Extract the issue in its own package

2025-06-16 23:47:51 +02:00 · 2023-02-15 20:44:13 +01:00
parent 31e63276f1
commit de2c6a36fa
48 changed files with 439 additions and 378 deletions
--- a/rules/integer_overflow.go
+++ b/rules/integer_overflow.go
@ -19,10 +19,11 @@ import (
 	"go/ast"

 	"github.com/securego/gosec/v2"
+	"github.com/securego/gosec/v2/issue"
 )

 type integerOverflowCheck struct {
-	gosec.MetaData
+	issue.MetaData
 	calls gosec.CallList
 }

@ -30,7 +31,7 @@ func (i *integerOverflowCheck) ID() string {
 	return i.MetaData.ID
 }

-func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*gosec.Issue, error) {
+func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*issue.Issue, error) {
 	var atoiVarObj map[*ast.Object]ast.Node

 	// To check multiple lines, ctx.PassedValues is used to store temporary data.
@ -63,7 +64,7 @@ func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*gosec.
 				if idt, ok := n.Args[0].(*ast.Ident); ok {
 					if _, ok := atoiVarObj[idt.Obj]; ok {
 						// Detect int32(v) and int16(v)
-						return gosec.NewIssue(ctx, n, i.ID(), i.What, i.Severity, i.Confidence), nil
+						return ctx.NewIssue(n, i.ID(), i.What, i.Severity, i.Confidence), nil
 					}
 				}
 			}
@ -78,10 +79,10 @@ func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.No
 	calls := gosec.NewCallList()
 	calls.Add("strconv", "Atoi")
 	return &integerOverflowCheck{
-		MetaData: gosec.MetaData{
+		MetaData: issue.MetaData{
 			ID:         id,
-			Severity:   gosec.High,
-			Confidence: gosec.Medium,
+			Severity:   issue.High,
+			Confidence: issue.Medium,
 			What:       "Potential Integer overflow made by strconv.Atoi result conversion to int16/32",
 		},
 		calls: calls,