mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
parent
1418b856ea
commit
8630c43b66
3 changed files with 36 additions and 17 deletions
|
@ -215,7 +215,7 @@ var _ = Describe("Analyzer", func() {
|
|||
})
|
||||
|
||||
It("should pass the build tags", func() {
|
||||
sample := testutils.SampleCode601[0]
|
||||
sample := testutils.SampleCodeBuildTag[0]
|
||||
source := sample.Code[0]
|
||||
analyzer.LoadRules(rules.Generate().Builders())
|
||||
pkg := testutils.NewTestPackage()
|
||||
|
|
|
@ -2,9 +2,10 @@ package rules
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/securego/gosec/v2"
|
||||
"go/ast"
|
||||
"go/token"
|
||||
|
||||
"github.com/securego/gosec/v2"
|
||||
)
|
||||
|
||||
type implicitAliasing struct {
|
||||
|
@ -33,20 +34,23 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, er
|
|||
// When presented with a range statement, get the underlying Object bound to
|
||||
// by assignment and add it to our set (r.aliases) of objects to check for.
|
||||
if key, ok := node.Value.(*ast.Ident); ok {
|
||||
if assignment, ok := key.Obj.Decl.(*ast.AssignStmt); ok {
|
||||
if len(assignment.Lhs) < 2 {
|
||||
return nil, nil
|
||||
}
|
||||
if key.Obj != nil {
|
||||
if assignment, ok := key.Obj.Decl.(*ast.AssignStmt); ok {
|
||||
if len(assignment.Lhs) < 2 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
if object, ok := assignment.Lhs[1].(*ast.Ident); ok {
|
||||
r.aliases[object.Obj] = struct{}{}
|
||||
if object, ok := assignment.Lhs[1].(*ast.Ident); ok {
|
||||
r.aliases[object.Obj] = struct{}{}
|
||||
|
||||
if r.rightBrace < node.Body.Rbrace {
|
||||
r.rightBrace = node.Body.Rbrace
|
||||
if r.rightBrace < node.Body.Rbrace {
|
||||
r.rightBrace = node.Body.Rbrace
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
case *ast.UnaryExpr:
|
||||
// If this unary expression is outside of the last range statement we were looking at
|
||||
// then clear the list of objects we're concerned about because they're no longer in
|
||||
|
|
|
@ -1849,13 +1849,14 @@ func main() {
|
|||
}
|
||||
}`}, 1, gosec.NewConfig()}}
|
||||
|
||||
// SampleCodeG601 - Implicit ForRange aliasing
|
||||
SampleCodeG601 = []CodeSample{{[]string{`package main
|
||||
// SampleCodeG601 - Implicit aliasing over range statement
|
||||
SampleCodeG601 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
var vector []*string
|
||||
|
||||
func appendVector(s *string) {
|
||||
vector = append(vector, s)
|
||||
}
|
||||
|
@ -1882,12 +1883,26 @@ func main() {
|
|||
|
||||
zero, c_star, c := foo()
|
||||
fmt.Printf("%d %v %s", zero, c_start, c)
|
||||
}`}, 1, gosec.NewConfig()}}
|
||||
}`,
|
||||
}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
// see: github.com/securego/gosec/issues/475
|
||||
package main
|
||||
import (
|
||||
"fmt"
|
||||
)
|
||||
func main() {
|
||||
sampleMap := map[string]string{}
|
||||
sampleString := "A string"
|
||||
for sampleString, _ = range sampleMap {
|
||||
fmt.Println(sampleString)
|
||||
}
|
||||
}`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
|
||||
// SampleCode601 - Go build tags
|
||||
SampleCode601 = []CodeSample{{[]string{`
|
||||
// SampleCodeBuildTag - G601 build tags
|
||||
SampleCodeBuildTag = []CodeSample{{[]string{`
|
||||
// +build tag
|
||||
|
||||
package main
|
||||
func main() {
|
||||
fmt.Println("no package imported error")
|
||||
|
|
Loading…
Reference in a new issue