mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Exclude maps from slince bounce check rule (#1006)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
21d13c9a9b
commit
beef1250a4
2 changed files with 19 additions and 0 deletions
|
@ -233,6 +233,11 @@ func (s *sliceOutOfBounds) matchSliceMake(funcCall *ast.CallExpr, sliceName stri
|
||||||
return nil, nil // Unexpected, args should always be 2 or 3
|
return nil, nil // Unexpected, args should always be 2 or 3
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the type of the slice is a map, since they should no be checked.
|
||||||
|
if _, ok := funcCall.Args[0].(*ast.MapType); ok {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Check and get the capacity of the slice passed to make. It must be a literal value, since we aren't evaluating the expression.
|
// Check and get the capacity of the slice passed to make. It must be a literal value, since we aren't evaluating the expression.
|
||||||
sliceCapLit, ok := funcCall.Args[capacityArg].(*ast.BasicLit)
|
sliceCapLit, ok := funcCall.Args[capacityArg].(*ast.BasicLit)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
@ -3966,5 +3966,19 @@ func doStuff(x []int) {
|
||||||
newSlice2 := x[:6]
|
newSlice2 := x[:6]
|
||||||
fmt.Println(newSlice2)
|
fmt.Println(newSlice2)
|
||||||
}`}, 2, gosec.NewConfig()},
|
}`}, 2, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import "fmt"
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
testMap := make(map[string]any, 0)
|
||||||
|
testMap["test1"] = map[string]interface{}{
|
||||||
|
"test2": map[string]interface{}{
|
||||||
|
"value": 0,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
fmt.Println(testMap)
|
||||||
|
}`}, 0, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue