2021-09-01 22:38:56 +08:00
|
|
|
//go:build ignore
|
2020-12-11 18:45:17 +08:00
|
|
|
// +build ignore
|
2021-09-01 22:38:56 +08:00
|
|
|
|
2020-12-11 18:45:17 +08:00
|
|
|
// The MIT License (MIT)
|
|
|
|
|
//
|
|
|
|
|
// Copyright (c) 2020 Grafana Labs <contact@grafana.com>, Damian Gryski <damian@gryski.com>
|
|
|
|
|
//
|
|
|
|
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
// of this software and associated documentation files (the "Software"), to deal
|
|
|
|
|
// in the Software without restriction, including without limitation the rights
|
|
|
|
|
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
// copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
// furnished to do so, subject to the following conditions:
|
|
|
|
|
//
|
|
|
|
|
// The above copyright notice and this permission notice shall be included in
|
|
|
|
|
// all copies or substantial portions of the Software.
|
|
|
|
|
//
|
|
|
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
|
// THE SOFTWARE.
|
|
|
|
|
|
|
|
|
|
package gorules
|
|
|
|
|
|
|
|
|
|
import "github.com/quasilyte/go-ruleguard/dsl/fluent"
|
|
|
|
|
|
|
|
|
|
// This is a collection of rules for ruleguard: https://github.com/quasilyte/go-ruleguard
|
|
|
|
|
// Copied from https://github.com/dgryski/semgrep-go
|
|
|
|
|
|
|
|
|
|
// Remove extra conversions: mdempsky/unconvert
|
|
|
|
|
func unconvert(m fluent.Matcher) {
|
|
|
|
|
m.Match("int($x)").Where(m["x"].Type.Is("int") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
|
|
|
|
|
m.Match("float32($x)").Where(m["x"].Type.Is("float32") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("float64($x)").Where(m["x"].Type.Is("float64") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("byte($x)").Where(m["x"].Type.Is("byte")).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("rune($x)").Where(m["x"].Type.Is("rune")).Report("unnecessary conversion").Suggest("$x")
|
2020-12-11 18:45:17 +08:00
|
|
|
m.Match("bool($x)").Where(m["x"].Type.Is("bool") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
|
|
|
|
|
m.Match("int8($x)").Where(m["x"].Type.Is("int8") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("int16($x)").Where(m["x"].Type.Is("int16") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("int32($x)").Where(m["x"].Type.Is("int32") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("int64($x)").Where(m["x"].Type.Is("int64") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
|
|
|
|
|
m.Match("uint8($x)").Where(m["x"].Type.Is("uint8") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("uint16($x)").Where(m["x"].Type.Is("uint16") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("uint32($x)").Where(m["x"].Type.Is("uint32") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
m.Match("uint64($x)").Where(m["x"].Type.Is("uint64") && !m["x"].Const).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
|
|
|
|
|
m.Match("time.Duration($x)").Where(m["x"].Type.Is("time.Duration") && !m["x"].Text.Matches("^[0-9]*$")).Report("unnecessary conversion").Suggest("$x")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Don't use == or != with time.Time
|
|
|
|
|
// https://github.com/dominikh/go-tools/issues/47 : Wontfix
|
|
|
|
|
func timeeq(m fluent.Matcher) {
|
|
|
|
|
m.Match("$t0 == $t1").Where(m["t0"].Type.Is("time.Time")).Report("using == with time.Time")
|
|
|
|
|
m.Match("$t0 != $t1").Where(m["t0"].Type.Is("time.Time")).Report("using != with time.Time")
|
|
|
|
|
m.Match(`map[$k]$v`).Where(m["k"].Type.Is("time.Time")).Report("map with time.Time keys are easy to misuse")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wrong err in error check
|
|
|
|
|
func wrongerr(m fluent.Matcher) {
|
|
|
|
|
m.Match("if $*_, $err0 := $*_; $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 := $*_; $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 = $*_; $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 = $*_; $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 := $*_; $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 := $*_; $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 = $*_; $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("if $*_, $err0 = $*_; $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 := $*_; if $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 := $*_; if $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 := $*_; if $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 := $*_; if $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 = $*_; if $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 = $*_; if $err1 != nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 = $*_; if $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text == "err" && m["err0"].Type.Is("error") && m["err1"].Text != "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
|
|
|
|
|
m.Match("$*_, $err0 = $*_; if $err1 == nil { $*_ }").
