actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-12-27 04:55:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

added test case for ssrf rule

Browse source
This commit is contained in:
Jovon Itwaru 2018-03-09 14:49:44 -05:00
parent 4179003d5b
commit 3f4f11a2f9
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
testutils/source.go
View file

@ -192,6 +192,29 @@ import (
func main() { func main() {
_ = ssh.InsecureIgnoreHostKey() _ = ssh.InsecureIgnoreHostKey()
}`, 1}} }`, 1}}
// SampleCodeG107 - SSRF via http requests with variable url
SampleCodeG107 = []CodeSample{{`
package main
import (
"net/http"
"io/ioutil"
"fmt"
)
func main() {
url := os.Getenv("tainted_url")
resp, err := http.Get(url)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Printf("%s", body)
}`, 1}}
// SampleCodeG201 - SQL injection via format string // SampleCodeG201 - SQL injection via format string
SampleCodeG201 = []CodeSample{ SampleCodeG201 = []CodeSample{
{` {`