G303: catch with os.WriteFile, add os.Create test case (#718)

* Add G303 os.Create test case

* Catch G303 with os.WriteFile too
This commit is contained in:
Ville Skyttä 2021-11-09 22:13:45 +02:00 committed by GitHub
parent 873ac243ea
commit 40fa36d1de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 2 deletions

View file

@ -44,7 +44,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *gosec.Issue, err
func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
calls := gosec.NewCallList()
calls.Add("io/ioutil", "WriteFile")
calls.Add("os", "Create")
calls.AddAll("os", "Create", "WriteFile")
return &badTempFile{
calls: calls,
args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`),

View file

@ -1757,6 +1757,7 @@ package samples
import (
"fmt"
"io/ioutil"
"os"
)
func main() {
@ -1764,7 +1765,17 @@ func main() {
if err != nil {
fmt.Println("Error while writing!")
}
}`}, 1, gosec.NewConfig()}}
f, err := os.Create("/tmp/demo2")
if err != nil {
fmt.Println("Error while writing!")
} else if err = f.Close(); err != nil {
fmt.Println("Error while closing!")
}
err = os.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
}`}, 3, gosec.NewConfig()}}
// SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{{[]string{`