go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-07-07 00:35:35 +02:00
Code Issues Releases Activity

Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call

Browse Source
This commit is contained in:
Cosmin Cojocar
2018-12-02 15:37:42 +01:00
committed by Cosmin Cojocar
parent f14f17fb1d
commit 9b32fcac16
2 changed files with 51 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
testutils/source.go
View File

@ -98,6 +98,42 @@ func main() {
log.Fatal(err)
}
defer l.Close()
}`}, 1},
// Bind to all networks indirectly through a parsing function
{[]string{`
package main
import (
"log"
"net"
)
func parseListenAddr(listenAddr string) (network string, addr string) {
return "", ""
}
func main() {
addr := ":2000"
l, err := net.Listen(parseListenAddr(addr))
if err != nil {
log.Fatal(err)
}
defer l.Close()
}`}, 1},
// Bind to all networks indirectly through a parsing function
{[]string{`
package main
import (
"log"
"net"
)
const addr = ":2000"
func parseListenAddr(listenAddr string) (network string, addr string) {
return "", ""
}
func main() {
l, err := net.Listen(parseListenAddr(addr))
if err != nil {
log.Fatal(err)
}
defer l.Close()
}`}, 1},
}
// SampleCodeG103 find instances of unsafe blocks for auditing purposes