From e1df8a05f0392b61c4f6d51f35638e5c10d976fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Tue, 2 Nov 2021 14:13:58 +0200 Subject: [PATCH 1/2] Add G303 os.Create test case --- testutils/source.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/testutils/source.go b/testutils/source.go index 766becba00..d5a8c5c3f5 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -1757,6 +1757,7 @@ package samples import ( "fmt" "io/ioutil" + "os" ) func main() { @@ -1764,7 +1765,13 @@ func main() { if err != nil { fmt.Println("Error while writing!") } -}`}, 1, gosec.NewConfig()}} + f, err := os.Create("/tmp/demo2") + if err != nil { + fmt.Println("Error while writing!") + } else if err = f.Close(); err != nil { + fmt.Println("Error while closing!") + } +}`}, 2, gosec.NewConfig()}} // SampleCodeG304 - potential file inclusion vulnerability SampleCodeG304 = []CodeSample{{[]string{` From da618aabefcbc2b7f0a3956b1948c2c4442faaec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Tue, 2 Nov 2021 14:13:58 +0200 Subject: [PATCH 2/2] Catch G303 with os.WriteFile too --- rules/tempfiles.go | 2 +- testutils/source.go | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/rules/tempfiles.go b/rules/tempfiles.go index 36f0f979bc..a2aed07be2 100644 --- a/rules/tempfiles.go +++ b/rules/tempfiles.go @@ -44,7 +44,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *gosec.Issue, err func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { calls := gosec.NewCallList() calls.Add("io/ioutil", "WriteFile") - calls.Add("os", "Create") + calls.AddAll("os", "Create", "WriteFile") return &badTempFile{ calls: calls, args: regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`), diff --git a/testutils/source.go b/testutils/source.go index d5a8c5c3f5..b389db218c 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -1771,7 +1771,11 @@ func main() { } else if err = f.Close(); err != nil { fmt.Println("Error while closing!") } -}`}, 2, gosec.NewConfig()}} + err = os.WriteFile("/tmp/demo2", []byte("This is some data"), 0644) + if err != nil { + fmt.Println("Error while writing!") + } +}`}, 3, gosec.NewConfig()}} // SampleCodeG304 - potential file inclusion vulnerability SampleCodeG304 = []CodeSample{{[]string{`