alpTom/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2026-01-15 09:53:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a5404eabf56aa8ca2fb9e4e8eb526da0a5a8c48
gosec/testutils/g602_samples.go
Cosmin Cojocar c073629009 Improve slice bound check (#1442) 
Improve slice bound check to habdle bounded values and properly parse
the address index only from references

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2025-12-28 19:39:40 +02:00

452 lines
5.6 KiB
Go
Raw Blame History

package testutils
import "github.com/securego/gosec/v2"
// SampleCodeG602 - Slice access out of bounds
var SampleCodeG602 = []CodeSample{
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
fmt.Println(s[:3])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
fmt.Println(s[3:])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 16)
fmt.Println(s[:17])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 16)
fmt.Println(s[:16])
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 16)
fmt.Println(s[5:17])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 4)
fmt.Println(s[3])
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 4)
fmt.Println(s[5])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
s = make([]byte, 3)
fmt.Println(s[:3])
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0, 4)
fmt.Println(s[:3])
fmt.Println(s[3])
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0, 4)
fmt.Println(s[:5])
fmt.Println(s[7])
}
`}, 2, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0, 4)
x := s[:2]
y := x[:10]
fmt.Println(y)
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]int, 0, 4)
doStuff(s)
}
func doStuff(x []int) {
newSlice := x[:10]
fmt.Println(newSlice)
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]int, 0, 30)
doStuff(s)
x := make([]int, 20)
y := x[10:]
doStuff(y)
z := y[5:]
doStuff(z)
}
func doStuff(x []int) {
newSlice := x[:10]
fmt.Println(newSlice)
newSlice2 := x[:6]
fmt.Println(newSlice2)
}
`}, 2, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
testMap := make(map[string]any, 0)
testMap["test1"] = map[string]interface{}{
"test2": map[string]interface{}{
"value": 0,
},
}
fmt.Println(testMap)
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
fmt.Println(s[0])
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
switch s[0] {
case 0:
fmt.Println("zero")
return
default:
fmt.Println(s[0])
return
}
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
switch s[0] {
case 0:
b := true
if b == true {
// Should work for many-levels of nesting when the condition is not on the target slice
fmt.Println(s[0])
}
return
default:
fmt.Println(s[0])
return
}
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
if len(s) > 1 {
fmt.Println(s[1])
}
fmt.Println(s[0])
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 2)
fmt.Println(s[1])
s = make([]byte, 0)
fmt.Println(s[1])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
if len(s) > 4 {
fmt.Println(s[3])
} else {
// Should error
fmt.Println(s[2])
}
fmt.Println(s[0])
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]byte, 0)
if len(s) > 0 {
fmt.Println("fake test")
}
fmt.Println(s[0])
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
s := make([]int, 16)
for i := 0; i < 17; i++ {
s = append(s, i)
}
if len(s) < 16 {
fmt.Println(s[10:16])
} else {
fmt.Println(s[3:18])
}
fmt.Println(s[0])
for i := range s {
fmt.Println(s[i])
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
func main() {
s := make([]int, 16)
for i := 10; i < 17; i++ {
s[i]=i
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
func main() {
var s []int
for i := 10; i < 17; i++ {
s[i]=i
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
func main() {
s := make([]int,5, 16)
for i := 1; i < 6; i++ {
s[i]=i
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
func main() {
var s [20]int
for i := 10; i < 17; i++ {
s[i]=i
}
}`}, 0, gosec.NewConfig()},
{[]string{`
package main
func main() {
var s [20]int
for i := 1; i < len(s); i++ {
s[i]=i
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
func main() {
var s [20]int
for i := 1; i <= len(s); i++ {
s[i]=i
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
func main() {
var s [20]int
for i := 18; i <= 22; i++ {
s[i]=i
}
}
`}, 1, gosec.NewConfig()},
{[]string{`
package main
func main() {
args := []any{"1"}
switch len(args) - 1 {
case 1:
_ = args[1]
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import "fmt"
func main() {
value := "1234567890"
weight := []int{2, 3, 4, 5, 6, 7}
wLen := len(weight)
l := len(value) - 1
addr := make([]any, 7)
sum := 0
weight[2] = 3
for i := l; i >= 0; i-- {
v := int(value[i] - '0')
if v < 0 || v > 9 {
fmt.Println("invalid number at column", i+1)
break
}
addr[2] = v
sum += v * weight[(l-i)%wLen]
}
fmt.Println(sum)
}
`}, 0, gosec.NewConfig()},
}
Reference in New Issue View Git Blame Copy Permalink