|
|
|
|
|
Where(m["err0"].Text != "err" && m["err0"].Type.Is("error") && m["err1"].Text == "err" && m["err1"].Type.Is("error")).
|
|
|
|
|
Report("maybe wrong err in error check")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// err but no an error
|
|
|
|
|
func errnoterror(m fluent.Matcher) {
|
|
|
|
|
|
|
|
|
|
// Would be easier to check for all err identifiers instead, but then how do we get the type from m[] ?
|
|
|
|
|
|
|
|
|
|
m.Match(
|
|
|
|
|
"if $*_, err := $x; $err != nil { $*_ } else if $_ { $*_ }",
|
|
|
|
|
"if $*_, err := $x; $err != nil { $*_ } else { $*_ }",
|
|
|
|
|
"if $*_, err := $x; $err != nil { $*_ }",
|
|
|
|
|
|
|
|
|
|
"if $*_, err = $x; $err != nil { $*_ } else if $_ { $*_ }",
|
|
|
|
|
"if $*_, err = $x; $err != nil { $*_ } else { $*_ }",
|
|
|
|
|
"if $*_, err = $x; $err != nil { $*_ }",
|
|
|
|
|
|
|
|
|
|
"$*_, err := $x; if $err != nil { $*_ } else if $_ { $*_ }",
|
|
|
|
|
"$*_, err := $x; if $err != nil { $*_ } else { $*_ }",
|
|
|
|
|
"$*_, err := $x; if $err != nil { $*_ }",
|
|
|
|
|
|
|
|
|
|
"$*_, err = $x; if $err != nil { $*_ } else if $_ { $*_ }",
|
|
|
|
|
"$*_, err = $x; if $err != nil { $*_ } else { $*_ }",
|
|
|
|
|
"$*_, err = $x; if $err != nil { $*_ }",
|
|
|
|
|
).
|
|
|
|
|
Where(m["err"].Text == "err" && !m["err"].Type.Is("error") && m["x"].Text != "recover()").
|
|
|
|
|
Report("err variable not error type")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Identical if and else bodies
|
|
|
|
|
func ifbodythenbody(m fluent.Matcher) {
|
|
|
|
|
m.Match("if $*_ { $body } else { $body }").
|
|
|
|
|
Report("identical if and else bodies")
|
|
|
|
|
|
|
|
|
|
// Lots of false positives.
|
|
|
|
|
// m.Match("if $*_ { $body } else if $*_ { $body }").
|
|
|
|
|
// Report("identical if and else bodies")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Odd inequality: A - B < 0 instead of !=
|
|
|
|
|
// Too many false positives.
|
|
|
|
|
/*
|
|
|
|
|
func subtractnoteq(m fluent.Matcher) {
|
|
|
|
|
m.Match("$a - $b < 0").Report("consider $a != $b")
|
|
|
|
|
m.Match("$a - $b > 0").Report("consider $a != $b")
|
|
|
|
|
m.Match("0 < $a - $b").Report("consider $a != $b")
|
|
|
|
|
m.Match("0 > $a - $b").Report("consider $a != $b")
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// Self-assignment
|
|
|
|
|
func selfassign(m fluent.Matcher) {
|
|
|
|
|
m.Match("$x = $x").Report("useless self-assignment")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Odd nested ifs
|
|
|
|
|
func oddnestedif(m fluent.Matcher) {
|
|
|
|
|
m.Match("if $x { if $x { $*_ }; $*_ }",
|
|
|
|
|
"if $x == $y { if $x != $y {$*_ }; $*_ }",
|
|
|
|
|
"if $x != $y { if $x == $y {$*_ }; $*_ }",
|
|
|
|
|
"if $x { if !$x { $*_ }; $*_ }",
|
|
|
|
|
"if !$x { if $x { $*_ }; $*_ }").
