Add G204 rule for sys/execabs (#660)

* Add G204 rule for sys/execabs

* syntax error in testutils/sources.go
This commit is contained in:
Josh Kaufman 2021-07-01 11:43:25 -04:00 committed by GitHub
parent e936c84a90
commit 514f65f3c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions

View file

@ -81,5 +81,7 @@ func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
rule.Add("syscall", "Exec")
rule.Add("syscall", "ForkExec")
rule.Add("syscall", "StartProcess")
rule.Add("golang.org/x/sys/execabs", "Command")
rule.Add("golang.org/x/sys/execabs", "CommandContext")
return rule, []ast.Node{(*ast.CallExpr)(nil)}
}

View file

@ -1368,6 +1368,24 @@ func main() {
err = cmd.Wait()
log.Printf("Command finished with error: %v", err)
}`}, 0, gosec.NewConfig()},
{[]string{`
// exec.Command from supplemental package sys/execabs
// using variable arguments
package main
import (
"context"
"log"
"os"
exec "golang.org/x/sys/execabs"
)
func main() {
err := exec.CommandContext(context.Background(), os.Args[0], "5").Run()
if err != nil {
log.Fatal(err)
}
log.Printf("Command finished with error: %v", err)
}
`}, 1, gosec.NewConfig()},
}
// SampleCodeG301 - mkdir permission check