From 00b59598e8260403b10943a48b1b021ec01ca50c Mon Sep 17 00:00:00 2001 From: Dmitry Golushko Date: Wed, 27 Jul 2022 18:20:04 +0200 Subject: [PATCH] Fix for G402. Check package path instead of package name --- helpers.go | 32 +++++++++++++++++++++++++++----- rules/tls.go | 12 ++++++++---- testutils/source.go | 13 +++++++++++++ 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/helpers.go b/helpers.go index 7ac1f2caed..b8321e3296 100644 --- a/helpers.go +++ b/helpers.go @@ -39,7 +39,10 @@ import ( func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) { importedName, found := GetImportedName(pkg, c) if !found { - return nil, false + importedName, found = GetAliasedName(pkg, c) + if !found { + return nil, false + } } if callExpr, ok := n.(*ast.CallExpr); ok { @@ -245,7 +248,7 @@ func GetBinaryExprOperands(be *ast.BinaryExpr) []ast.Node { } // GetImportedName returns the name used for the package within the -// code. It will resolve aliases and ignores initialization only imports. +// code. It will ignore initialization only imports. func GetImportedName(path string, ctx *Context) (string, bool) { importName, imported := ctx.Imports.Imported[path] if !imported { @@ -256,20 +259,39 @@ func GetImportedName(path string, ctx *Context) (string, bool) { return "", false } - if alias, ok := ctx.Imports.Aliased[path]; ok { - importName = alias + return importName, true +} + +// GetAliasedName returns the aliased name used for the package within the +// code. It will ignore initialization only imports. +func GetAliasedName(path string, ctx *Context) (string, bool) { + importName, imported := ctx.Imports.Aliased[path] + if !imported { + return "", false } + + if _, initonly := ctx.Imports.InitOnly[path]; initonly { + return "", false + } + return importName, true } // GetImportPath resolves the full import path of an identifier based on -// the imports in the current context. +// the imports in the current context(including aliases). func GetImportPath(name string, ctx *Context) (string, bool) { for path := range ctx.Imports.Imported { if imported, ok := GetImportedName(path, ctx); ok && imported == name { return path, true } } + + for path := range ctx.Imports.Aliased { + if imported, ok := GetAliasedName(path, ctx); ok && imported == name { + return path, true + } + } + return "", false } diff --git a/rules/tls.go b/rules/tls.go index 21af8e54fb..76dfd84ff6 100644 --- a/rules/tls.go +++ b/rules/tls.go @@ -122,8 +122,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont t.actualMinVersion = ival } else { if se, ok := n.Value.(*ast.SelectorExpr); ok { - if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { - t.actualMinVersion = t.mapVersion(se.Sel.Name) + if pkg, ok := se.X.(*ast.Ident); ok { + if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" { + t.actualMinVersion = t.mapVersion(se.Sel.Name) + } } } } @@ -133,8 +135,10 @@ func (t *insecureConfigTLS) processTLSConfVal(n *ast.KeyValueExpr, c *gosec.Cont t.actualMaxVersion = ival } else { if se, ok := n.Value.(*ast.SelectorExpr); ok { - if pkg, ok := se.X.(*ast.Ident); ok && pkg.Name == "tls" { - t.actualMaxVersion = t.mapVersion(se.Sel.Name) + if pkg, ok := se.X.(*ast.Ident); ok { + if ip, ok := gosec.GetImportPath(pkg.Name, c); ok && ip == "crypto/tls" { + t.actualMaxVersion = t.mapVersion(se.Sel.Name) + } } } } diff --git a/testutils/source.go b/testutils/source.go index 2b67b2e4bc..c7688e7290 100644 --- a/testutils/source.go +++ b/testutils/source.go @@ -3008,6 +3008,19 @@ package main import "crypto/tls" const MinVer = tls.VersionTLS13 +`}, 0, gosec.NewConfig()}, + {[]string{` +package main + +import ( + "crypto/tls" + cryptotls "crypto/tls" +) + +func main() { + _ = tls.Config{MinVersion: tls.VersionTLS12} + _ = cryptotls.Config{MinVersion: cryptotls.VersionTLS12} +} `}, 0, gosec.NewConfig()}, }