mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
ea5b2766bb
* Recursive fix * Add some more test cases * Fix formatting * Add depth check
341 lines
4.1 KiB
Go
341 lines
4.1 KiB
Go
package testutils
|
|
|
|
import "github.com/securego/gosec/v2"
|
|
|
|
// SampleCodeG602 - Slice access out of bounds
|
|
var SampleCodeG602 = []CodeSample{
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0)
|
|
|
|
fmt.Println(s[:3])
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0)
|
|
|
|
fmt.Println(s[3:])
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 16)
|
|
|
|
fmt.Println(s[:17])
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 16)
|
|
|
|
fmt.Println(s[:16])
|
|
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 16)
|
|
|
|
fmt.Println(s[5:17])
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 4)
|
|
|
|
fmt.Println(s[3])
|
|
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 4)
|
|
|
|
fmt.Println(s[5])
|
|
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0)
|
|
s = make([]byte, 3)
|
|
|
|
fmt.Println(s[:3])
|
|
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0, 4)
|
|
|
|
fmt.Println(s[:3])
|
|
fmt.Println(s[3])
|
|
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0, 4)
|
|
|
|
fmt.Println(s[:5])
|
|
fmt.Println(s[7])
|
|
|
|
}
|
|
`}, 2, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]byte, 0, 4)
|
|
x := s[:2]
|
|
y := x[:10]
|
|
fmt.Println(y)
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]int, 0, 4)
|
|
doStuff(s)
|
|
}
|
|
|
|
func doStuff(x []int) {
|
|
newSlice := x[:10]
|
|
fmt.Println(newSlice)
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
|
|
s := make([]int, 0, 30)
|
|
doStuff(s)
|
|
x := make([]int, 20)
|
|
y := x[10:]
|
|
doStuff(y)
|
|
z := y[5:]
|
|
doStuff(z)
|
|
}
|
|
|
|
func doStuff(x []int) {
|
|
newSlice := x[:10]
|
|
fmt.Println(newSlice)
|
|
newSlice2 := x[:6]
|
|
fmt.Println(newSlice2)
|
|
}
|
|
`}, 2, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
testMap := make(map[string]any, 0)
|
|
testMap["test1"] = map[string]interface{}{
|
|
"test2": map[string]interface{}{
|
|
"value": 0,
|
|
},
|
|
}
|
|
fmt.Println(testMap)
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
fmt.Println(s[0])
|
|
}
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
switch s[0] {
|
|
case 0:
|
|
fmt.Println("zero")
|
|
return
|
|
default:
|
|
fmt.Println(s[0])
|
|
return
|
|
}
|
|
}
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
switch s[0] {
|
|
case 0:
|
|
b := true
|
|
if b == true {
|
|
// Should work for many-levels of nesting when the condition is not on the target slice
|
|
fmt.Println(s[0])
|
|
}
|
|
return
|
|
default:
|
|
fmt.Println(s[0])
|
|
return
|
|
}
|
|
}
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
if len(s) > 1 {
|
|
fmt.Println(s[1])
|
|
}
|
|
fmt.Println(s[0])
|
|
}
|
|
}
|
|
`}, 0, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 2)
|
|
fmt.Println(s[1])
|
|
s = make([]byte, 0)
|
|
fmt.Println(s[1])
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
if len(s) > 4 {
|
|
fmt.Println(s[3])
|
|
} else {
|
|
// Should error
|
|
fmt.Println(s[2])
|
|
}
|
|
fmt.Println(s[0])
|
|
}
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]byte, 0)
|
|
if len(s) > 0 {
|
|
fmt.Println("fake test")
|
|
}
|
|
fmt.Println(s[0])
|
|
}
|
|
`}, 1, gosec.NewConfig()},
|
|
{[]string{`
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
func main() {
|
|
s := make([]int, 16)
|
|
for i := 0; i < 17; i++ {
|
|
s = append(s, i)
|
|
}
|
|
if len(s) < 16 {
|
|
fmt.Println(s[10:16])
|
|
} else {
|
|
fmt.Println(s[3:18])
|
|
}
|
|
fmt.Println(s[0])
|
|
for i := range s {
|
|
fmt.Println(s[i])
|
|
}
|
|
}
|
|
|
|
`}, 0, gosec.NewConfig()},
|
|
}
|