From beef1250a44fe0daab1daff3367418f952d44fcd Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmin@cojocar.ch>
Date: Wed, 23 Aug 2023 17:17:14 +0200
Subject: [PATCH] Exclude maps from slince bounce check rule (#1006)

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
---
 rules/slice_bounds.go |  5 +++++
 testutils/source.go   | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/rules/slice_bounds.go b/rules/slice_bounds.go
index 04811bb..d74672b 100644
--- a/rules/slice_bounds.go
+++ b/rules/slice_bounds.go
@@ -233,6 +233,11 @@ func (s *sliceOutOfBounds) matchSliceMake(funcCall *ast.CallExpr, sliceName stri
 		return nil, nil // Unexpected, args should always be 2 or 3
 	}
 
+	// Check if the type of the slice is a map, since they should no be checked.
+	if _, ok := funcCall.Args[0].(*ast.MapType); ok {
+		return nil, nil
+	}
+
 	// Check and get the capacity of the slice passed to make. It must be a literal value, since we aren't evaluating the expression.
 	sliceCapLit, ok := funcCall.Args[capacityArg].(*ast.BasicLit)
 	if !ok {
diff --git a/testutils/source.go b/testutils/source.go
index 3a175f1..7bdb0c3 100644
--- a/testutils/source.go
+++ b/testutils/source.go
@@ -3966,5 +3966,19 @@ func doStuff(x []int) {
 	newSlice2 := x[:6]
 	fmt.Println(newSlice2)
 }`}, 2, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import "fmt"
+
+func main() {
+  testMap := make(map[string]any, 0)
+  testMap["test1"] = map[string]interface{}{
+    "test2": map[string]interface{}{
+      "value": 0,
+    },
+  }
+  fmt.Println(testMap)
+}`}, 0, gosec.NewConfig()},
 	}
 )