diff --git a/rules/tempfiles.go b/rules/tempfiles.go index 1eb2d73..63822c0 100644 --- a/rules/tempfiles.go +++ b/rules/tempfiles.go @@ -71,6 +71,7 @@ func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { argCalls.Add("os", "TempDir") nestedCalls := gosec.NewCallList() nestedCalls.Add("path", "Join") + nestedCalls.Add("path/filepath", "Join") return &badTempFile{ calls: calls, args: regexp.MustCompile(`^(/(usr|var))?/tmp(/.*)?$`), diff --git a/testutils/source.go b/testutils/source.go index 4bdbf72..717fab5 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -1759,6 +1759,7 @@ import ( "io/ioutil" "os" "path" + "path/filepath" ) func main() { @@ -1796,7 +1797,11 @@ func main() { if err != nil { fmt.Println("Error while writing!") } -}`}, 8, gosec.NewConfig()}} + err = os.WriteFile(filepath.Join(os.TempDir(), "demo2"), []byte("This is some data"), 0644) + if err != nil { + fmt.Println("Error while writing!") + } +}`}, 9, gosec.NewConfig()}} // SampleCodeG304 - potential file inclusion vulnerability SampleCodeG304 = []CodeSample{{[]string{`