mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Add also filepath.Rel as a sanitization method for input argument in the G304 rule
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
This commit is contained in:
parent
047729a84f
commit
f13b8bc639
2 changed files with 18 additions and 0 deletions
|
@ -120,6 +120,7 @@ func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
rule.pathJoin.Add("path/filepath", "Join")
|
rule.pathJoin.Add("path/filepath", "Join")
|
||||||
rule.pathJoin.Add("path", "Join")
|
rule.pathJoin.Add("path", "Join")
|
||||||
rule.clean.Add("path/filepath", "Clean")
|
rule.clean.Add("path/filepath", "Clean")
|
||||||
|
rule.clean.Add("path/filepath", "Rel")
|
||||||
rule.Add("io/ioutil", "ReadFile")
|
rule.Add("io/ioutil", "ReadFile")
|
||||||
rule.Add("os", "Open")
|
rule.Add("os", "Open")
|
||||||
rule.Add("os", "OpenFile")
|
rule.Add("os", "OpenFile")
|
||||||
|
|
|
@ -1621,6 +1621,23 @@ func main() {
|
||||||
repoFile := "path_of_file"
|
repoFile := "path_of_file"
|
||||||
openFile(repoFile)
|
openFile(repoFile)
|
||||||
}
|
}
|
||||||
|
`}, 0, gosec.NewConfig()}, {[]string{`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
repoFile := "path_of_file"
|
||||||
|
relFile := filepath.Rel(repoFile)
|
||||||
|
byContext, err := os.OpenFile(relFile, os.O_RDONLY, 0600)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
`}, 0, gosec.NewConfig()}}
|
`}, 0, gosec.NewConfig()}}
|
||||||
|
|
||||||
// SampleCodeG305 - File path traversal when extracting zip/tar archives
|
// SampleCodeG305 - File path traversal when extracting zip/tar archives
|
||||||
|
|
Loading…
Reference in a new issue