diff options
| author | Taras Madan <tarasmadan@google.com> | 2025-01-22 16:07:17 +0100 |
|---|---|---|
| committer | Taras Madan <tarasmadan@google.com> | 2025-01-23 10:42:36 +0000 |
| commit | 7b4377ad9d8a7205416df8d6217ef2b010f89481 (patch) | |
| tree | e6fec4fd12ff807a16d847923f501075bf71d16c /vendor/github.com/stbenjam | |
| parent | 475a4c203afb8b7d3af51c4fd32bb170ff32a45e (diff) | |
vendor: delete
Diffstat (limited to 'vendor/github.com/stbenjam')
| -rw-r--r-- | vendor/github.com/stbenjam/no-sprintf-host-port/LICENSE | 21 | ||||
| -rw-r--r-- | vendor/github.com/stbenjam/no-sprintf-host-port/pkg/analyzer/analyzer.go | 96 |
2 files changed, 0 insertions, 117 deletions
diff --git a/vendor/github.com/stbenjam/no-sprintf-host-port/LICENSE b/vendor/github.com/stbenjam/no-sprintf-host-port/LICENSE deleted file mode 100644 index 586dfd8cc..000000000 --- a/vendor/github.com/stbenjam/no-sprintf-host-port/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2022 Stephen Benjamin - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE.
\ No newline at end of file diff --git a/vendor/github.com/stbenjam/no-sprintf-host-port/pkg/analyzer/analyzer.go b/vendor/github.com/stbenjam/no-sprintf-host-port/pkg/analyzer/analyzer.go deleted file mode 100644 index 374bb0d24..000000000 --- a/vendor/github.com/stbenjam/no-sprintf-host-port/pkg/analyzer/analyzer.go +++ /dev/null @@ -1,96 +0,0 @@ -package analyzer - -import ( - "fmt" - "go/ast" - "go/token" - "regexp" - - "golang.org/x/tools/go/analysis/passes/inspect" - "golang.org/x/tools/go/ast/inspector" - - "golang.org/x/tools/go/analysis" -) - -var Analyzer = &analysis.Analyzer{ - Name: "nosprintfhostport", - Doc: "Checks for misuse of Sprintf to construct a host with port in a URL.", - Run: run, - Requires: []*analysis.Analyzer{inspect.Analyzer}, -} - -func run(pass *analysis.Pass) (interface{}, error) { - inspector := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) - nodeFilter := []ast.Node{ - (*ast.CallExpr)(nil), - } - - inspector.Preorder(nodeFilter, func(node ast.Node) { - callExpr := node.(*ast.CallExpr) - if p, f, ok := getCallExprFunction(callExpr); ok && p == "fmt" && f == "Sprintf" { - if err := checkForHostPortConstruction(callExpr); err != nil { - pass.Reportf(node.Pos(), err.Error()) - } - } - }) - - return nil, nil -} - -// getCallExprFunction returns the package and function name from a callExpr, if any. -func getCallExprFunction(callExpr *ast.CallExpr) (pkg string, fn string, result bool) { - selector, ok := callExpr.Fun.(*ast.SelectorExpr) - if !ok { - return "", "", false - } - gopkg, ok := selector.X.(*ast.Ident) - if !ok { - return "", "", false - } - return gopkg.Name, selector.Sel.Name, true -} - -// getStringLiteral returns the value at a position if it's a string literal. -func getStringLiteral(args []ast.Expr, pos int) (string, bool) { - if len(args) < pos + 1 { - return "", false - } - - // Let's see if our format string is a string literal. - fsRaw, ok := args[pos].(*ast.BasicLit) - if !ok { - return "", false - } - if fsRaw.Kind == token.STRING && len(fsRaw.Value) >= 2 { - return fsRaw.Value[1 : len(fsRaw.Value)-1], true - } else { - return "", false - } -} - -// checkForHostPortConstruction checks to see if a sprintf call looks like a URI with a port, -// essentially scheme://%s:<something else>, or scheme://user:pass@%s:<something else>. -// -// Matching requirements: -// - Scheme as per RFC3986 is ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) -// - A format string substitution in the host portion, preceded by an optional username/password@ -// - A colon indicating a port will be specified -func checkForHostPortConstruction(sprintf *ast.CallExpr) error { - fs, ok := getStringLiteral(sprintf.Args, 0) - if !ok { - return nil - } - - regexes := []*regexp.Regexp{ - regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9+-.]*://%s:[^@]*$`), // URL without basic auth user - regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9+-.]*://[^/]*@%s:.*$`), // URL with basic auth - } - - for _, re := range regexes { - if re.MatchString(fs) { - return fmt.Errorf("host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf") - } - } - - return nil -}
\ No newline at end of file |