Extend the bind rule to handle the case when the net.Listen address in provided from a const

2025-11-25 22:22:17 +02:00 · 2018-12-02 16:28:51 +01:00
parent 9b32fcac16
commit 24e3094d2a
3 changed files with 48 additions and 19 deletions
--- a/rules/bind.go
+++ b/rules/bind.go
@@ -45,6 +45,13 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*gose
 					return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
 				}
 			}
+		} else if ident, ok := arg.(*ast.Ident); ok {
+			values := gosec.GetIdentStringValues(ident)
+			for _, value := range values {
+				if r.pattern.MatchString(value) {
+					return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
+				}
+			}
 		}
 	} else if len(callExpr.Args) > 0 {
 		values := gosec.GetCallStringArgsValues(callExpr.Args[0], c)