go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-12-24 00:01:46 +02:00
Code Issues Releases Activity

Find more tempdirs

Browse Source 
* Find G303 in string concatenations, with os.TempDir, and in path.Join args

* Find G303 with /usr/tmp, too

/usr/tmp is commonly found e.g. on Solaris.
This commit is contained in:
Ville Skyttä
2022-01-03 22:58:25 +02:00
committed by GitHub
parent 827fca9a83
commit 19bda8d15f
2 changed files with 57 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
testutils/source.go
View File

@@ -1758,6 +1758,7 @@ import (
"fmt"
"io/ioutil"
"os"
"path"
)
func main() {
@@ -1775,7 +1776,27 @@ func main() {
if err != nil {
fmt.Println("Error while writing!")
}
}`}, 3, gosec.NewConfig()}}
err = os.WriteFile("/usr/tmp/demo2", []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
err = os.WriteFile("/tmp/" + "demo2", []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
err = os.WriteFile(os.TempDir() + "/demo2", []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
err = os.WriteFile(path.Join("/var/tmp", "demo2"), []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
err = os.WriteFile(path.Join(os.TempDir(), "demo2"), []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
}`}, 8, gosec.NewConfig()}}
// SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{{[]string{`