Try to resolve all elements in an expression to a known const

This is used in the subprocess launching test but will be added to others as applicable. This also closes #28
2025-11-25 22:22:17 +02:00 · 2016-08-03 14:54:17 +01:00
parent 12d370b11b
commit d2d49f1c8c
4 changed files with 111 additions and 10 deletions
--- a/rules/subproc_test.go
+++ b/rules/subproc_test.go
@@ -33,7 +33,8 @@ func TestSubprocess(t *testing.T) {
    )

    func main() {
-    	cmd := exec.Command("/bin/sleep", "5")
+			val := "/bin/" + "sleep"
+    	cmd := exec.Command(val, "5")
    	err := cmd.Start()
    	if err != nil {
    		log.Fatal(err)
@@ -59,7 +60,7 @@ func TestSubprocessVar(t *testing.T) {
    )

    func main() {
-      run := "sleep"
+      run := "sleep" + someFunc()
    	cmd := exec.Command(run, "5")
    	err := cmd.Start()
    	if err != nil {
@@ -98,3 +99,22 @@ func TestSubprocessPath(t *testing.T) {

 	checkTestResults(t, issues, 1, "Subprocess launching with partial path.")
 }
+
+func TestSubprocessSyscall(t *testing.T) {
+	analyzer := gas.NewAnalyzer(false, nil, nil)
+	analyzer.AddRule(NewSubproc())
+
+	issues := gasTestRunner(`
+    package main
+
+    import (
+    	"log"
+    	"os/exec"
+    )
+
+    func main() {
+    	syscall.Exec("/bin/cat", []string{ "/etc/passwd" }, nil)
+    }`, analyzer)
+
+	checkTestResults(t, issues, 1, "Subprocess launching should be audited.")
+}