mirror of
https://github.com/securego/gosec.git
synced 2025-11-23 22:15:04 +02:00
Feature: G602 Slice Bound Checking (#973)
* Added slice bounds testing for slice expressions. * Added checking slice index. * Added test for reassigning slice. * Store capacities on reslicing. * Scope change clears map. Func name used to track slices. * Map CallExpr to check bounds when passing to functions. * Fixed linter errors. * Updated rulelist with CWE mapping. * Added comment for NewSliceBoundCheck. * Addressed nil cap runtime error. * Replaced usage of nil in call arg map with dummy callexprs. * Updated comments, wrapped error return, addressed other review concerns.
This commit is contained in:
Morgen Malinoski
GitHub
@@ -3679,4 +3679,182 @@ func main() {
|
||||
C.printData(cData)
|
||||
}
|
||||
`}, 0, gosec.NewConfig()}}
|
||||
|
||||
// SampleCodeG602 - Slice access out of bounds
|
||||
SampleCodeG602 = []CodeSample{
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0)
|
||||
|
||||
fmt.Println(s[:3])
|
||||
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0)
|
||||
|
||||
fmt.Println(s[3:])
|
||||
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 16)
|
||||
|
||||
fmt.Println(s[:17])
|
||||
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 16)
|
||||
|
||||
fmt.Println(s[:16])
|
||||
|
||||
}`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 16)
|
||||
|
||||
fmt.Println(s[5:17])
|
||||
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 4)
|
||||
|
||||
fmt.Println(s[3])
|
||||
|
||||
}`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 4)
|
||||
|
||||
fmt.Println(s[5])
|
||||
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0)
|
||||
s = make([]byte, 3)
|
||||
|
||||
fmt.Println(s[:3])
|
||||
|
||||
}`}, 0, gosec.NewConfig()},
|
||||
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0, 4)
|
||||
|
||||
fmt.Println(s[:3])
|
||||
fmt.Println(s[3])
|
||||
|
||||
}`}, 0, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0, 4)
|
||||
|
||||
fmt.Println(s[:5])
|
||||
fmt.Println(s[7])
|
||||
|
||||
}`}, 2, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]byte, 0, 4)
|
||||
x := s[:2]
|
||||
y := x[:10]
|
||||
fmt.Println(y)
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]int, 0, 4)
|
||||
doStuff(s)
|
||||
}
|
||||
|
||||
func doStuff(x []int) {
|
||||
newSlice := x[:10]
|
||||
fmt.Println(newSlice)
|
||||
}`}, 1, gosec.NewConfig()},
|
||||
{[]string{`
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
s := make([]int, 0, 30)
|
||||
doStuff(s)
|
||||
x := make([]int, 20)
|
||||
y := x[10:]
|
||||
doStuff(y)
|
||||
z := y[5:]
|
||||
doStuff(z)
|
||||
}
|
||||
|
||||
func doStuff(x []int) {
|
||||
newSlice := x[:10]
|
||||
fmt.Println(newSlice)
|
||||
newSlice2 := x[:6]
|
||||
fmt.Println(newSlice2)
|
||||
}`}, 2, gosec.NewConfig()},
|
||||
}
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user