|
|
|
|
|
Report("odd nested ifs")
|
|
|
|
|
|
|
|
|
|
m.Match("for $x { if $x { $*_ }; $*_ }",
|
|
|
|
|
"for $x == $y { if $x != $y {$*_ }; $*_ }",
|
|
|
|
|
"for $x != $y { if $x == $y {$*_ }; $*_ }",
|
|
|
|
|
"for $x { if !$x { $*_ }; $*_ }",
|
|
|
|
|
"for !$x { if $x { $*_ }; $*_ }").
|
|
|
|
|
Report("odd nested for/ifs")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// odd bitwise expressions
|
|
|
|
|
func oddbitwise(m fluent.Matcher) {
|
|
|
|
|
m.Match("$x | $x",
|
|
|
|
|
"$x | ^$x",
|
|
|
|
|
"^$x | $x").
|
|
|
|
|
Report("odd bitwise OR")
|
|
|
|
|
|
|
|
|
|
m.Match("$x & $x",
|
|
|
|
|
"$x & ^$x",
|
|
|
|
|
"^$x & $x").
|
|
|
|
|
Report("odd bitwise AND")
|
|
|
|
|
|
|
|
|
|
m.Match("$x &^ $x").
|
|
|
|
|
Report("odd bitwise AND-NOT")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// odd sequence of if tests with return
|
|
|
|
|
func ifreturn(m fluent.Matcher) {
|
|
|
|
|
m.Match("if $x { return $*_ }; if $x {$*_ }").Report("odd sequence of if test")
|
|
|
|
|
m.Match("if $x { return $*_ }; if !$x {$*_ }").Report("odd sequence of if test")
|
|
|
|
|
m.Match("if !$x { return $*_ }; if $x {$*_ }").Report("odd sequence of if test")
|
|
|
|
|
m.Match("if $x == $y { return $*_ }; if $x != $y {$*_ }").Report("odd sequence of if test")
|
|
|
|
|
m.Match("if $x != $y { return $*_ }; if $x == $y {$*_ }").Report("odd sequence of if test")
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func oddifsequence(m fluent.Matcher) {
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("if $x { $*_ }; if $x {$*_ }").Report("odd sequence of if test")
|
2020-12-11 18:45:17 +08:00
|
|
|
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("if $x == $y { $*_ }; if $y == $x {$*_ }").Report("odd sequence of if tests")
|
|
|
|
|
m.Match("if $x != $y { $*_ }; if $y != $x {$*_ }").Report("odd sequence of if tests")
|
2020-12-11 18:45:17 +08:00
|
|
|
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("if $x < $y { $*_ }; if $y > $x {$*_ }").Report("odd sequence of if tests")
|
|
|
|
|
m.Match("if $x <= $y { $*_ }; if $y >= $x {$*_ }").Report("odd sequence of if tests")
|
2020-12-11 18:45:17 +08:00
|
|
|
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("if $x > $y { $*_ }; if $y < $x {$*_ }").Report("odd sequence of if tests")
|
|
|
|
|
m.Match("if $x >= $y { $*_ }; if $y <= $x {$*_ }").Report("odd sequence of if tests")
|
2020-12-11 18:45:17 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// odd sequence of nested if tests
|
|
|
|
|
func nestedifsequence(m fluent.Matcher) {
|
2020-12-14 22:51:59 +08:00
|
|
|
m.Match("if $x < $y { if $x >= $y {$*_ }; $*_ }").Report("odd sequence of nested if tests")
|
|
|
|
|
m.Match("if $x <= $y { if $x > $y {$*_ }; $*_ }").Report("odd sequence of nested if tests")
|
|
|
|
|
m.Match("if $x > $y { if $x <= $y {$*_ }; $*_ }").Report("odd sequence of nested if tests")
|
|
|
|
|
m.Match("if $x >= $y { if $x < $y {$*_ }; $*_ }").Report("odd sequence of nested if tests")
|
2020-12-11 18:45:17 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// odd sequence of assignments
|
|
|
|
|
func identicalassignments(m fluent.Matcher) {
|
|
|
|
|
m.Match("$x = $y; $y = $x").Report("odd sequence of assignments")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func oddcompoundop(m fluent.Matcher) {
|
|
|
|
|
m.Match("$x += $x + $_",
|
|
|
|
|
"$x += $x - $_").
