go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-29 22:37:59 +02:00
Code Issues Releases Activity

Allow quoted strings to be used to format SQL queries (#240)

Browse Source 
* Support stripping vendor paths when matching calls

* Factor out matching of formatter string

* Quoted strings are safe to use with SQL str formatted strings

* Add test for allowing quoted strings with string formatters

* Install the pq package for tests to pass
This commit is contained in:
Dale Hui
2018-09-25 00:40:05 -07:00
committed by Cosmin Cojocar
parent ec32ce68d8
commit 762ff3a709
14 changed files with 88 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
call_list_test.go
View File

@@ -73,7 +73,7 @@ var _ = Describe("call list", func() {
v := testutils.NewMockVisitor()
v.Context = ctx
v.Callback = func(n ast.Node, ctx *gosec.Context) bool {
if _, ok := n.(*ast.CallExpr); ok && calls.ContainsCallExpr(n, ctx) != nil {
if _, ok := n.(*ast.CallExpr); ok && calls.ContainsCallExpr(n, ctx, false) != nil {
matched++
}
return true