checkmate5 4.3.0.dev2__py3-none-any.whl → 5.1.0.dev2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checkmate/settings/defaults.py +1 -36
  2. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/METADATA +1 -1
  3. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/RECORD +7 -56
  4. checkmate/contrib/plugins/all/opengrep/__init__.py +0 -0
  5. checkmate/contrib/plugins/all/opengrep/analyzer.py +0 -150
  6. checkmate/contrib/plugins/all/opengrep/issues_data.py +0 -5
  7. checkmate/contrib/plugins/all/opengrep/opengrep_manylinux_x86 +0 -0
  8. checkmate/contrib/plugins/all/opengrep/setup.py +0 -13
  9. checkmate/contrib/plugins/cve/__init__.py +0 -0
  10. checkmate/contrib/plugins/cve/text4shell/__init__.py +0 -0
  11. checkmate/contrib/plugins/cve/text4shell/analyzer.py +0 -64
  12. checkmate/contrib/plugins/cve/text4shell/issues_data.py +0 -8
  13. checkmate/contrib/plugins/cve/text4shell/setup.py +0 -13
  14. checkmate/contrib/plugins/golang/__init__.py +0 -0
  15. checkmate/contrib/plugins/golang/gostaticcheck/__init__.py +0 -0
  16. checkmate/contrib/plugins/golang/gostaticcheck/analyzer.py +0 -94
  17. checkmate/contrib/plugins/golang/gostaticcheck/issues_data.py +0 -1246
  18. checkmate/contrib/plugins/golang/gostaticcheck/setup.py +0 -13
  19. checkmate/contrib/plugins/iac/__init__.py +0 -0
  20. checkmate/contrib/plugins/iac/kubescape/__init__.py +0 -0
  21. checkmate/contrib/plugins/iac/kubescape/analyzer.py +0 -115
  22. checkmate/contrib/plugins/iac/kubescape/issues_data.py +0 -636
  23. checkmate/contrib/plugins/iac/kubescape/setup.py +0 -14
  24. checkmate/contrib/plugins/iac/tfsec/__init__.py +0 -0
  25. checkmate/contrib/plugins/iac/tfsec/analyzer.py +0 -92
  26. checkmate/contrib/plugins/iac/tfsec/issues_data.py +0 -1917
  27. checkmate/contrib/plugins/iac/tfsec/setup.py +0 -13
  28. checkmate/contrib/plugins/java/__init__.py +0 -0
  29. checkmate/contrib/plugins/java/semgrepjava/__init__.py +0 -0
  30. checkmate/contrib/plugins/java/semgrepjava/analyzer.py +0 -96
  31. checkmate/contrib/plugins/java/semgrepjava/issues_data.py +0 -5
  32. checkmate/contrib/plugins/java/semgrepjava/setup.py +0 -13
  33. checkmate/contrib/plugins/javascript/__init__.py +0 -0
  34. checkmate/contrib/plugins/javascript/semgrepeslint/__init__.py +0 -0
  35. checkmate/contrib/plugins/javascript/semgrepeslint/analyzer.py +0 -95
  36. checkmate/contrib/plugins/javascript/semgrepeslint/issues_data.py +0 -6
  37. checkmate/contrib/plugins/javascript/semgrepeslint/setup.py +0 -13
  38. checkmate/contrib/plugins/perl/__init__.py +0 -0
  39. checkmate/contrib/plugins/perl/graudit/__init__.py +0 -0
  40. checkmate/contrib/plugins/perl/graudit/analyzer.py +0 -70
  41. checkmate/contrib/plugins/perl/graudit/issues_data.py +0 -8
  42. checkmate/contrib/plugins/perl/graudit/setup.py +0 -13
  43. checkmate/contrib/plugins/python/__init__.py +0 -0
  44. checkmate/contrib/plugins/python/bandit/__init__.py +0 -0
  45. checkmate/contrib/plugins/python/bandit/analyzer.py +0 -74
  46. checkmate/contrib/plugins/python/bandit/issues_data.py +0 -426
  47. checkmate/contrib/plugins/python/bandit/setup.py +0 -13
  48. checkmate/contrib/plugins/ruby/__init__.py +0 -0
  49. checkmate/contrib/plugins/ruby/brakeman/__init__.py +0 -0
  50. checkmate/contrib/plugins/ruby/brakeman/analyzer.py +0 -96
  51. checkmate/contrib/plugins/ruby/brakeman/issues_data.py +0 -518
  52. checkmate/contrib/plugins/ruby/brakeman/setup.py +0 -13
  53. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/WHEEL +0 -0
  54. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/entry_points.txt +0 -0
  55. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/licenses/LICENSE.txt +0 -0
  56. {checkmate5-4.3.0.dev2.dist-info → checkmate5-5.1.0.dev2.dist-info}/top_level.txt +0 -0
checkmate/contrib/plugins/golang/gostaticcheck/issues_data.py DELETED
