go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-07-07 00:35:35 +02:00
Code Issues Releases Activity

Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls

Browse Source 
Also add the corresponding tests for this.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar
2020-03-11 14:00:30 +01:00
committed by Cosmin Cojocar
parent c998389da2
commit f97f86103c
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
testutils/source.go
View File

@ -1066,6 +1066,44 @@ func main() {
}
}`}, 0, gosec.NewConfig()},
{[]string{`
package main
import (
"fmt"
"syscall"
)
func RunCmd(command string) {
_, err := syscall.ForkExec(command, []string{}, nil)
if err != nil {
fmt.Printf("Error: %v\n", err)
}
}
func main() {
RunCmd("sleep")
}`}, 1, gosec.NewConfig(),
},
{[]string{`
package main
import (
"fmt"
"syscall"
)
func RunCmd(command string) {
_, err := syscall.StartProcess(command, []string{}, nil)
if err != nil {
fmt.Printf("Error: %v\n", err)
}
}
func main() {
RunCmd("sleep")
}`}, 1, gosec.NewConfig(),
},
{[]string{`
// starting a process with a variable as an argument
// even if not constant is not considered as dangerous
// because it has harcoded value