gitlab.gosec.G304-1
unknown
Download Count*
License
File open from tainted variable
Run Locally
Run in CI
Defintion
rules:
- id: gosec.G304-1
patterns:
- pattern-not-inside: |
os.OpenFile(filepath.Clean(...), ...)
- pattern-not-inside: |
os.Open(filepath.Clean(...))
- pattern-not-inside: |
ioutil.ReadFile(filepath.Clean(...), ...)
- pattern-not-inside: |
os.OpenFile(filepath.Rel(...), ...)
- pattern-not-inside: |
os.Open(filepath.Rel(...))
- pattern-not-inside: |
ioutil.ReadFile(filepath.Rel(...), ...)
- pattern-not-inside: |
const $ARG = "..."
...
- pattern-not-inside: |
var $Y string = "..."
...
$ARG = $Y
...
- pattern-not-inside: |
$ARG = filepath.Clean($X)
...
- pattern-not-inside: |
$ARG = filepath.Rel($X)
...
- pattern-not-inside: |
$ARG, ... := filepath.Rel("...", "...")
...
- pattern-not: os.OpenFile("..." + strconv.Itoa($I), ...)
- pattern-not: os.OpenFile("...", ...)
- pattern-not: os.Open("...")
- pattern-not: os.Open("..." + strconv.Itoa($I))
- pattern-not: ioutil.ReadFile("...", ...)
- pattern-not: ioutil.ReadFile("..." + strconv.Itoa($I), ...)
- pattern-either:
- pattern: os.OpenFile($ARG, ...)
- pattern: os.Open($ARG)
- pattern: ioutil.ReadFile($ARG, ...)
message: |
File open from tainted variable
metadata:
cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal')"
primary_identifier: gosec.G304-1
secondary_identifiers:
- name: Gosec Rule ID G304
type: gosec_rule_id
value: G304
license: MIT
severity: WARNING
languages:
- go
Short Link: https://sg.run/0yQw