go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-06-23 00:07:53 +02:00
Code Issues Releases Activity

Fix lint and fail on error in the ci build

Browse Source
This commit is contained in:
Matthieu MOREL
2021-05-31 10:44:12 +02:00
committed by GitHub
parent dbb9811e62
commit 1256f16f33
51 changed files with 218 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
rules/sql.go
View File

@ -186,7 +186,7 @@ func (s *sqlStrFormat) checkQuery(call *ast.CallExpr, ctx *gosec.Context) (*gose
decl := ident.Obj.Decl
if assign, ok := decl.(*ast.AssignStmt); ok {
for _, expr := range assign.Rhs {
issue, err := s.checkFormatting(expr, ctx)
issue := s.checkFormatting(expr, ctx)
if issue != nil {
return issue, err
}
@ -197,7 +197,7 @@ func (s *sqlStrFormat) checkQuery(call *ast.CallExpr, ctx *gosec.Context) (*gose
return nil, nil
}
func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) (*gosec.Issue, error) {
func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) *gosec.Issue {
// argIndex changes the function argument which gets matched to the regex
argIndex := 0
if node := s.fmtCalls.ContainsPkgCallExpr(n, ctx, false); node != nil {
@ -208,7 +208,7 @@ func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) (*gosec.I
if arg, ok := node.Args[0].(*ast.SelectorExpr); ok {
if ident, ok := arg.X.(*ast.Ident); ok {
if s.noIssue.Contains(ident.Name, arg.Sel.Name) {
return nil, nil
return nil
}
}
}
@ -219,7 +219,7 @@ func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) (*gosec.I
// no formatter
if len(node.Args) == 0 {
return nil, nil
return nil
}
var formatter string
@ -233,7 +233,7 @@ func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) (*gosec.I
formatter = arg
}
if len(formatter) <= 0 {
return nil, nil
return nil
}
// If all formatter args are quoted or constant, then the SQL construction is safe
@ -246,14 +246,14 @@ func (s *sqlStrFormat) checkFormatting(n ast.Node, ctx *gosec.Context) (*gosec.I
}
}
if allSafe {
return nil, nil
return nil
}
}
if s.MatchPatterns(formatter) {
return gosec.NewIssue(ctx, n, s.ID(), s.What, s.Severity, s.Confidence), nil
return gosec.NewIssue(ctx, n, s.ID(), s.What, s.Severity, s.Confidence)
}
}
return nil, nil
return nil
}
// Check SQL query formatting issues such as "fmt.Sprintf("SELECT * FROM foo where '%s', userInput)"