mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 20:15:54 +00:00
Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call
This commit is contained in:
parent
f14f17fb1d
commit
9b32fcac16
2 changed files with 51 additions and 3 deletions
|
@ -37,9 +37,21 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*gose
|
||||||
if callExpr == nil {
|
if callExpr == nil {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
if arg, err := gosec.GetString(callExpr.Args[1]); err == nil {
|
if len(callExpr.Args) > 1 {
|
||||||
if r.pattern.MatchString(arg) {
|
arg := callExpr.Args[1]
|
||||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
if bl, ok := arg.(*ast.BasicLit); ok {
|
||||||
|
if arg, err := gosec.GetString(bl); err == nil {
|
||||||
|
if r.pattern.MatchString(arg) {
|
||||||
|
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if len(callExpr.Args) > 0 {
|
||||||
|
values := gosec.GetCallStringArgsValues(callExpr.Args[0], c)
|
||||||
|
for _, value := range values {
|
||||||
|
if r.pattern.MatchString(value) {
|
||||||
|
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
|
|
@ -98,6 +98,42 @@ func main() {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
defer l.Close()
|
defer l.Close()
|
||||||
|
}`}, 1},
|
||||||
|
// Bind to all networks indirectly through a parsing function
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
"net"
|
||||||
|
)
|
||||||
|
func parseListenAddr(listenAddr string) (network string, addr string) {
|
||||||
|
return "", ""
|
||||||
|
}
|
||||||
|
func main() {
|
||||||
|
addr := ":2000"
|
||||||
|
l, err := net.Listen(parseListenAddr(addr))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
defer l.Close()
|
||||||
|
}`}, 1},
|
||||||
|
// Bind to all networks indirectly through a parsing function
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
"net"
|
||||||
|
)
|
||||||
|
const addr = ":2000"
|
||||||
|
func parseListenAddr(listenAddr string) (network string, addr string) {
|
||||||
|
return "", ""
|
||||||
|
}
|
||||||
|
func main() {
|
||||||
|
l, err := net.Listen(parseListenAddr(addr))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
defer l.Close()
|
||||||
}`}, 1},
|
}`}, 1},
|
||||||
}
|
}
|
||||||
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
|
// SampleCodeG103 find instances of unsafe blocks for auditing purposes
|
||||||
|
|
Loading…
Reference in a new issue