Fix the subproc rule to handle correctly the CommandContext check

In this case, we need to skip the first argument because it is the context. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2025-07-13 01:00:25 +02:00 · 2020-03-11 15:18:38 +01:00
parent f97f86103c
commit cf2590442c
2 changed files with 21 additions and 6 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -980,8 +980,6 @@ func main() {

 	// SampleCodeG204 - Subprocess auditing
 	SampleCodeG204 = []CodeSample{{[]string{`
-// Calling any function which starts a new process
-// with a function call as an argument is considered a command injection
 package main
 import (
 	"log"
@ -989,12 +987,12 @@ import (
 	"context"
 )
 func main() {
-	err := exec.CommandContext(context.Background(), "sleep", "5").Run()
+	err := exec.CommandContext(context.Background(), "git", "rev-parse", "--show-toplavel").Run()
 	if err != nil {
 		log.Fatal(err)
 	}
  	log.Printf("Command finished with error: %v", err)
-}`}, 1, gosec.NewConfig()}, {[]string{`
+}`}, 0, gosec.NewConfig()}, {[]string{`
 // Calling any function which starts a new process with using
 // command line arguments as it's arguments is considered dangerous
 package main
@ -1004,7 +1002,7 @@ import (
 	"os/exec"
 )
 func main() {
-	err := exec.CommandContext(os.Args[0], "sleep", "5").Run()
+	err := exec.CommandContext(context.Background(), os.Args[0], "5").Run()
 	if err != nil {
 		log.Fatal(err)
 	}