gopkg.in/alecthomas/gometalinter.v3@v3.0.0/_linters/src/github.com/securego/gosec/rules/unsafe.go (about) 1 // (c) Copyright 2016 Hewlett Packard Enterprise Development LP 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package rules 16 17 import ( 18 "go/ast" 19 20 "github.com/securego/gosec" 21 ) 22 23 type usingUnsafe struct { 24 gosec.MetaData 25 pkg string 26 calls []string 27 } 28 29 func (r *usingUnsafe) ID() string { 30 return r.MetaData.ID 31 } 32 33 func (r *usingUnsafe) Match(n ast.Node, c *gosec.Context) (gi *gosec.Issue, err error) { 34 if _, matches := gosec.MatchCallByPackage(n, c, r.pkg, r.calls...); matches { 35 return gosec.NewIssue(c, n, r.ID(), r.What, r.Severity, r.Confidence), nil 36 } 37 return nil, nil 38 } 39 40 // NewUsingUnsafe rule detects the use of the unsafe package. This is only 41 // really useful for auditing purposes. 42 func NewUsingUnsafe(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { 43 return &usingUnsafe{ 44 pkg: "unsafe", 45 calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"}, 46 MetaData: gosec.MetaData{ 47 ID: id, 48 What: "Use of unsafe calls should be audited", 49 Severity: gosec.Low, 50 Confidence: gosec.High, 51 }, 52 }, []ast.Node{(*ast.CallExpr)(nil)} 53 }