 1, gosec.NewConfig()}} }`}, 1, gosec.NewConfig()}, {[]string{`
package main
import (
"fmt"
"log"
"net/http"
"net/http/pprof"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello World!")
})
log.Fatal(http.ListenAndServe(":8080", nil))
}`}, 0, gosec.NewConfig()}}
// SampleCodeG201 - SQL injection via format string // SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{ SampleCodeG201 = []CodeSample{
{[]string{` {[]string{`