|
|
|
|
|
Report("odd += expression")
|
|
|
|
|
|
|
|
|
|
m.Match("$x -= $x + $_",
|
|
|
|
|
"$x -= $x - $_").
|
|
|
|
|
Report("odd -= expression")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func constswitch(m fluent.Matcher) {
|
|
|
|
|
m.Match("switch $x { $*_ }", "switch $*_; $x { $*_ }").
|
|
|
|
|
Where(m["x"].Const && !m["x"].Text.Matches(`^runtime\.`)).
|
|
|
|
|
Report("constant switch")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func oddcomparisons(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"$x - $y == 0",
|
|
|
|
|
"$x - $y != 0",
|
|
|
|
|
"$x - $y < 0",
|
|
|
|
|
"$x - $y <= 0",
|
|
|
|
|
"$x - $y > 0",
|
|
|
|
|
"$x - $y >= 0",
|
|
|
|
|
"$x ^ $y == 0",
|
|
|
|
|
"$x ^ $y != 0",
|
|
|
|
|
).Report("odd comparison")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func oddmathbits(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"64 - bits.LeadingZeros64($x)",
|
|
|
|
|
"32 - bits.LeadingZeros32($x)",
|
|
|
|
|
"16 - bits.LeadingZeros16($x)",
|
|
|
|
|
"8 - bits.LeadingZeros8($x)",
|
|
|
|
|
).Report("odd math/bits expression: use bits.Len*() instead?")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
func floateq(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"$x == $y",
|
|
|
|
|
"$x != $y",
|
|
|
|
|
).
|
|
|
|
|
Where(m["x"].Type.Is("float32") && !m["x"].Const && !m["y"].Text.Matches("0(.0+)?")).
|
|
|
|
|
Report("floating point tested for equality")
|
|
|
|
|
|
|
|
|
|
m.Match(
|
|
|
|
|
"$x == $y",
|
|
|
|
|
"$x != $y",
|
|
|
|
|
).
|
|
|
|
|
Where(m["x"].Type.Is("float64") && !m["x"].Const && !m["y"].Text.Matches("0(.0+)?")).
|
|
|
|
|
Report("floating point tested for equality")
|
|
|
|
|
|
|
|
|
|
m.Match("switch $x { $*_ }", "switch $*_; $x { $*_ }").
|
|
|
|
|
Where(m["x"].Type.Is("float32")).
|
|
|
|
|
Report("floating point as switch expression")
|
|
|
|
|
|
|
|
|
|
m.Match("switch $x { $*_ }", "switch $*_; $x { $*_ }").
|
|
|
|
|
Where(m["x"].Type.Is("float64")).
|
|
|
|
|
Report("floating point as switch expression")
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
func badexponent(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"2 ^ $x",
|
|
|
|
|
"10 ^ $x",
|
|
|
|
|
).
|
|
|
|
|
Report("caret (^) is not exponentiation")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
func floatloop(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"for $i := $x; $i < $y; $i += $z { $*_ }",
|
|
|
|
|
"for $i = $x; $i < $y; $i += $z { $*_ }",
|
|
|
|
|
).
|
|
|
|
|
Where(m["i"].Type.Is("float64")).
