go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-07-05 00:29:02 +02:00
Code Issues Releases Activity

G303: catch with os.WriteFile, add os.Create test case (#718)

Browse Source 
* Add G303 os.Create test case

* Catch G303 with os.WriteFile too
This commit is contained in:
Ville Skyttä
2021-11-09 22:13:45 +02:00
committed by GitHub
parent 873ac243ea
commit 40fa36d1de
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/tempfiles.go
View File

@ -44,7 +44,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *gosec.Issue, err
func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
calls := gosec.NewCallList() calls := gosec.NewCallList()
calls.Add("io/ioutil", "WriteFile") calls.Add("io/ioutil", "WriteFile")
calls.Add("os", "Create") calls.AddAll("os", "Create", "WriteFile")
return &badTempFile{ return &badTempFile{
calls: calls, calls: calls,
args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`), args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`),

13
testutils/source.go
View File

@ -1757,6 +1757,7 @@ package samples
import ( import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
) )
func main() { func main() {
@ -1764,7 +1765,17 @@ func main() {
if err != nil { if err != nil {
fmt.Println("Error while writing!") fmt.Println("Error while writing!")
} }
}`}, 1, gosec.NewConfig()}} f, err := os.Create("/tmp/demo2")
if err != nil {
fmt.Println("Error while writing!")
} else if err = f.Close(); err != nil {
fmt.Println("Error while closing!")
}
err = os.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
if err != nil {
fmt.Println("Error while writing!")
}
}`}, 3, gosec.NewConfig()}}
// SampleCodeG304 - potential file inclusion vulnerability // SampleCodeG304 - potential file inclusion vulnerability
SampleCodeG304 = []CodeSample{{[]string{` SampleCodeG304 = []CodeSample{{[]string{`