mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Add os.Create to the readfile rule (#761)
This commit is contained in:
parent
75cc7dcd51
commit
7be6d4efb5
3 changed files with 36 additions and 3 deletions
|
@ -246,7 +246,7 @@ func printReport(format string, color bool, rootPaths []string, reportInfo *gose
|
||||||
}
|
}
|
||||||
|
|
||||||
func saveReport(filename, format string, rootPaths []string, reportInfo *gosec.ReportInfo) error {
|
func saveReport(filename, format string, rootPaths []string, reportInfo *gosec.ReportInfo) error {
|
||||||
outfile, err := os.Create(filename)
|
outfile, err := os.Create(filename) //#nosec G304
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -125,5 +125,6 @@ func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule.Add("os", "ReadFile")
|
rule.Add("os", "ReadFile")
|
||||||
rule.Add("os", "Open")
|
rule.Add("os", "Open")
|
||||||
rule.Add("os", "OpenFile")
|
rule.Add("os", "OpenFile")
|
||||||
|
rule.Add("os", "Create")
|
||||||
return rule, []ast.Node{(*ast.CallExpr)(nil)}
|
return rule, []ast.Node{(*ast.CallExpr)(nil)}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1891,7 +1891,8 @@ func main() {
|
||||||
}`}, 9, gosec.NewConfig()}}
|
}`}, 9, gosec.NewConfig()}}
|
||||||
|
|
||||||
// SampleCodeG304 - potential file inclusion vulnerability
|
// SampleCodeG304 - potential file inclusion vulnerability
|
||||||
SampleCodeG304 = []CodeSample{{[]string{`
|
SampleCodeG304 = []CodeSample{
|
||||||
|
{[]string{`
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -2086,7 +2087,38 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
`}, 0, gosec.NewConfig()}}
|
`}, 0, gosec.NewConfig()}, {[]string{`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
func createFile(file string) *os.File {
|
||||||
|
f, err := os.Create(file)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return f
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
s, err := os.Open("src")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
d := createFile("dst")
|
||||||
|
defer d.Close()
|
||||||
|
|
||||||
|
_, err = io.Copy(d, s)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
|
}
|
||||||
|
|
||||||
// SampleCodeG305 - File path traversal when extracting zip/tar archives
|
// SampleCodeG305 - File path traversal when extracting zip/tar archives
|
||||||
SampleCodeG305 = []CodeSample{{[]string{`
|
SampleCodeG305 = []CodeSample{{[]string{`
|
||||||
|
|
Loading…
Reference in a new issue