mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Make variable names more explicity and reduce duplications
Change-Id: Ifa141b70351136cfe7d0756a83e8166a24b5d538 Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
This commit is contained in:
parent
e0414c4640
commit
ac67231ec5
1 changed files with 16 additions and 22 deletions
|
@ -78,26 +78,23 @@ func runHardCodedNonce(pass *analysis.Pass) (interface{}, error) {
|
||||||
func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Function,
|
func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Function,
|
||||||
pass *analysis.Pass, issueDescription string,
|
pass *analysis.Pass, issueDescription string,
|
||||||
) ([]*issue.Issue, error) {
|
) ([]*issue.Issue, error) {
|
||||||
var err error
|
|
||||||
var gosecIssue []*issue.Issue
|
|
||||||
|
|
||||||
if issueDescription == "" {
|
if issueDescription == "" {
|
||||||
issueDescription = defaultIssueDescription
|
issueDescription = defaultIssueDescription
|
||||||
}
|
}
|
||||||
|
var err error
|
||||||
|
var gosecIssue []*issue.Issue
|
||||||
|
var issues []*issue.Issue
|
||||||
switch valType := (val).(type) {
|
switch valType := (val).(type) {
|
||||||
case *ssa.Slice:
|
case *ssa.Slice:
|
||||||
issueDescription += " by passing hardcoded slice/array"
|
issueDescription += " by passing hardcoded slice/array"
|
||||||
tmp, hasErr := iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
|
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
|
||||||
gosecIssue = append(gosecIssue, tmp...)
|
gosecIssue = append(gosecIssue, issues...)
|
||||||
err = hasErr
|
|
||||||
case *ssa.UnOp:
|
case *ssa.UnOp:
|
||||||
// Check if it's a dereference operation (a.k.a pointer)
|
// Check if it's a dereference operation (a.k.a pointer)
|
||||||
if valType.Op == token.MUL {
|
if valType.Op == token.MUL {
|
||||||
issueDescription += " by passing pointer which points to hardcoded variable"
|
issueDescription += " by passing pointer which points to hardcoded variable"
|
||||||
tmp, hasErr := iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Low)
|
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Low)
|
||||||
gosecIssue = append(gosecIssue, tmp...)
|
gosecIssue = append(gosecIssue, issues...)
|
||||||
err = hasErr
|
|
||||||
}
|
}
|
||||||
// When the value assigned to a variable is a function call.
|
// When the value assigned to a variable is a function call.
|
||||||
// It goes and check if this function contains call to crypto/rand.Read
|
// It goes and check if this function contains call to crypto/rand.Read
|
||||||
|
@ -108,9 +105,8 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
|
||||||
if calledFunction, ok := callValue.(*ssa.Function); ok {
|
if calledFunction, ok := callValue.(*ssa.Function); ok {
|
||||||
if contains, funcErr := isFuncContainsCryptoRand(calledFunction); !contains && funcErr == nil {
|
if contains, funcErr := isFuncContainsCryptoRand(calledFunction); !contains && funcErr == nil {
|
||||||
issueDescription += " by passing a value from function which doesn't use crypto/rand"
|
issueDescription += " by passing a value from function which doesn't use crypto/rand"
|
||||||
tmp, hasErr := iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Medium)
|
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Medium)
|
||||||
gosecIssue = append(gosecIssue, tmp...)
|
gosecIssue = append(gosecIssue, issues...)
|
||||||
err = hasErr
|
|
||||||
} else if funcErr != nil {
|
} else if funcErr != nil {
|
||||||
err = funcErr
|
err = funcErr
|
||||||
}
|
}
|
||||||
|
@ -121,9 +117,8 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
|
||||||
case *ssa.Convert:
|
case *ssa.Convert:
|
||||||
if valType.Type().String() == "[]byte" && valType.X.Type().String() == "string" {
|
if valType.Type().String() == "[]byte" && valType.X.Type().String() == "string" {
|
||||||
issueDescription += " by passing converted string"
|
issueDescription += " by passing converted string"
|
||||||
tmp, hasErr := iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
|
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
|
||||||
gosecIssue = append(gosecIssue, tmp...)
|
gosecIssue = append(gosecIssue, issues...)
|
||||||
err = hasErr
|
|
||||||
}
|
}
|
||||||
case *ssa.Parameter:
|
case *ssa.Parameter:
|
||||||
// arg given to tracked function is wrapped in another function, example:
|
// arg given to tracked function is wrapped in another function, example:
|
||||||
|
@ -139,17 +134,16 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
|
||||||
trackedFunctions[valType.Parent().String()] = []int{len(valType.Parent().Params), index}
|
trackedFunctions[valType.Parent().String()] = []int{len(valType.Parent().Params), index}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
result := getArgsFromTrackedFunctions(ssaFuncs, trackedFunctions)
|
args := getArgsFromTrackedFunctions(ssaFuncs, trackedFunctions)
|
||||||
|
|
||||||
issueDescription += " by passing a parameter to a function and"
|
issueDescription += " by passing a parameter to a function and"
|
||||||
// recursively backtrack to where the origin of a variable passed to multiple functions is
|
// recursively backtrack to where the origin of a variable passed to multiple functions is
|
||||||
for _, trackedVariable := range result {
|
for _, arg := range args {
|
||||||
if trackedVariable == nil {
|
if arg == nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
tmp, hasErr := raiseIssue(*trackedVariable, trackedFunctions, ssaFuncs, pass, issueDescription)
|
issues, err = raiseIssue(*arg, trackedFunctions, ssaFuncs, pass, issueDescription)
|
||||||
gosecIssue = append(gosecIssue, tmp...)
|
gosecIssue = append(gosecIssue, issues...)
|
||||||
err = hasErr
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue