mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Fix for G402. Check package path instead of package name (#838)
This commit is contained in:
parent
ea6d49d1b5
commit
a5982fb6a6
3 changed files with 48 additions and 9 deletions
32
helpers.go
32
helpers.go
|
@ -39,7 +39,10 @@ import (
|
|||
func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) {
|
||||
importedName, found := GetImportedName(pkg, c)
|
||||
if !found {
|
||||
return nil, false
|
||||
importedName, found = GetAliasedName(pkg, c)
|
||||
if !found {
|
||||
return nil, false
|
||||
}
|
||||
}
|
||||
|
||||
if callExpr, ok := n.(*ast.CallExpr); ok {
|
||||
|
@ -245,7 +248,7 @@ func GetBinaryExprOperands(be *ast.BinaryExpr) []ast.Node {
|
|||
}
|
||||
|
||||
// GetImportedName returns the name used for the package within the
|
||||
// code. It will resolve aliases and ignores initialization only imports.
|
||||
// code. It will ignore initialization only imports.
|
||||
func GetImportedName(path string, ctx *Context) (string, bool) {
|
||||
importName, imported := ctx.Imports.Imported[path]
|
||||
if !imported {
|
||||
|
@ -256,20 +259,39 @@ func GetImportedName(path string, ctx *Context) (string, bool) {
|
|||
return "", false
|
||||
}
|
||||
|
||||
if alias, ok := ctx.Imports.Aliased[path]; ok {
|
||||
importName = alias
|
||||
return importName, true
|
||||
}
|
||||
|
||||
// GetAliasedName returns the aliased name used for the package within the
|
||||
// code. It will ignore initialization only imports.
|
||||
func GetAliasedName(path string, ctx *Context) (string, bool) {
|
||||
importName, imported := ctx.Imports.Aliased[path]
|
||||
if !imported {
|
||||
return "", false
|
||||
}
|
||||
|
||||
if _, initonly := ctx.Imports.InitOnly[path]; initonly {
|
||||
return "", false
|
||||
}
|
||||
|
||||
return importName, true
|
||||
}
|
||||
|
||||
// GetImportPath resolves the full import path of an identifier based on
|
||||
// the imports in the current context.
|
||||
// the imports in the current context(including aliases).
|
||||
func GetImportPath(name string, ctx *Context) (string, bool) {
|
||||
for path := range ctx.Imports.Imported {
|
||||
if imported, ok := GetImportedName(path, ctx); ok && imported == name {
|
||||
return path, true
|
||||
}
|
||||
}
|
||||
|
||||
for path := range ctx.Imports.Aliased {
|
||||
if imported, ok := GetAliasedName(path, ctx); ok && imported == name {
|
||||
return path, true
|
||||
}
|
||||
}
|
||||
|
||||
return "", false
|
||||
}
|
||||
|
||||
|
|
12
rules/tls.go
12
rules/tls.go
|
@ -122,8 +122,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
|||
t.actualMinVersion = ival
|
||||
} else {
|
||||
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
||||
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
||||
t.actualMinVersion = t.mapVersion(se.Sel.Name)
|
||||
if pkg, ok := se.X.(*ast.Ident); ok {
|
||||
if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" {
|
||||
t.actualMinVersion = t.mapVersion(se.Sel.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -133,8 +135,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
|
|||
t.actualMaxVersion = ival
|
||||
} else {
|
||||
if se, ok := n.Value.(*ast.SelectorExpr); ok {
|
||||
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" {
|
||||
t.actualMaxVersion = t.mapVersion(se.Sel.Name)
|
||||
if pkg, ok := se.X.(*ast.Ident); ok {
|
||||
if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" {
|
||||
t.actualMaxVersion = t.mapVersion(se.Sel.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3008,6 +3008,19 @@ package main
|
|||
import "crypto/tls"
|
||||
|
||||
const MinVer = tls.VersionTLS13
|
||||
`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
cryptotls "crypto/tls"
|
||||
)
|
||||
|
||||
func main() {
|
||||
_ = tls.Config{MinVersion: tls.VersionTLS12}
|
||||
_ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12}
|
||||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue