mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
fix: G602 support for nested conditionals with bounds check (#1201)
* Recursive fix * Add some more test cases * Fix formatting * Add depth check
This commit is contained in:
parent
11d69032b0
commit
ea5b2766bb
2 changed files with 133 additions and 32 deletions
|
@ -118,6 +118,12 @@ func runSliceBounds(pass *analysis.Pass) (interface{}, error) {
|
|||
if i == 1 {
|
||||
bound = invBound(bound)
|
||||
}
|
||||
var processBlock func(block *ssa.BasicBlock, depth int)
|
||||
processBlock = func(block *ssa.BasicBlock, depth int) {
|
||||
if depth == maxDepth {
|
||||
return
|
||||
}
|
||||
depth++
|
||||
for _, instr := range block.Instrs {
|
||||
if _, ok := issues[instr]; ok {
|
||||
switch bound {
|
||||
|
@ -142,11 +148,18 @@ func runSliceBounds(pass *analysis.Pass) (interface{}, error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
} else if nestedIfInstr, ok := instr.(*ssa.If); ok {
|
||||
for _, nestedBlock := range nestedIfInstr.Block().Succs {
|
||||
processBlock(nestedBlock, depth)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
processBlock(block, 0)
|
||||
}
|
||||
}
|
||||
|
||||
foundIssues := []*issue.Issue{}
|
||||
for _, issue := range issues {
|
||||
foundIssues = append(foundIssues, issue)
|
||||
|
|
|
@ -221,6 +221,93 @@ package main
|
|||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 0)
|
||||
if len(s) > 0 {
|
||||
switch s[0] {
|
||||
case 0:
|
||||
fmt.Println("zero")
|
||||
return
|
||||
default:
|
||||
fmt.Println(s[0])
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 0)
|
||||
if len(s) > 0 {
|
||||
switch s[0] {
|
||||
case 0:
|
||||
b := true
|
||||
if b == true {
|
||||
// Should work for many-levels of nesting when the condition is not on the target slice
|
||||
fmt.Println(s[0])
|
||||
}
|
||||
return
|
||||
default:
|
||||
fmt.Println(s[0])
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 0)
|
||||
if len(s) > 0 {
|
||||
if len(s) > 1 {
|
||||
fmt.Println(s[1])
|
||||
}
|
||||
fmt.Println(s[0])
|
||||
}
|
||||
}
|
||||
`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 2)
|
||||
fmt.Println(s[1])
|
||||
s = make([]byte, 0)
|
||||
fmt.Println(s[1])
|
||||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 0)
|
||||
if len(s) > 0 {
|
||||
if len(s) > 4 {
|
||||
fmt.Println(s[3])
|
||||
} else {
|
||||
// Should error
|
||||
fmt.Println(s[2])
|
||||
}
|
||||
fmt.Println(s[0])
|
||||
}
|
||||
}
|
||||
`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
s := make([]byte, 0)
|
||||
if len(s) > 0 {
|
||||
|
@ -249,5 +336,6 @@ func main() {
|
|||
fmt.Println(s[i])
|
||||
}
|
||||
}
|
||||
|
||||
`}, 0, gosec.NewConfig()},
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue