Feature: G602 Slice Bound Checking (#973)

* Added slice bounds testing for slice expressions. * Added checking slice index. * Added test for reassigning slice. * Store capacities on reslicing. * Scope change clears map. Func name used to track slices. * Map CallExpr to check bounds when passing to functions. * Fixed linter errors. * Updated rulelist with CWE mapping. * Added comment for NewSliceBoundCheck. * Addressed nil cap runtime error. * Replaced usage of nil in call arg map with dummy callexprs. * Updated comments, wrapped error return, addressed other review concerns.
2025-11-23 22:15:04 +02:00 · 2023-06-21 02:56:36 -05:00
parent 82364a710c
commit a018cf0fbb
5 changed files with 589 additions and 0 deletions
--- a/rules/rules_test.go
+++ b/rules/rules_test.go
@@ -194,5 +194,9 @@ var _ = Describe("gosec rules", func() {
 		It("should detect implicit aliasing in ForRange", func() {
 			runner("G601", testutils.SampleCodeG601)
 		})
+
+		It("should detect out of bounds slice access", func() {
+			runner("G602", testutils.SampleCodeG602)
+		})
 	})
 })