Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: parsing of the Go version #844

Merged
merged 2 commits into from
Aug 8, 2022
Merged

fix: parsing of the Go version #844

merged 2 commits into from
Aug 8, 2022

Conversation

ldez
Copy link
Contributor

@ldez ldez commented Aug 6, 2022
edited
Loading

The parsing of the Go version inside the function GoVersion is based on an incorrect assumption.

gosec/helpers.go

Lines 476 to 482 in 0c8e63e

func GoVersion() (int, int, int) {
versionParts := strings.Split(runtime.Version(), ".")
major, _ := strconv.Atoi(versionParts[0][2:])
minor, _ := strconv.Atoi(versionParts[1])
build, _ := strconv.Atoi(versionParts[2])
return major, minor, build
}

The Go version follows a specific pattern.

  • go1.19rc2
  • go1.19beta2
  • go1.19.4
  • go1.19

The current version of Go is go1.19 then versionParts[2] panic (runtime error: index out of range [2] with length 2)

Fixes #843

The problem has been introduced by #819

Related to golangci/golangci-lint#3071

@ldez ldez mentioned this pull request Aug 6, 2022
Closed
4 tasks
@ccojocar
Copy link
Member

ccojocar commented Aug 7, 2022

@ldez Please could you fix the lint warnings? Thanks

@ldez
Copy link
Contributor Author

ldez commented Aug 7, 2022

yes, I will fix that immediately.

@ldez
Copy link
Contributor Author

ldez commented Aug 7, 2022
edited
Loading

in fact, I'm not able to see where is the issue: no information about the file, and locally go fmt doesn't report any issue on helpers.go.

The only problem is the use of //#nosec in main.go: this doesn't follow the official directive syntax: ^[a-z]+:[a-z]+. and it's reported by go fmt

I can fix it, but you have a hidden problem because of the invalid directive syntax.

More information: golangci/golangci-lint#1658

@codecov-commenter
Copy link

Codecov Report

Merging #844 (840e586) into master (0c8e63e) will decrease coverage by 0.16%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #844      +/-   ##
==========================================
- Coverage   74.08%   73.92%   -0.17%     
==========================================
  Files          51       51              
  Lines        3180     3187       +7     
==========================================
  Hits         2356     2356              
- Misses        754      761       +7     
  Partials       70       70
Impacted Files Coverage Δ
cmd/gosec/main.go 0.00% <0.00%> (ø)
helpers.go 42.76% <0.00%> (-0.97%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@ccojocar ccojocar merged commit 4e68fb5 into securego:master Aug 8, 2022
@ldez ldez deleted the fix/go-version-parsing branch August 8, 2022 07:29
@ldez
Copy link
Contributor Author

ldez commented Aug 18, 2022

@ccojocar do you plan to make a bugfix release?
Just to know if I should use a pseudo version or if I should wait for a tagged version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccojocar ccojocar ccojocar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

new(big.Rat).SetString("") causes panic: runtime error: index out of range [2] with length 2
3 participants
@ldez @ccojocar @codecov-commenter