mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call
This commit is contained in:
parent
f14f17fb1d
commit
9b32fcac16
2 changed files with 51 additions and 3 deletions
|
@ -37,9 +37,21 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*gose
|
|||
if callExpr == nil {
|
||||
return nil, nil
|
||||
}
|
||||
if arg, err := gosec.GetString(callExpr.Args[1]); err == nil {
|
||||
if r.pattern.MatchString(arg) {
|
||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
if len(callExpr.Args) > 1 {
|
||||
arg := callExpr.Args[1]
|
||||
if bl, ok := arg.(*ast.BasicLit); ok {
|
||||
if arg, err := gosec.GetString(bl); err == nil {
|
||||
if r.pattern.MatchString(arg) {
|
||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if len(callExpr.Args) > 0 {
|
||||
values := gosec.GetCallStringArgsValues(callExpr.Args[0], c)
|
||||
for _, value := range values {
|
||||
if r.pattern.MatchString(value) {
|
||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil, nil
|
||||
|
|
|
@ -98,6 +98,42 @@ func main() {
|
|||
log.Fatal(err)
|
||||
}
|
||||
defer l.Close()
|
||||
}`}, 1},
|
||||
// Bind to all networks indirectly through a parsing function
|
||||
{[]string{`
|
||||
package main
|
||||
import (
|
||||
"log"
|
||||
"net"
|
||||
)
|
||||
func parseListenAddr(listenAddr string) (network string, addr string) {
|
||||
return "", ""
|
||||
}
|
||||
func main() {
|
||||
addr := ":2000"
|
||||
l, err := net.Listen(parseListenAddr(addr))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer l.Close()
|
||||
}`}, 1},
|
||||
// Bind to all networks indirectly through a parsing function
|
||||
{[]string{`
|
||||
package main
|
||||
import (
|
||||
"log"
|
||||
"net"
|
||||
)
|
||||
const addr = ":2000"
|
||||
func parseListenAddr(listenAddr string) (network string, addr string) {
|
||||
return "", ""
|
||||
}
|
||||
func main() {
|
||||
l, err := net.Listen(parseListenAddr(addr))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer l.Close()
|
||||
}`}, 1},
|
||||
}
|
||||
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
|
||||
|
|
Loading…
Reference in a new issue