7e0abe3c7e
* add semgrep yml * add semgrep ci job * remove replication semgrep rule in oss * fix makefile * add semgrep to ci * upwind triple if in ui.go semgrep refactoring
29 lines
975 B
YAML
29 lines
975 B
YAML
# https://github.com/golang/go/issues/28308, from @stapelberg
|
|
rules:
|
|
- id: sprintf-host-port
|
|
pattern-either:
|
|
- patterns:
|
|
- pattern-either:
|
|
- pattern: fmt.Sprintf("%s:%s", $NET, $XX)
|
|
- pattern: fmt.Sprintf("%s:%d", $NET, $XX)
|
|
- pattern: fmt.Sprintf("%s:%s", $XX, $NET)
|
|
- pattern: fmt.Sprintf("%s:%d", $XX, $NET)
|
|
- pattern: $NET = fmt.Sprintf("%s:%d", ..., ...)
|
|
- pattern: $NET = fmt.Sprintf("%s:%s", ..., ...)
|
|
- metavariable-regex:
|
|
metavariable: '$NET'
|
|
regex: '(?i).*(port|addr|host|listen|bind|ip)'
|
|
- patterns:
|
|
- pattern: fmt.Sprintf($XX, $NET)
|
|
- metavariable-regex:
|
|
metavariable: '$XX'
|
|
regex: '"%s:[0-9]+"'
|
|
- metavariable-regex:
|
|
metavariable: '$NET'
|
|
regex: '(?i).*(port|addr|host|listen|bind|ip)'
|
|
message: |
|
|
use net.JoinHostPort instead of fmt.Sprintf($XX, $NET)
|
|
languages: [go]
|
|
severity: ERROR
|
|
|