mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
129be1561b
There were several issues with the error test case that have been addressed in this commit. - It is possible to specify a whitelist of calls that error handling should be ignored for. - Additional support for ast.ExprStmt for cases where the error is implicitly ignored. There were several other additions to the helpers and call list in order to support this type of functionality. Fixes #54
60 lines
1.2 KiB
Go
60 lines
1.2 KiB
Go
package core
|
|
|
|
import (
|
|
"go/ast"
|
|
"testing"
|
|
)
|
|
|
|
type callListRule struct {
|
|
MetaData
|
|
callList CallList
|
|
matched int
|
|
}
|
|
|
|
func (r *callListRule) Match(n ast.Node, c *Context) (gi *Issue, err error) {
|
|
if r.callList.ContainsCallExpr(n, c) {
|
|
r.matched += 1
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func TestCallListContainsCallExpr(t *testing.T) {
|
|
config := map[string]interface{}{"ignoreNosec": false}
|
|
analyzer := NewAnalyzer(config, nil)
|
|
calls := NewCallList()
|
|
calls.AddAll("bytes.Buffer", "Write", "WriteTo")
|
|
rule := &callListRule{
|
|
MetaData: MetaData{
|
|
Severity: Low,
|
|
Confidence: Low,
|
|
What: "A dummy rule",
|
|
},
|
|
callList: calls,
|
|
matched: 0,
|
|
}
|
|
analyzer.AddRule(rule, []ast.Node{(*ast.CallExpr)(nil)})
|
|
source := `
|
|
package main
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
)
|
|
func main() {
|
|
var b bytes.Buffer
|
|
b.Write([]byte("Hello "))
|
|
fmt.Fprintf(&b, "world!")
|
|
}`
|
|
|
|
analyzer.ProcessSource("dummy.go", source)
|
|
if rule.matched != 1 {
|
|
t.Errorf("Expected to match a bytes.Buffer.Write call")
|
|
}
|
|
}
|
|
|
|
func TestCallListContains(t *testing.T) {
|
|
callList := NewCallList()
|
|
callList.Add("fmt", "Printf")
|
|
if !callList.Contains("fmt", "Printf") {
|
|
t.Errorf("Expected call list to contain fmt.Printf")
|
|
}
|
|
}
|