Redesign and reimplement the slice out of bounds check using SSA code…

… representation Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
securego · Sep 20, 2023 · 286dba6 · 286dba6
1 parent aebe20c
commit 286dba6
Show file tree

Hide file tree

Showing 8 changed files with 461 additions and 510 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 
 # gosec - Golang Security Checker
 
-Inspects source code for security problems by scanning the Go AST.
+Inspects source code for security problems by scanning the Go AST and SSA code representation.
 
 <img src="https://securego.io/img/gosec.png" width="320">
 

diff --git a/analyzer.go b/analyzer.go
@@ -231,9 +231,7 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
 					return fmt.Errorf("parsing errors in pkg %q: %w", pkg.Name, err)
 				}
 				gosec.CheckRules(pkg)
-				if on, err := gosec.config.IsGlobalEnabled(SSA); err == nil && on {
-					gosec.CheckAnalyzers(pkg)
-				}
+				gosec.CheckAnalyzers(pkg)
 			}
 		}
 	}
@@ -377,8 +375,10 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 			continue
 		}
 		if result != nil {
-			if aissue, ok := result.(*issue.Issue); ok {
-				gosec.updateIssues(aissue, false, []issue.SuppressionInfo{})
+			if passIssues, ok := result.([]*issue.Issue); ok {
+				for _, iss := range passIssues {
+					gosec.updateIssues(iss, false, []issue.SuppressionInfo{})
+				}
 			}
 		}
 	}