Fix for G402. Check package path instead of package name (#838)

This commit is contained in:
Dmitry Golushko 2022-07-28 08:51:30 +02:00 committed by GitHub
parent ea6d49d1b5
commit a5982fb6a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 48 additions and 9 deletions

View file

@ -39,7 +39,10 @@ import (
func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) { func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) {
importedName, found := GetImportedName(pkg, c) importedName, found := GetImportedName(pkg, c)
if !found { if !found {
return nil, false importedName, found = GetAliasedName(pkg, c)
if !found {
return nil, false
}
} }
if callExpr, ok := n.(*ast.CallExpr); ok { if callExpr, ok := n.(*ast.CallExpr); ok {
@ -245,7 +248,7 @@ func GetBinaryExprOperands(be *ast.BinaryExpr) []ast.Node {
} }
// GetImportedName returns the name used for the package within the // GetImportedName returns the name used for the package within the
// code. It will resolve aliases and ignores initialization only imports. // code. It will ignore initialization only imports.
func GetImportedName(path string, ctx *Context) (string, bool) { func GetImportedName(path string, ctx *Context) (string, bool) {
importName, imported := ctx.Imports.Imported[path] importName, imported := ctx.Imports.Imported[path]
if !imported { if !imported {
@ -256,20 +259,39 @@ func GetImportedName(path string, ctx *Context) (string, bool) {
return "", false return "", false
} }
if alias, ok := ctx.Imports.Aliased[path]; ok { return importName, true
importName = alias }
// GetAliasedName returns the aliased name used for the package within the
// code. It will ignore initialization only imports.
func GetAliasedName(path string, ctx *Context) (string, bool) {
importName, imported := ctx.Imports.Aliased[path]
if !imported {
return "", false
} }
if _, initonly := ctx.Imports.InitOnly[path]; initonly {
return "", false
}
return importName, true return importName, true
} }
// GetImportPath resolves the full import path of an identifier based on // GetImportPath resolves the full import path of an identifier based on
// the imports in the current context. // the imports in the current context(including aliases).
func GetImportPath(name string, ctx *Context) (string, bool) { func GetImportPath(name string, ctx *Context) (string, bool) {
for path := range ctx.Imports.Imported { for path := range ctx.Imports.Imported {
if imported, ok := GetImportedName(path, ctx); ok && imported == name { if imported, ok := GetImportedName(path, ctx); ok && imported == name {
return path, true return path, true
} }
} }
for path := range ctx.Imports.Aliased {
if imported, ok := GetAliasedName(path, ctx); ok && imported == name {
return path, true
}
}
return "", false return "", false
} }

View file

@ -122,8 +122,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
t.actualMinVersion = ival t.actualMinVersion = ival
} else { } else {
if se, ok := n.Value.(*ast.SelectorExpr); ok { if se, ok := n.Value.(*ast.SelectorExpr); ok {
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { if pkg, ok := se.X.(*ast.Ident); ok {
t.actualMinVersion = t.mapVersion(se.Sel.Name) if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" {
t.actualMinVersion = t.mapVersion(se.Sel.Name)
}
} }
} }
} }
@ -133,8 +135,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont
t.actualMaxVersion = ival t.actualMaxVersion = ival
} else { } else {
if se, ok := n.Value.(*ast.SelectorExpr); ok { if se, ok := n.Value.(*ast.SelectorExpr); ok {
if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { if pkg, ok := se.X.(*ast.Ident); ok {
t.actualMaxVersion = t.mapVersion(se.Sel.Name) if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" {
t.actualMaxVersion = t.mapVersion(se.Sel.Name)
}
} }
} }
} }

View file

@ -3008,6 +3008,19 @@ package main
import "crypto/tls" import "crypto/tls"
const MinVer = tls.VersionTLS13 const MinVer = tls.VersionTLS13
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import (
"crypto/tls"
cryptotls "crypto/tls"
)
func main() {
_ = tls.Config{MinVersion: tls.VersionTLS12}
_ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12}
}
`}, 0, gosec.NewConfig()}, `}, 0, gosec.NewConfig()},
} }