Fix false positives for SQL string concatenation with constants from another file (#247)

* Allow for SQL concatenation of nodes that resolve to literals If node.Y resolves to a literal, it will not be considered as an issue. * Fix typo in comment. * Go through all files in package to resolve that identifier * Refactor code and added comments. * Changed checking to not var or func. * Allow for supporting code for test cases. * Resolve merge conflict changes.
2025-11-23 22:15:04 +02:00 · 2018-09-28 15:46:59 +08:00
parent 5f98926a7b
commit d3f1980e7a
5 changed files with 115 additions and 66 deletions
--- a/rules/rules_test.go
+++ b/rules/rules_test.go
@@ -28,10 +28,24 @@ var _ = Describe("gosec rules", func() {
 		analyzer = gosec.NewAnalyzer(config, logger)
 		runner = func(rule string, samples []testutils.CodeSample) {
 			analyzer.LoadRules(rules.Generate(rules.NewRuleFilter(false, rule)).Builders())
+
+			supportingFiles := []string{}
+			for _, sample := range samples {
+				if sample.SupportingCode {
+					supportingFiles = append(supportingFiles, sample.Code)
+				}
+			}
+
 			for n, sample := range samples {
+				if sample.SupportingCode {
+					continue
+				}
 				analyzer.Reset()
 				pkg := testutils.NewTestPackage()
 				defer pkg.Close()
+				for n, supportingCode := range supportingFiles {
+					pkg.AddFile(fmt.Sprintf("supporting_sample_%d.go", n), supportingCode)
+				}
 				pkg.AddFile(fmt.Sprintf("sample_%d.go", n), sample.Code)
 				err := pkg.Build()
 				Expect(err).ShouldNot(HaveOccurred())