We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I won't go into too much details because this has been fixed in gosec v2.16.0 Please update gosec to v2.16.0, which fixes this problem
See the issue: securego/gosec#937 Fixed in PR: securego/gosec#938
Release: https://github.com/securego/gosec/releases/tag/v2.16.0
securego/gosec@f823a7e Check nil pointer when variable is declared in a different file
$ golangci-lint --version golangci-lint has version 1.52.2 built with go1.20.2 from da04413 on 2023-03-23T16:18:48Z
$ cat .golangci.yml cat: .golangci.yml: No such file or directory
$ go version && go env go version go1.20.4 darwin/amd64 GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/Users/dnn/Library/Caches/go-build" GOENV="/Users/dnn/Library/Application Support/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="/Users/dnn/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/dnn/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/Cellar/go/1.20.4/libexec" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/Cellar/go/1.20.4/libexec/pkg/tool/darwin_amd64" GOVCS="" GOVERSION="go1.20.4" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="cc" CXX="c++" CGO_ENABLED="1" GOMOD="/Users/dnn/bug-demo/go.mod" GOWORK="" CGO_CFLAGS="-O2 -g" CGO_CPPFLAGS="" CGO_CXXFLAGS="-O2 -g" CGO_FFLAGS="-O2 -g" CGO_LDFLAGS="-O2 -g" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/wh/g8vlchk97gq60fntx17nkjc00000gn/T/go-build3579424854=/tmp/go-build -gno-record-gcc-switches -fno-common"
$ golangci-lint cache clean $ golangci-lint run -v --disable-all --no-config -E gosec --timeout 360s INFO [lintersdb] Active 1 linters: [gosec] INFO [loader] Go packages loading at mode 575 (types_sizes|exports_file|imports|name|compiled_files|deps|files) took 175.142469ms INFO [runner/filename_unadjuster] Pre-built 0 adjustments in 477.133µs INFO [linters_context/goanalysis] analyzers took 3.662777ms with top 10 stages: gosec: 3.662777ms ERRO [runner] Panic: gosec: package "bugdemo" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference: goroutine 183 [running]: runtime/debug.Stack() runtime/debug/stack.go:24 +0x65 github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func1() github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:109 +0x285 panic({0x100d33c00, 0x10190eb40}) runtime/panic.go:884 +0x213 github.com/securego/gosec/v2/rules.(*readfile).trackFilepathClean(...) github.com/securego/gosec/[email protected]/rules/readfile.go:83 github.com/securego/gosec/v2/rules.(*readfile).Match(0xc00051e0f0, {0x1010f7c60?, 0xc000df1b00?}, 0xc000319490) github.com/securego/gosec/[email protected]/rules/readfile.go:91 +0xe9 github.com/securego/gosec/v2.(*Analyzer).Visit(0xc000319260, {0x1010f7c60, 0xc000df1b00}) github.com/securego/gosec/[email protected]/analyzer.go:479 +0x803 go/ast.Walk({0x1010f23c0?, 0xc000319260?}, {0x1010f7c60?, 0xc000df1b00?}) go/ast/walk.go:51 +0x5f go/ast.walkExprList({0x1010f23c0, 0xc000319260}, {0xc00183bd80?, 0x1, 0xc0004e72f0?}) go/ast/walk.go:26 +0x69 go/ast.Walk({0x1010f23c0?, 0xc000319260?}, {0x1010f7ad0?, 0xc000df1b40?}) go/ast/walk.go:217 +0xd1a go/ast.walkStmtList({0x1010f23c0, 0xc000319260}, {0xc0007e1580?, 0x2, 0xc0007e1200?}) go/ast/walk.go:32 +0x69 go/ast.Walk({0x1010f23c0?, 0xc000319260?}, {0x1010f7c10?, 0xc0004e72f0?}) go/ast/walk.go:234 +0xe0d go/ast.Walk({0x1010f23c0?, 0xc000319260?}, {0x1010f7f80?, 0xc0004e7320?}) go/ast/walk.go:357 +0x173c go/ast.walkDeclList({0x1010f23c0, 0xc000319260}, {0xc0007faa00?, 0x5, 0x10001121e?}) go/ast/walk.go:38 +0x69 go/ast.Walk({0x1010f23c0?, 0xc000319260?}, {0x1010f7f30?, 0xc000dc06c0?}) go/ast/walk.go:366 +0x17ac github.com/securego/gosec/v2.(*Analyzer).Check(0xc000319260, 0xc00075d978) github.com/securego/gosec/[email protected]/analyzer.go:300 +0x4c9 github.com/golangci/golangci-lint/pkg/golinters.runGoSec(0xc0002342a0, 0xc000e20000, 0xc001020600, 0xc000319260) github.com/golangci/golangci-lint/pkg/golinters/gosec.go:87 +0xcb github.com/golangci/golangci-lint/pkg/golinters.NewGosec.func1.1(0x100d1d700?) github.com/golangci/golangci-lint/pkg/golinters/gosec.go:66 +0x20a github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyze(0xc001118090) github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:195 +0xa25 github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func2() github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:113 +0x1d github.com/golangci/golangci-lint/pkg/timeutils.(*Stopwatch).TrackStage(0xc0007dc140, {0x100e801f2, 0x5}, 0xc000895f48) github.com/golangci/golangci-lint/pkg/timeutils/stopwatch.go:111 +0x4a github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe(0xc00029c3c0?) github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:112 +0x85 github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze.func2(0xc001118090) github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:80 +0xb4 created by github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:75 +0x208 WARN [runner] Can't run linter gosec: gosec: gosec: package "bugdemo" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference INFO [runner] processing took 5.366µs with stages: nolint: 2.314µs, max_same_issues: 563ns, skip_dirs: 376ns, path_prettifier: 236ns, filename_unadjuster: 201ns, autogenerated_exclude: 158ns, cgo: 153ns, identifier_marker: 153ns, source_code: 138ns, skip_files: 136ns, exclude-rules: 132ns, fixer: 132ns, max_from_linter: 108ns, uniq_by_line: 80ns, exclude: 80ns, diff: 70ns, path_shortener: 70ns, max_per_file_from_linter: 69ns, sort_results: 67ns, severity-rules: 65ns, path_prefixer: 65ns INFO [runner] linters took 95.642537ms with stages: gosec: 95.579185ms ERRO Running error: 1 error occurred: * can't run linter gosec: gosec: gosec: package "bugdemo" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference INFO Memory: 4 samples, avg is 34.1MB, max is 40.4MB INFO Execution took 289.426159ms
I can provide an example, but this is already fixed in gosec
The text was updated successfully, but these errors were encountered:
Hello,
gosec was updated 2 weeks ago: #3843
I will be a part of the next release (v1.53.0)
Sorry, something went wrong.
No branches or pull requests
Welcome
Description of the problem
I won't go into too much details because this has been fixed in gosec v2.16.0
Please update gosec to v2.16.0, which fixes this problem
See the issue: securego/gosec#937
Fixed in PR: securego/gosec#938
Release: https://github.com/securego/gosec/releases/tag/v2.16.0
Version of golangci-lint
Configuration file
Go environment
Verbose output of running
Code example or link to a public repository
I can provide an example, but this is already fixed in gosec
The text was updated successfully, but these errors were encountered: