checkers: fix sqlQuery panic

If astcast to SelectorExpr failed, funcExpr.Sel will be nil.

Bug reported by @un000

Also move "_" lhs check up, since it's cheaper.

Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>

checkers/sqlQuery_checker.go

@@ -36,19 +36,19 @@ func (c *sqlQueryChecker) VisitStmt(stmt ast.Stmt) {
 		return
 	}
 
-	call := astcast.ToCallExpr(assign.Rhs[0])
-	funcExpr := astcast.ToSelectorExpr(call.Fun)
-	if !c.funcIsQuery(funcExpr) {
-		return
-	}
-
 	// If Query() is called, but first return value is ignored,
 	// there is no way to close/read the returned rows.
 	// This can cause a connection leak.
 	if id, ok := assign.Lhs[0].(*ast.Ident); ok && id.Name != "_" {
 		return
 	}
 
+	call := astcast.ToCallExpr(assign.Rhs[0])
+	funcExpr := astcast.ToSelectorExpr(call.Fun)
+	if !c.funcIsQuery(funcExpr) {
+		return
+	}
+
 	if c.typeHasExecMethod(c.ctx.TypesInfo.TypeOf(funcExpr.X)) {
 		c.warnAndSuggestExec(funcExpr)
 	} else {
@@ -57,6 +57,9 @@ func (c *sqlQueryChecker) VisitStmt(stmt ast.Stmt) {
 }
 
 func (c *sqlQueryChecker) funcIsQuery(funcExpr *ast.SelectorExpr) bool {
+	if funcExpr.Sel == nil {
+		return false
+	}
 	switch funcExpr.Sel.Name {
 	case "Query", "QueryContext":
 		// Stdlib and friends.

checkers/testdata/sqlQuery/negative_tests.go

@@ -4,6 +4,12 @@ import (
 	"database/sql"
 )
 
+func foo() (int, int) { return 0, 0 }
+
+func notQueryCall() {
+	_, _ = foo()
+}
+
 func queryResultIsUsed(db *sql.DB, qe QueryExecer, mydb *myDatabase) {
 	const queryString = "SELECT * FROM users"