mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
parent
21fcd2f904
commit
ea6d49d1b5
2 changed files with 29 additions and 0 deletions
|
@ -77,6 +77,13 @@ func (r *subprocess) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
||||||
return gosec.NewIssue(c, n, r.ID(), "Subprocess launched with variable", gosec.Medium, gosec.High), nil
|
return gosec.NewIssue(c, n, r.ID(), "Subprocess launched with variable", gosec.Medium, gosec.High), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case *ast.ValueSpec:
|
||||||
|
_, valueSpec := ident.Obj.Decl.(*ast.ValueSpec)
|
||||||
|
if variable && valueSpec {
|
||||||
|
if !gosec.TryResolve(ident, c) {
|
||||||
|
return gosec.NewIssue(c, n, r.ID(), "Subprocess launched with variable", gosec.Medium, gosec.High), nil
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if !gosec.TryResolve(arg, c) {
|
} else if !gosec.TryResolve(arg, c) {
|
||||||
|
|
|
@ -2018,6 +2018,28 @@ func main() {
|
||||||
log.Printf("Command finished with error: %v", err)
|
log.Printf("Command finished with error: %v", err)
|
||||||
}
|
}
|
||||||
`}, 1, gosec.NewConfig()},
|
`}, 1, gosec.NewConfig()},
|
||||||
|
{[]string{`
|
||||||
|
// Initializing a local variable using a environmental
|
||||||
|
// variable is consider as a dangerous user input
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"os/exec"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
var run = "sleep" + os.Getenv("SOMETHING")
|
||||||
|
cmd := exec.Command(run, "5")
|
||||||
|
err := cmd.Start()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
log.Printf("Waiting for command to finish...")
|
||||||
|
err = cmd.Wait()
|
||||||
|
log.Printf("Command finished with error: %v", err)
|
||||||
|
}`}, 1, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
|
|
||||||
// SampleCodeG301 - mkdir permission check
|
// SampleCodeG301 - mkdir permission check
|
||||||
|
|
Loading…
Reference in a new issue