mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Fix the rule G108/pporf to handle the case when the pporf import has not name
This is causing a crash. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
b504783a71
commit
29341f6e9c
2 changed files with 17 additions and 2 deletions
|
@ -20,7 +20,7 @@ func (p *pprofCheck) ID() string {
|
||||||
// Match checks for pprof imports
|
// Match checks for pprof imports
|
||||||
func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
||||||
if node, ok := n.(*ast.ImportSpec); ok {
|
if node, ok := n.(*ast.ImportSpec); ok {
|
||||||
if p.importPath == unquote(node.Path.Value) && p.importName == node.Name.Name {
|
if p.importPath == unquote(node.Path.Value) && node.Name != nil && p.importName == node.Name.Name {
|
||||||
return gosec.NewIssue(c, node, p.ID(), p.What, p.Severity, p.Confidence), nil
|
return gosec.NewIssue(c, node, p.ID(), p.What, p.Severity, p.Confidence), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -420,7 +420,22 @@ func main() {
|
||||||
fmt.Fprintf(w, "Hello World!")
|
fmt.Fprintf(w, "Hello World!")
|
||||||
})
|
})
|
||||||
log.Fatal(http.ListenAndServe(":8080", nil))
|
log.Fatal(http.ListenAndServe(":8080", nil))
|
||||||
}`}, 1, gosec.NewConfig()}}
|
}`}, 1, gosec.NewConfig()}, {[]string{`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"net/http/pprof"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
fmt.Fprintf(w, "Hello World!")
|
||||||
|
})
|
||||||
|
log.Fatal(http.ListenAndServe(":8080", nil))
|
||||||
|
}`}, 0, gosec.NewConfig()}}
|
||||||
// SampleCodeG201 - SQL injection via format string
|
// SampleCodeG201 - SQL injection via format string
|
||||||
SampleCodeG201 = []CodeSample{
|
SampleCodeG201 = []CodeSample{
|
||||||
{[]string{`
|
{[]string{`
|
||||||
|
|
Loading…
Reference in a new issue