New Rule Tainted file (#183)

* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions * Add nil pointer check to rule. (#181) TypeOf returns the type of expression e, or nil if not found. We are calling .String() on a value that may be nil in this clause. Relates to #174 * Add support for YAML output format (#177) * Add YAML output format * Update README * added rule to check for tainted file path * added #nosec to main/issue.go * updated test case import
2025-07-07 00:35:35 +02:00 · 2018-03-08 18:23:27 -05:00
parent 57dd25a893
commit e76b258456
7 changed files with 100 additions and 0 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -459,6 +459,49 @@ func main() {
 	ioutil.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
 }`, 2}}

+	// SampleCodeG304 - potential file inclusion vulnerability
+	SampleCodeG304 = []CodeSample{{`
+package main
+import (
+"os"
+"io/ioutil"
+"log"
+)
+func main() {
+f := os.Getenv("tainted_file")
+body, err := ioutil.ReadFile(f)
+if err != nil {
+ log.Printf("Error: %v\n", err)
+}
+log.Print(f)
+
+}`, 1}, {`
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+)
+
+func main() {
+	http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) {
+		title := r.URL.Query().Get("title")
+		f, err := os.Open(title)
+		if err != nil {
+			fmt.Printf("Error: %v\n", err)
+		}
+		body := make([]byte, 5)
+		n1, err := f.Read(body)
+		if err != nil {
+			fmt.Printf("Error: %v\n", err)
+		}
+		fmt.Fprintf(w, "%s", body)
+	})
+	log.Fatal(http.ListenAndServe(":3000", nil))
+}`, 1}}
+
 	// SampleCodeG401 - Use of weak crypto MD5
 	SampleCodeG401 = []CodeSample{
 		{`