mirror of
https://github.com/securego/gosec.git
synced 2025-01-14 02:23:09 +02:00
Update Go version in CI script (#913)
* Update Go version in CI script * Introduce back an additional check for filepath clean to fix the unit tests
This commit is contained in:
parent
5874e63c9e
commit
c5d217da7a
6
.github/workflows/ci.yml
vendored
6
.github/workflows/ci.yml
vendored
@ -11,8 +11,8 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
go_version:
|
go_version:
|
||||||
- '1.18.8' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
- '1.18.9' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
||||||
- '1.19.3' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
- '1.19.4' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
GO111MODULE: on
|
GO111MODULE: on
|
||||||
@ -44,7 +44,7 @@ jobs:
|
|||||||
- name: Setup go
|
- name: Setup go
|
||||||
uses: actions/setup-go@v3
|
uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: '1.19.2' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
go-version: '1.19.4' # TODO: remove this once actions/setup-go@v3 uses latest as latest; see https://github.com/securego/gosec/pull/880
|
||||||
- name: Checkout Source
|
- name: Checkout Source
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- uses: actions/cache@v3
|
- uses: actions/cache@v3
|
||||||
|
@ -59,10 +59,20 @@ func (r *readfile) isJoinFunc(n ast.Node, c *gosec.Context) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// isFilepathClean checks if there is a filepath.Clean for given variable
|
// isFilepathClean checks if there is a filepath.Clean for given variable
|
||||||
func (r *readfile) isFilepathClean(n *ast.Ident) bool {
|
func (r *readfile) isFilepathClean(n *ast.Ident, c *gosec.Context) bool {
|
||||||
if _, ok := r.cleanedVar[n.Obj.Decl]; ok {
|
if _, ok := r.cleanedVar[n.Obj.Decl]; ok {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
if n.Obj.Kind != ast.Var {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if node, ok := n.Obj.Decl.(*ast.AssignStmt); ok {
|
||||||
|
if call, ok := node.Rhs[0].(*ast.CallExpr); ok {
|
||||||
|
if clean := r.clean.ContainsPkgCallExpr(call, c, false); clean != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,7 +111,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
|
|||||||
obj := c.Info.ObjectOf(ident)
|
obj := c.Info.ObjectOf(ident)
|
||||||
if _, ok := obj.(*types.Var); ok &&
|
if _, ok := obj.(*types.Var); ok &&
|
||||||
!gosec.TryResolve(ident, c) &&
|
!gosec.TryResolve(ident, c) &&
|
||||||
!r.isFilepathClean(ident) {
|
!r.isFilepathClean(ident, c) {
|
||||||
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user