open-vault/tools/semgrep/hostport.yml
Hridoy Roy 7e0abe3c7e
Add Semgrep Rules to OSS (#14513)
* add semgrep yml

* add semgrep ci job

* remove replication semgrep rule in oss

* fix makefile

* add semgrep to ci

* upwind triple if in ui.go semgrep refactoring
2022-03-18 11:14:03 -07:00

29 lines
975 B
YAML

# https://github.com/golang/go/issues/28308, from @stapelberg
rules:
- id: sprintf-host-port
pattern-either:
- patterns:
- pattern-either:
- pattern: fmt.Sprintf("%s:%s", $NET, $XX)
- pattern: fmt.Sprintf("%s:%d", $NET, $XX)
- pattern: fmt.Sprintf("%s:%s", $XX, $NET)
- pattern: fmt.Sprintf("%s:%d", $XX, $NET)
- pattern: $NET = fmt.Sprintf("%s:%d", ..., ...)
- pattern: $NET = fmt.Sprintf("%s:%s", ..., ...)
- metavariable-regex:
metavariable: '$NET'
regex: '(?i).*(port|addr|host|listen|bind|ip)'
- patterns:
- pattern: fmt.Sprintf($XX, $NET)
- metavariable-regex:
metavariable: '$XX'
regex: '"%s:[0-9]+"'
- metavariable-regex:
metavariable: '$NET'
regex: '(?i).*(port|addr|host|listen|bind|ip)'
message: |
use net.JoinHostPort instead of fmt.Sprintf($XX, $NET)
languages: [go]
severity: ERROR