diff --git a/rules/sql.go b/rules/sql.go index 8214047..7aed1b6 100644 --- a/rules/sql.go +++ b/rules/sql.go @@ -134,6 +134,11 @@ func (s *sqlStrFormat) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) } } + // no formatter + if len(node.Args) == 0 { + return nil, nil + } + var formatter string // concats callexpr arg strings together if needed before regex evaluation diff --git a/testutils/source.go b/testutils/source.go index 6a67ee7..d680851 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -309,6 +309,14 @@ func main(){ panic(err) } defer rows.Close() +}`}, 0}, {[]string{` +package main +import ( + "fmt" +) + +func main(){ + fmt.Sprintln() }`}, 0}} // SampleCodeG202 - SQL query string building via string concatenation