github.com/amarpal/go-tools@v0.0.0-20240422043104-40142f59f616/staticcheck/sa9005/sa9005.go (about) 1 package sa9005 2 3 import ( 4 "fmt" 5 "go/types" 6 7 "github.com/amarpal/go-tools/analysis/callcheck" 8 "github.com/amarpal/go-tools/analysis/code" 9 "github.com/amarpal/go-tools/analysis/facts/generated" 10 "github.com/amarpal/go-tools/analysis/lint" 11 "github.com/amarpal/go-tools/go/types/typeutil" 12 "github.com/amarpal/go-tools/internal/passes/buildir" 13 "github.com/amarpal/go-tools/knowledge" 14 15 "golang.org/x/tools/go/analysis" 16 ) 17 18 var SCAnalyzer = lint.InitializeAnalyzer(&lint.Analyzer{ 19 Analyzer: &analysis.Analyzer{ 20 Name: "SA9005", 21 Requires: []*analysis.Analyzer{ 22 buildir.Analyzer, 23 // Filtering generated code because it may include empty structs generated from data models. 24 generated.Analyzer, 25 }, 26 Run: callcheck.Analyzer(rules), 27 }, 28 Doc: &lint.Documentation{ 29 Title: `Trying to marshal a struct with no public fields nor custom marshaling`, 30 Text: ` 31 The \'encoding/json\' and \'encoding/xml\' packages only operate on exported 32 fields in structs, not unexported ones. It is usually an error to try 33 to (un)marshal structs that only consist of unexported fields. 34 35 This check will not flag calls involving types that define custom 36 marshaling behavior, e.g. via \'MarshalJSON\' methods. It will also not 37 flag empty structs.`, 38 Since: "2019.2", 39 Severity: lint.SeverityWarning, 40 MergeIf: lint.MergeIfAll, 41 }, 42 }) 43 44 var Analyzer = SCAnalyzer.Analyzer 45 46 var rules = map[string]callcheck.Check{ 47 // TODO(dh): should we really flag XML? Even an empty struct 48 // produces a non-zero amount of data, namely its type name. 49 // Let's see if we encounter any false positives. 50 // 51 // Also, should we flag gob? 52 "encoding/json.Marshal": check(knowledge.Arg("json.Marshal.v"), "MarshalJSON", "MarshalText"), 53 "encoding/xml.Marshal": check(knowledge.Arg("xml.Marshal.v"), "MarshalXML", "MarshalText"), 54 "(*encoding/json.Encoder).Encode": check(knowledge.Arg("(*encoding/json.Encoder).Encode.v"), "MarshalJSON", "MarshalText"), 55 "(*encoding/xml.Encoder).Encode": check(knowledge.Arg("(*encoding/xml.Encoder).Encode.v"), "MarshalXML", "MarshalText"), 56 57 "encoding/json.Unmarshal": check(knowledge.Arg("json.Unmarshal.v"), "UnmarshalJSON", "UnmarshalText"), 58 "encoding/xml.Unmarshal": check(knowledge.Arg("xml.Unmarshal.v"), "UnmarshalXML", "UnmarshalText"), 59 "(*encoding/json.Decoder).Decode": check(knowledge.Arg("(*encoding/json.Decoder).Decode.v"), "UnmarshalJSON", "UnmarshalText"), 60 "(*encoding/xml.Decoder).Decode": check(knowledge.Arg("(*encoding/xml.Decoder).Decode.v"), "UnmarshalXML", "UnmarshalText"), 61 } 62 63 func check(argN int, meths ...string) callcheck.Check { 64 return func(call *callcheck.Call) { 65 if code.IsGenerated(call.Pass, call.Instr.Pos()) { 66 return 67 } 68 arg := call.Args[argN] 69 T := arg.Value.Value.Type() 70 Ts, ok := typeutil.Dereference(T).Underlying().(*types.Struct) 71 if !ok { 72 return 73 } 74 if Ts.NumFields() == 0 { 75 return 76 } 77 fields := typeutil.FlattenFields(Ts) 78 for _, field := range fields { 79 if field.Var.Exported() { 80 return 81 } 82 } 83 // OPT(dh): we could use a method set cache here 84 ms := call.Instr.Parent().Prog.MethodSets.MethodSet(T) 85 // TODO(dh): we're not checking the signature, which can cause false negatives. 86 // This isn't a huge problem, however, since vet complains about incorrect signatures. 87 for _, meth := range meths { 88 if ms.Lookup(nil, meth) != nil { 89 return 90 } 91 } 92 arg.Invalid(fmt.Sprintf("struct type '%s' doesn't have any exported fields, nor custom marshaling", typeutil.Dereference(T))) 93 } 94 }