go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-07-15 01:04:43 +02:00
Code Issues Releases Activity

Fix false positives for SQL string concatenation with constants from another file (#247)

Browse Source 
* Allow for SQL concatenation of nodes that resolve to literals

If node.Y resolves to a literal, it will not be considered as an issue.

* Fix typo in comment.

* Go through all files in package to resolve that identifier

* Refactor code and added comments.

* Changed checking to not var or func.

* Allow for supporting code for test cases.

* Resolve merge conflict changes.
This commit is contained in:
Delon Wong Her Laang
2018-09-28 15:46:59 +08:00
committed by Cosmin Cojocar
parent 5f98926a7b
commit d3f1980e7a
5 changed files with 115 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
analyzer.go
View File

@ -39,6 +39,7 @@ type Context struct {
Comments ast.CommentMap
Info *types.Info
Pkg *types.Package
PkgFiles []*ast.File
Root *ast.File
Config map[string]interface{}
Imports *ImportTracker
@ -139,6 +140,7 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
gosec.context.Root = file
gosec.context.Info = &pkg.Info
gosec.context.Pkg = pkg.Pkg
gosec.context.PkgFiles = pkg.Files
gosec.context.Imports = NewImportTracker()
gosec.context.Imports.TrackPackages(gosec.context.Pkg.Imports()...)
ast.Walk(gosec, file)