-
-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
G304: error persists after running filePath.Clean on a separate line from os.OpenFile #506
Comments
I would be more interested why |
That is a fair question which I don't know the answer to (though I think you're right). This has also been discussed in #439 (in more depth). I would argue that comment deserves a separate issue, but I haven't opened such an issue as the rule is actually not relevant to my current context, but I discovered this bug in the process of realizing that 🙃 (as an aside, to contribute to that discussion, the note about filepath.Clean was added to the website/docs in securego/securego.github.io#20) |
There is a bug, see the attached pull request. The variable assignment is not resolved in order to check if the |
Summary
Due to the recent addition of #488 I got a new error in my code. I wanted to fix this in accordance with the docs for G304 but to my surprise my solution (below) didn't work:
Only after rewriting this as:
did gosec recognize the solution.
Steps to reproduce the behavior
Create a sample project with the file below and run gosec
gosec version
The gosec GitHub Action as linked above.
Go version (output of 'go version')
Same as in the gosec GitHub Action.
Operating system / Environment
The gosec GitHub Action container.
Expected behavior
No warning if the variable is actually the result of
filepath.Clean
.Actual behavior
A warning even if the variable is actually the result of
filepath.Clean
.The text was updated successfully, but these errors were encountered: