From 41809946d461bcf365ab440a5d79bfbd1ce2ebbf Mon Sep 17 00:00:00 2001 From: Yuki Ito Date: Mon, 5 Nov 2018 17:28:47 +0900 Subject: [PATCH] Make G201 ignore CallExpr with no args (#262) --- rules/sql.go | 5 +++++ testutils/source.go | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/rules/sql.go b/rules/sql.go index 8214047..7aed1b6 100644 --- a/rules/sql.go +++ b/rules/sql.go @@ -134,6 +134,11 @@ func (s *sqlStrFormat) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) } } + // no formatter + if len(node.Args) == 0 { + return nil, nil + } + var formatter string // concats callexpr arg strings together if needed before regex evaluation diff --git a/testutils/source.go b/testutils/source.go index 6a67ee7..d680851 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -309,6 +309,14 @@ func main(){ panic(err) } defer rows.Close() +}`}, 0}, {[]string{` +package main +import ( + "fmt" +) + +func main(){ + fmt.Sprintln() }`}, 0}} // SampleCodeG202 - SQL query string building via string concatenation