mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 03:25:53 +00:00
Extend the insecure random rule with more insecure random functions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
af699f6a62
commit
6bbf8f9cbc
2 changed files with 2 additions and 2 deletions
|
@ -37,7 +37,6 @@ import (
|
|||
// node, matched := MatchCallByPackage(n, ctx, "math/rand", "Read")
|
||||
//
|
||||
func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) {
|
||||
|
||||
importedName, found := GetImportedName(pkg, c)
|
||||
if !found {
|
||||
return nil, false
|
||||
|
|
|
@ -43,7 +43,8 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
|||
// NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
|
||||
func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||
return &weakRand{
|
||||
funcNames: []string{"Read", "Int"},
|
||||
funcNames: []string{"New", "Read", "Float32", "Float64", "Int", "Int31",
|
||||
"Int31n", "Int63", "Int63n", "Intn", "NormalFloat64", "Uint32", "Uint64"},
|
||||
packagePath: "math/rand",
|
||||
MetaData: gosec.MetaData{
|
||||
ID: id,
|
||||
|
|
Loading…
Reference in a new issue