Check nil pointer when variable is declared in a different file

2025-11-23 22:15:04 +02:00 · 2023-03-08 08:42:45 -05:00
parent cdd3476f91
commit f823a7e92b
3 changed files with 60 additions and 12 deletions
--- a/rules/readfile.go
+++ b/rules/readfile.go
@@ -81,7 +81,11 @@ func (r *readfile) isFilepathClean(n *ast.Ident, c *gosec.Context) bool {
 func (r *readfile) trackFilepathClean(n ast.Node) {
 	if clean, ok := n.(*ast.CallExpr); ok && len(clean.Args) > 0 {
 		if ident, ok := clean.Args[0].(*ast.Ident); ok {
-			r.cleanedVar[ident.Obj.Decl] = n
+			// ident.Obj may be nil if the referenced declaration is in another file. It also may be incorrect.
+			// if it is nil, do not follow it.
+			if ident.Obj != nil {
+				r.cleanedVar[ident.Obj.Decl] = n
+			}
 		}
 	}
 }