Allow quoted strings to be used to format SQL queries (#240)

* Support stripping vendor paths when matching calls * Factor out matching of formatter string * Quoted strings are safe to use with SQL str formatted strings * Add test for allowing quoted strings with string formatters * Install the pq package for tests to pass
2025-12-01 22:41:54 +02:00 · 2018-09-25 00:40:05 -07:00
parent ec32ce68d8
commit 762ff3a709
14 changed files with 88 additions and 33 deletions
--- a/rules/bind.go
+++ b/rules/bind.go
@@ -33,7 +33,7 @@ func (r *bindsToAllNetworkInterfaces) ID() string {
 }

 func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
-	callExpr := r.calls.ContainsCallExpr(n, c)
+	callExpr := r.calls.ContainsCallExpr(n, c, false)
 	if callExpr == nil {
 		return nil, nil
 	}