|
|
|
|
|
Report("floating point for loop counter")
|
|
|
|
|
|
|
|
|
|
m.Match(
|
|
|
|
|
"for $i := $x; $i < $y; $i += $z { $*_ }",
|
|
|
|
|
"for $i = $x; $i < $y; $i += $z { $*_ }",
|
|
|
|
|
).
|
|
|
|
|
Where(m["i"].Type.Is("float32")).
|
|
|
|
|
Report("floating point for loop counter")
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
func urlredacted(m fluent.Matcher) {
|
|
|
|
|
|
|
|
|
|
m.Match(
|
|
|
|
|
"log.Println($x, $*_)",
|
|
|
|
|
"log.Println($*_, $x, $*_)",
|
|
|
|
|
"log.Println($*_, $x)",
|
|
|
|
|
"log.Printf($*_, $x, $*_)",
|
|
|
|
|
"log.Printf($*_, $x)",
|
|
|
|
|
|
|
|
|
|
"log.Println($x, $*_)",
|
|
|
|
|
"log.Println($*_, $x, $*_)",
|
|
|
|
|
"log.Println($*_, $x)",
|
|
|
|
|
"log.Printf($*_, $x, $*_)",
|
|
|
|
|
"log.Printf($*_, $x)",
|
|
|
|
|
).
|
|
|
|
|
Where(m["x"].Type.Is("*url.URL")).
|
|
|
|
|
Report("consider $x.Redacted() when outputting URLs")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sprinterr(m fluent.Matcher) {
|
|
|
|
|
m.Match(`fmt.Sprint($err)`,
|
|
|
|
|
`fmt.Sprintf("%s", $err)`,
|
|
|
|
|
`fmt.Sprintf("%v", $err)`,
|
|
|
|
|
).
|
|
|
|
|
Where(m["err"].Type.Is("error")).
|
|
|
|
|
Report("maybe call $err.Error() instead of fmt.Sprint()?")
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func largeloopcopy(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`for $_, $v := range $_ { $*_ }`,
|
|
|
|
|
).
|
|
|
|
|
Where(m["v"].Type.Size > 512).
|
|
|
|
|
Report(`loop copies large value each iteration`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func joinpath(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`strings.Join($_, "/")`,
|
|
|
|
|
`strings.Join($_, "\\")`,
|
|
|
|
|
"strings.Join($_, `\\`)",
|
|
|
|
|
).
|
|
|
|
|
Report(`did you mean path.Join() or filepath.Join() ?`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func readfull(m fluent.Matcher) {
|
|
|
|
|
m.Match(`$n, $err := io.ReadFull($_, $slice)
|
|
|
|
|
if $err != nil || $n != len($slice) {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`$n, $err := io.ReadFull($_, $slice)
|
|
|
|
|
if $n != len($slice) || $err != nil {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`$n, $err = io.ReadFull($_, $slice)
|
|
|
|
|
if $err != nil || $n != len($slice) {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`$n, $err = io.ReadFull($_, $slice)
|
|
|
|
|
if $n != len($slice) || $err != nil {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`if $n, $err := io.ReadFull($_, $slice); $n != len($slice) || $err != nil {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`if $n, $err := io.ReadFull($_, $slice); $err != nil || $n != len($slice) {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`if $n, $err = io.ReadFull($_, $slice); $n != len($slice) || $err != nil {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
`if $n, $err = io.ReadFull($_, $slice); $err != nil || $n != len($slice) {
|
|
|
|
|
$*_
|
|
|
|
|
}`,
|
|
|
|
|
).Report("io.ReadFull() returns err == nil iff n == len(slice)")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func nilerr(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`if err == nil { return err }`,
|
|
|
|
|
`if err == nil { return $*_, err }`,
|
|
|
|
|
).
