Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: G602 Slice Bound Checking #973

Merged
merged 12 commits into from
Jun 21, 2023
Merged

Feature: G602 Slice Bound Checking #973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b7d3dd7
Added slice bounds testing for slice expressions.
morgenm Jun 16, 2023
e5f0e10
Added checking slice index.
morgenm Jun 16, 2023
af7a2d9
Added test for reassigning slice.
morgenm Jun 16, 2023
a968dc3
Store capacities on reslicing.
morgenm Jun 17, 2023
0d54b19
Scope change clears map. Func name used to track slices.
morgenm Jun 17, 2023
3491cdb
Map CallExpr to check bounds when passing to functions.
morgenm Jun 17, 2023
7915743
Fixed linter errors.
morgenm Jun 17, 2023
d3b0fa2
Updated rulelist with CWE mapping.
morgenm Jun 17, 2023
7a3cc60
Added comment for NewSliceBoundCheck.
morgenm Jun 17, 2023
0f74b06
Addressed nil cap runtime error.
morgenm Jun 20, 2023
6a86b77
Replaced usage of nil in call arg map with dummy callexprs.
morgenm Jun 20, 2023
a7356c2
Updated comments, wrapped error return, addressed other review concerns.
morgenm Jun 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions issue/issue.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ var ruleToCWE = map[string]string{
"G504": "327",
"G505": "327",
"G601": "118",
"G602": "118",
}

// Issue is returned by a gosec rule if it discovers an issue with the scanned code.
Expand Down
1 change: 1 addition & 0 deletions rules/rulelist.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ func Generate(trackSuppressions bool, filters ...RuleFilter) RuleList {

// memory safety
{"G601", "Implicit memory aliasing in RangeStmt", NewImplicitAliasing},
{"G602", "Slice access out of bounds", NewSliceBoundCheck},
}

ruleMap := make(map[string]RuleDefinition)
Expand Down
4 changes: 4 additions & 0 deletions rules/rules_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,5 +194,9 @@ var _ = Describe("gosec rules", func() {
It("should detect implicit aliasing in ForRange", func() {
runner("G601", testutils.SampleCodeG601)
})

It("should detect out of bounds slice access", func() {
runner("G602", testutils.SampleCodeG602)
})
})
})
Loading