Merge pull request #211 from WillAbides/commandcontext

Make G204 look for CommandContext calls
2024-11-06 03:55:50 +00:00 · 2018-07-26 16:48:42 +02:00 · 2018-07-26 16:48:42 +02:00 · 5ba647528a
commit 5ba647528a
parent 2785f7aaf8 1f9d09d456
2 changed files with 14 additions and 0 deletions
--- a/rules/subproc.go
+++ b/rules/subproc.go
@ -58,6 +58,7 @@ func (r *subprocess) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
 func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &subprocess{gosec.MetaData{ID: id}, gosec.NewCallList()}
 	rule.Add("os/exec", "Command")
+	rule.Add("os/exec", "CommandContext")
 	rule.Add("syscall", "Exec")
 	return rule, []ast.Node{(*ast.CallExpr)(nil)}
 }
--- a/testutils/source.go
+++ b/testutils/source.go
@ -408,6 +408,19 @@ func main() {
  	log.Printf("Command finished with error: %v", err)
 }`, 1}, {`
 package main
+import (
+	"log"
+	"os/exec"
+	"context"
+)
+func main() {
+	err := exec.CommandContext(context.Background(), "sleep", "5").Run()
+ 	if err != nil {
+		log.Fatal(err)
+	}
+  	log.Printf("Command finished with error: %v", err)
+}`, 1}, {`
+package main
 import (
 	"log"
 	"os"