From b5872792c4a00e98ef636d07d1e37697338b65ae Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
Date: Wed, 12 Jan 2022 16:45:33 +0100
Subject: [PATCH 1/4] Add os.Create to the readfile rule

---
 cmd/gosec/main.go   |  2 +-
 rules/readfile.go   |  1 +
 testutils/source.go | 32 +++++++++++++++++++++++++++++++-
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
index 7372a78e62..8b84f37d76 100644
--- a/cmd/gosec/main.go
+++ b/cmd/gosec/main.go
@@ -246,7 +246,7 @@ func printReport(format string, color bool, rootPaths []string, reportInfo *gose
 }
 
 func saveReport(filename, format string, rootPaths []string, reportInfo *gosec.ReportInfo) error {
-	outfile, err := os.Create(filename)
+	outfile, err := os.Create(filename) //#nosec G304
 	if err != nil {
 		return err
 	}
diff --git a/rules/readfile.go b/rules/readfile.go
index a4ccb720c7..579f2fa447 100644
--- a/rules/readfile.go
+++ b/rules/readfile.go
@@ -125,5 +125,6 @@ func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	rule.Add("os", "ReadFile")
 	rule.Add("os", "Open")
 	rule.Add("os", "OpenFile")
+	rule.Add("os", "Create")
 	return rule, []ast.Node{(*ast.CallExpr)(nil)}
 }
diff --git a/testutils/source.go b/testutils/source.go
index a6f2af83cd..4dc5fbd7cc 100644
--- a/testutils/source.go
+++ b/testutils/source.go
@@ -979,7 +979,37 @@ func main() {
 	if  err != nil {
 		panic(err)
 	}
-}`}, 0, gosec.NewConfig()},
+}`}, 0, gosec.NewConfig()}, {[]string{`
+package main
+
+import (
+	"io"
+	"os"
+)
+
+func createFile(file string) *os.File {
+	f, err := os.Create(file)
+	if err != nil {
+		panic(err)
+	}
+	retun f
+}
+
+func main() {
+	s, err := os.Open("src")
+	if err != nil {
+		panic(err)
+	}
+	defer s.Close()
+
+    d = createFile("dst")
+	defer d.Close()
+
+	_, err = io.Copy(d, s)
+	if  err != nil {
+		panic(err)
+	}
+}`}, 1, gosec.NewConfig()},
 	}
 
 	// SampleCodeG201 - SQL injection via format string

From 686c46549ec776ea1e1b51f267b571bd69198caf Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
Date: Wed, 12 Jan 2022 17:06:59 +0100
Subject: [PATCH 2/4] Fix the sample code

---
 testutils/source.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testutils/source.go b/testutils/source.go
index 4dc5fbd7cc..87722e4f00 100644
--- a/testutils/source.go
+++ b/testutils/source.go
@@ -992,7 +992,7 @@ func createFile(file string) *os.File {
 	if err != nil {
 		panic(err)
 	}
-	retun f
+	return f
 }
 
 func main() {
@@ -1002,7 +1002,7 @@ func main() {
 	}
 	defer s.Close()
 
-    d = createFile("dst")
+	d := createFile("dst")
 	defer d.Close()
 
 	_, err = io.Copy(d, s)

From 96e4ffbb627d0d491a0f3620ef968dc7dc86bad3 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
Date: Wed, 12 Jan 2022 19:21:37 +0100
Subject: [PATCH 3/4] Move the test code sample into the right place

---
 testutils/source.go | 65 +++++++++++++++++++++++----------------------
 1 file changed, 33 insertions(+), 32 deletions(-)

diff --git a/testutils/source.go b/testutils/source.go
index 87722e4f00..0a3fa880a3 100644
--- a/testutils/source.go
+++ b/testutils/source.go
@@ -979,37 +979,7 @@ func main() {
 	if  err != nil {
 		panic(err)
 	}
-}`}, 0, gosec.NewConfig()}, {[]string{`
-package main
-
-import (
-	"io"
-	"os"
-)
-
-func createFile(file string) *os.File {
-	f, err := os.Create(file)
-	if err != nil {
-		panic(err)
-	}
-	return f
-}
-
-func main() {
-	s, err := os.Open("src")
-	if err != nil {
-		panic(err)
-	}
-	defer s.Close()
-
-	d := createFile("dst")
-	defer d.Close()
-
-	_, err = io.Copy(d, s)
-	if  err != nil {
-		panic(err)
-	}
-}`}, 1, gosec.NewConfig()},
+}`}, 0, gosec.NewConfig()},
 	}
 
 	// SampleCodeG201 - SQL injection via format string
@@ -2116,7 +2086,38 @@ func main() {
     }
 }
 
-`}, 0, gosec.NewConfig()}}
+`}, 0, gosec.NewConfig()}, {[]string{`
+package main
+
+import (
+	"io"
+	"os"
+)
+
+func createFile(file string) *os.File {
+	f, err := os.Create(file)
+	if err != nil {
+		panic(err)
+	}
+	return f
+}
+
+func main() {
+	s, err := os.Open("src")
+	if err != nil {
+		panic(err)
+	}
+	defer s.Close()
+
+	d := createFile("dst")
+	defer d.Close()
+
+	_, err = io.Copy(d, s)
+	if  err != nil {
+		panic(err)
+	}
+}`}, 1, gosec.NewConfig()},
+	}
 
 	// SampleCodeG305 - File path traversal when extracting zip/tar archives
 	SampleCodeG305 = []CodeSample{{[]string{`

From 4f9cbc2861aaff131b2552615f3b968e3f6a9066 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
Date: Wed, 12 Jan 2022 19:25:48 +0100
Subject: [PATCH 4/4] Fix lint warning

---
 testutils/source.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/testutils/source.go b/testutils/source.go
index 0a3fa880a3..3188187c3c 100644
--- a/testutils/source.go
+++ b/testutils/source.go
@@ -1891,7 +1891,8 @@ func main() {
 }`}, 9, gosec.NewConfig()}}
 
 	// SampleCodeG304 - potential file inclusion vulnerability
-	SampleCodeG304 = []CodeSample{{[]string{`
+	SampleCodeG304 = []CodeSample{
+		{[]string{`
 package main
 
 import (