Redesign and reimplement the slice out of bounds check using SSA code representation

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2025-07-15 01:04:43 +02:00 · 2023-09-20 10:04:32 +02:00
parent e1278f9572
commit e02e2f6d5b
8 changed files with 461 additions and 510 deletions
--- a/analyzer.go
+++ b/analyzer.go
@ -231,9 +231,7 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
 					return fmt.Errorf("parsing errors in pkg %q: %w", pkg.Name, err)
 				}
 				gosec.CheckRules(pkg)
-				if on, err := gosec.config.IsGlobalEnabled(SSA); err == nil && on {
-					gosec.CheckAnalyzers(pkg)
-				}
+				gosec.CheckAnalyzers(pkg)
 			}
 		}
 	}
@ -377,8 +375,10 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 			continue
 		}
 		if result != nil {
-			if aissue, ok := result.(*issue.Issue); ok {
-				gosec.updateIssues(aissue, false, []issue.SuppressionInfo{})
+			if passIssues, ok := result.([]*issue.Issue); ok {
+				for _, iss := range passIssues {
+					gosec.updateIssues(iss, false, []issue.SuppressionInfo{})
+				}
 			}
 		}
 	}