1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-26 20:53:56 +02:00

Make variable name more clear

Change-Id: I5b863c0da6cc3d01efa527c60c93fdcbc8c5a53c
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
This commit is contained in:
Cosmin Cojocar 2024-08-30 17:19:25 +00:00 committed by Cosmin Cojocar
parent ac67231ec5
commit 0898560169

View File

@ -82,19 +82,19 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
issueDescription = defaultIssueDescription
}
var err error
var gosecIssue []*issue.Issue
var allIssues []*issue.Issue
var issues []*issue.Issue
switch valType := (val).(type) {
case *ssa.Slice:
issueDescription += " by passing hardcoded slice/array"
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
gosecIssue = append(gosecIssue, issues...)
allIssues = append(allIssues, issues...)
case *ssa.UnOp:
// Check if it's a dereference operation (a.k.a pointer)
if valType.Op == token.MUL {
issueDescription += " by passing pointer which points to hardcoded variable"
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Low)
gosecIssue = append(gosecIssue, issues...)
allIssues = append(allIssues, issues...)
}
// When the value assigned to a variable is a function call.
// It goes and check if this function contains call to crypto/rand.Read
@ -106,7 +106,7 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
if contains, funcErr := isFuncContainsCryptoRand(calledFunction); !contains && funcErr == nil {
issueDescription += " by passing a value from function which doesn't use crypto/rand"
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.Medium)
gosecIssue = append(gosecIssue, issues...)
allIssues = append(allIssues, issues...)
} else if funcErr != nil {
err = funcErr
}
@ -118,7 +118,7 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
if valType.Type().String() == "[]byte" && valType.X.Type().String() == "string" {
issueDescription += " by passing converted string"
issues, err = iterateThroughReferrers(val, funcsToTrack, pass.Analyzer.Name, issueDescription, pass.Fset, issue.High)
gosecIssue = append(gosecIssue, issues...)
allIssues = append(allIssues, issues...)
}
case *ssa.Parameter:
// arg given to tracked function is wrapped in another function, example:
@ -143,11 +143,11 @@ func raiseIssue(val ssa.Value, funcsToTrack map[string][]int, ssaFuncs []*ssa.Fu
continue
}
issues, err = raiseIssue(*arg, trackedFunctions, ssaFuncs, pass, issueDescription)
gosecIssue = append(gosecIssue, issues...)
allIssues = append(allIssues, issues...)
}
}
}
return gosecIssue, err
return allIssues, err
}
// iterateThroughReferrers iterates through all places that use the `variable` argument and check if it's used in one of the tracked functions.