|
|
|
|
|
Report(`return nil error instead of nil value`)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func mailaddress(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
"fmt.Sprintf(`\"%s\" <%s>`, $NAME, $EMAIL)",
|
|
|
|
|
"fmt.Sprintf(`\"%s\"<%s>`, $NAME, $EMAIL)",
|
|
|
|
|
"fmt.Sprintf(`%s <%s>`, $NAME, $EMAIL)",
|
|
|
|
|
"fmt.Sprintf(`%s<%s>`, $NAME, $EMAIL)",
|
|
|
|
|
`fmt.Sprintf("\"%s\"<%s>", $NAME, $EMAIL)`,
|
|
|
|
|
`fmt.Sprintf("\"%s\" <%s>", $NAME, $EMAIL)`,
|
|
|
|
|
`fmt.Sprintf("%s<%s>", $NAME, $EMAIL)`,
|
|
|
|
|
`fmt.Sprintf("%s <%s>", $NAME, $EMAIL)`,
|
|
|
|
|
).
|
|
|
|
|
Report("use net/mail Address.String() instead of fmt.Sprintf()").
|
|
|
|
|
Suggest("(&mail.Address{Name:$NAME, Address:$EMAIL}).String()")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func errnetclosed(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`strings.Contains($err.Error(), $text)`,
|
|
|
|
|
).
|
|
|
|
|
Where(m["text"].Text.Matches("\".*closed network connection.*\"")).
|
|
|
|
|
Report(`String matching against error texts is fragile; use net.ErrClosed instead`).
|
|
|
|
|
Suggest(`errors.Is($err, net.ErrClosed)`)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func httpheaderadd(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`$H.Add($KEY, $VALUE)`,
|
|
|
|
|
).
|
|
|
|
|
Where(m["H"].Type.Is("http.Header")).
|
|
|
|
|
Report("use http.Header.Set method instead of Add to overwrite all existing header values").
|
|
|
|
|
Suggest(`$H.Set($KEY, $VALUE)`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func hmacnew(m fluent.Matcher) {
|
|
|
|
|
m.Match("hmac.New(func() hash.Hash { return $x }, $_)",
|
|
|
|
|
`$f := func() hash.Hash { return $x }
|
|
|
|
|
$*_
|
|
|
|
|
hmac.New($f, $_)`,
|
|
|
|
|
).Where(m["x"].Pure).
|
|
|
|
|
Report("invalid hash passed to hmac.New()")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func readeof(m fluent.Matcher) {
|
|
|
|
|
m.Match(
|
|
|
|
|
`$n, $err = $r.Read($_)
|
|
|
|
|
if $err != nil {
|
|
|
|
|
return $*_
|
|
|
|
|
}`,
|
|
|
|
|
`$n, $err := $r.Read($_)
|
|
|
|
|
if $err != nil {
|
|
|
|
|
return $*_
|
|
|
|
|
}`).Where(m["r"].Type.Implements("io.Reader")).
|
|
|
|
|
Report("Read() can return n bytes and io.EOF")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func writestring(m fluent.Matcher) {
|
|
|
|
|
m.Match(`io.WriteString($w, string($b))`).
|
|
|
|
|
Where(m["b"].Type.Is("[]byte")).
|
|
|
|
|
Suggest("$w.Write($b)")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func badlock(m fluent.Matcher) {
|
|
|
|
|
// Shouldn't give many false positives without type filter
|
|
|
|
|
// as Lock+Unlock pairs in combination with defer gives us pretty
|
|
|
|
|
// a good chance to guess correctly. If we constrain the type to sync.Mutex
|
|
|
|
|
// then it'll be harder to match embedded locks and custom methods
|
|
|
|
|
// that may forward the call to the sync.Mutex (or other synchronization primitive).
|
|
|
|
|
|
|
|
|
|
m.Match(`$mu.Lock(); defer $mu.RUnlock()`).Report(`maybe $mu.RLock() was intended?`)
|
|
|
|
|
m.Match(`$mu.RLock(); defer $mu.Unlock()`).Report(`maybe $mu.Lock() was intended?`)
|
|
|
|
|
}
|
