mirror of
https://github.com/securego/gosec.git
synced 2024-11-06 03:55:50 +00:00
Add G204 rule for sys/execabs (#660)
* Add G204 rule for sys/execabs * syntax error in testutils/sources.go
This commit is contained in:
parent
e936c84a90
commit
514f65f3c3
2 changed files with 20 additions and 0 deletions
|
@ -81,5 +81,7 @@ func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule.Add("syscall", "Exec")
|
rule.Add("syscall", "Exec")
|
||||||
rule.Add("syscall", "ForkExec")
|
rule.Add("syscall", "ForkExec")
|
||||||
rule.Add("syscall", "StartProcess")
|
rule.Add("syscall", "StartProcess")
|
||||||
|
rule.Add("golang.org/x/sys/execabs", "Command")
|
||||||
|
rule.Add("golang.org/x/sys/execabs", "CommandContext")
|
||||||
return rule, []ast.Node{(*ast.CallExpr)(nil)}
|
return rule, []ast.Node{(*ast.CallExpr)(nil)}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1368,6 +1368,24 @@ func main() {
|
||||||
err = cmd.Wait()
|
err = cmd.Wait()
|
||||||
log.Printf("Command finished with error: %v", err)
|
log.Printf("Command finished with error: %v", err)
|
||||||
}`}, 0, gosec.NewConfig()},
|
}`}, 0, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
// exec.Command from supplemental package sys/execabs
|
||||||
|
// using variable arguments
|
||||||
|
package main
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
exec "golang.org/x/sys/execabs"
|
||||||
|
)
|
||||||
|
func main() {
|
||||||
|
err := exec.CommandContext(context.Background(), os.Args[0], "5").Run()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
log.Printf("Command finished with error: %v", err)
|
||||||
|
}
|
||||||
|
`}, 1, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
|
|
||||||
// SampleCodeG301 - mkdir permission check
|
// SampleCodeG301 - mkdir permission check
|
||||||
|
|
Loading…
Reference in a new issue