mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Find G303 with filepath.Join'd temp dirs (#754)
This commit is contained in:
parent
19bda8d15f
commit
4c1afaa492
2 changed files with 7 additions and 1 deletions
|
@ -71,6 +71,7 @@ func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
|||
argCalls.Add("os", "TempDir")
|
||||
nestedCalls := gosec.NewCallList()
|
||||
nestedCalls.Add("path", "Join")
|
||||
nestedCalls.Add("path/filepath", "Join")
|
||||
return &badTempFile{
|
||||
calls: calls,
|
||||
args: regexp.MustCompile(`^(/(usr|var))?/tmp(/.*)?$`),
|
||||
|
|
|
@ -1759,6 +1759,7 @@ import (
|
|||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -1796,7 +1797,11 @@ func main() {
|
|||
if err != nil {
|
||||
fmt.Println("Error while writing!")
|
||||
}
|
||||
}`}, 8, gosec.NewConfig()}}
|
||||
err = os.WriteFile(filepath.Join(os.TempDir(), "demo2"), []byte("This is some data"), 0644)
|
||||
if err != nil {
|
||||
fmt.Println("Error while writing!")
|
||||
}
|
||||
}`}, 9, gosec.NewConfig()}}
|
||||
|
||||
// SampleCodeG304 - potential file inclusion vulnerability
|
||||
SampleCodeG304 = []CodeSample{{[]string{`
|
||||
|
|
Loading…
Reference in a new issue