Recognize struct field in G601

Signed-off-by: futuretea <1913508671@qq.com>
securego · Jun 2, 2023 · be2069a · be2069a
1 parent 1457921
commit be2069a
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 2 deletions.
diff --git a/rules/implicit_aliasing.go b/rules/implicit_aliasing.go
@@ -28,6 +28,26 @@ func containsUnary(exprs []*ast.UnaryExpr, expr *ast.UnaryExpr) bool {
 	return false
 }
 
+func getIdentExpr(expr ast.Expr) *ast.Ident {
+	switch node := expr.(type) {
+	case *ast.Ident:
+		return node
+	case *ast.SelectorExpr:
+		return getIdentExpr(node.X)
+	case *ast.UnaryExpr:
+		switch e := node.X.(type) {
+		case *ast.Ident:
+			return e
+		case *ast.SelectorExpr:
+			return getIdentExpr(e.X)
+		default:
+			return nil
+		}
+	default:
+		return nil
+	}
+}
+
 func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 	switch node := n.(type) {
 	case *ast.RangeStmt:
@@ -72,8 +92,8 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er
 		}
 
 		// If we find a unary op of & (reference) of an object within r.aliases, complain.
-		if ident, ok := node.X.(*ast.Ident); ok && node.Op.String() == "&" {
-			if _, contains := r.aliases[ident.Obj]; contains {
+		if identExpr := getIdentExpr(node); identExpr != nil && node.Op.String() == "&" {
+			if _, contains := r.aliases[identExpr.Obj]; contains {
 				return c.NewIssue(n, r.ID(), r.What, r.Severity, r.Confidence), nil
 			}
 		}

diff --git a/testutils/source.go b/testutils/source.go
@@ -3444,6 +3444,70 @@ func main() {
         fmt.Println(sampleString)
     }
 }`}, 0, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"fmt"
+)
+
+type sampleStruct struct {
+	name string
+}
+
+func main() {
+	samples := []sampleStruct{
+		{name: "a"},
+		{name: "b"},
+	}
+	for _, sample := range samples {
+		fmt.Println(sample.name)
+	}
+}`}, 0, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"fmt"
+)
+
+type sampleStruct struct {
+	name string
+}
+
+func main() {
+	samples := []sampleStruct{
+		{name: "a"},
+		{name: "b"},
+	}
+	for _, sample := range samples {
+		fmt.Println(&sample.name)
+	}
+}`}, 1, gosec.NewConfig()},
+		{[]string{`
+package main
+
+import (
+	"fmt"
+)
+
+type subStruct struct {
+	name string
+}
+
+type sampleStruct struct {
+	sub subStruct
+}
+
+func main() {
+	samples := []sampleStruct{
+		{sub: subStruct{name: "a"}},
+		{sub: subStruct{name: "b"}},
+	}
+	for _, sample := range samples {
+		fmt.Println(&sample.sub.name)
+	}
+}`}, 1, gosec.NewConfig()},
 	}
 
 	// SampleCodeBuildTag - G601 build tags