go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-25 22:22:17 +02:00
Code Issues Releases Activity

Find G303 with filepath.Join'd temp dirs (#754)

Browse Source
This commit is contained in:
Ville Skyttä
2022-01-04 15:48:02 +02:00
committed by GitHub
parent 19bda8d15f
commit 4c1afaa492
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rules/tempfiles.go
View File

@@ -71,6 +71,7 @@ func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
argCalls.Add("os", "TempDir")
nestedCalls := gosec.NewCallList()
nestedCalls.Add("path", "Join")
nestedCalls.Add("path/filepath", "Join")
return &badTempFile{
calls: calls,
args: regexp.MustCompile(`^(/(usr|var))?/tmp(/.*)?$`),