Improve the SQL strings concat rules to handle multiple string concatenation

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2025-07-07 00:35:35 +02:00 · 2020-05-25 15:42:43 +02:00
parent 68bce94323
commit 30e93bf865
4 changed files with 110 additions and 10 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -1026,6 +1026,23 @@ func main(){
 		panic(err)
 	}
 }`}, 1, gosec.NewConfig()}, {[]string{`
+// multiple string concatenation
+package main
+import (
+	"database/sql"
+	"os"
+)
+func main(){
+	db, err := sql.Open("sqlite3", ":memory:")
+	if err != nil {
+		panic(err)
+	}
+	rows, err := db.Query("SELECT * FROM foo" + "WHERE name = " + os.Args[1])
+	if err != nil {
+		panic(err)
+	}
+	defer rows.Close()
+}`}, 1, gosec.NewConfig()}, {[]string{`
 // false positive
 package main
 import (