dgryski.semgrep-go.hostport.sprintf-host-port
dgryskiAuthor
581
Download Count*
License
use net.JoinHostPort instead of fmt.Sprintf($XX, $NET)
Run Locally
Run in CI
Defintion
rules:
- id: sprintf-host-port
pattern-either:
- patterns:
- pattern-either:
- pattern: fmt.Sprintf("%s:%s", $NET, $XX)
- pattern: fmt.Sprintf("%s:%d", $NET, $XX)
- pattern: fmt.Sprintf("%s:%s", $XX, $NET)
- pattern: fmt.Sprintf("%s:%d", $XX, $NET)
- pattern: $NET = fmt.Sprintf("%s:%d", ..., ...)
- pattern: $NET = fmt.Sprintf("%s:%s", ..., ...)
- metavariable-regex:
metavariable: $NET
regex: ((?i).*(port|addr|host|listen|bind))|((?i)^ip$)|(ip[A-Z0-9].*|.*(Ip)$|.*(Ip)[A-Z0-9].*)
- patterns:
- pattern: fmt.Sprintf($XX, $NET)
- metavariable-regex:
metavariable: $XX
regex: '"%s:[0-9]+"'
- metavariable-regex:
metavariable: $NET
regex: ((?i).*(port|addr|host|listen|bind))|((?i)^ip$)|(ip[A-Z0-9].*|.*(Ip)$|.*(Ip)[A-Z0-9].*)
message: |
use net.JoinHostPort instead of fmt.Sprintf($XX, $NET)
languages:
- go
severity: ERROR
metadata:
license: MIT
Short Link: https://sg.run/DoN2