@@ -1,1246 +0,0 @@
1
- # -*- coding: utf-8 -*-
2
-
3
-
4
- issues_data = {
5
- "SA4020": {
6
- "title": "Unreachable case clause in a type switch",
7
- "severity": "1",
8
- "categories": [
9
- "security"
10
- ],
11
- "description": "In a type switch like the following\n\n```go\ntype T struct{}\nfunc (T) Read(b []byte) (int, error) { return 0, nil }\n\nvar v interface{} = T{}\n\nswitch v.(type) {\ncase io.Reader:\n // ...\ncase T:\n // unreachable\n}\n```\n\nthe second case clause can never be reached because T implements\nio.Reader and case clauses are evaluated in source order.\n\nAnother example:\n\n```go\ntype T struct{}\nfunc (T) Read(b []byte) (int, error) { return 0, nil }\nfunc (T) Close() error { return nil }\n\nvar v interface{} = T{}\n\nswitch v.(type) {\ncase io.Reader:\n // ...\ncase io.ReadCloser:\n // unreachable\n}\n```\n\nEven though T has a Close method and thus implements io.ReadCloser,\nio.Reader will always match first. The method set of io.Reader is a\nsubset of io.ReadCloser. Thus it is impossible to match the second\ncase without matching the first case.\n\n\n#### Structurally equivalent interfaces\n\nA special case of the previous example are structurally identical\ninterfaces. Given these declarations\n\n```go\ntype T error\ntype V error\n\nfunc doSomething() error {\n err, ok := doAnotherThing()\n if ok {\n return T(err)\n }\n\n return U(err)\n}\n```\n\nthe following type switch will have an unreachable case clause:\n\n```go\nswitch doSomething().(type) {\ncase T:\n // ...\ncase V:\n // unreachable\n}\n```\n\nT will always match before V because they are structurally equivalent\nand therefore doSomething()'s return value implements both."
12
- },
13
- "SA3001": {
14
- "title": "Assigning to b.N in benchmarks distorts the results",
15
- "severity": "1",
16
- "categories": [
17
- "security"
18
- ],
19
- "description": "The testing package dynamically sets b.N to improve the reliability of\nbenchmarks and uses it in computations to determine the duration of a\nsingle operation. Benchmark code must not alter b.N as this would\nfalsify results."
20
- },
21
- "SA3000": {
22
- "title": "TestMain doesn't call os.Exit, hiding test failures",
23
- "severity": "1",
24
- "categories": [
25
- "security"
26
- ],
27
- "description": "Test executables (and in turn 'go test') exit with a non-zero status\ncode if any tests failed. When specifying your own TestMain function,\nit is your responsibility to arrange for this, by calling os.Exit with\nthe correct code. The correct code is returned by (*testing.M).Run, so\nthe usual way of implementing TestMain is to end it with\nos.Exit(m.Run())."
28
- },
29
- "SA9008": {
30
- "title": "else branch of a type assertion is probably not reading the right value",
31
- "severity": "1",
32
- "categories": [
33
- "security"
34
- ],
35
- "description": "When declaring variables as part of an if statement (like in 'if\nfoo := ...; foo {'), the same variables will also be in the scope of\nthe else branch. This means that in the following example\n\n```go\nif x, ok := x.(int); ok {\n // ...\n} else {\n fmt.Printf(\"unexpected type %T\", x)\n}\n```\n\nx in the else branch will refer to the x from x, ok\n:=; it will not refer to the x that is being type-asserted. The\nresult of a failed type assertion is the zero value of the type that\nis being asserted to, so x in the else branch will always have the\nvalue 0 and the type int."
36
- },
37
- "SA9005": {
38
- "title": "Trying to marshal a struct with no public fields nor custom marshaling",
39
- "severity": "1",
40
- "categories": [
41
- "security"
42
- ],
43
- "description": "The encoding/json and encoding/xml packages only operate on exported\nfields in structs, not unexported ones. It is usually an error to try\nto (un)marshal structs that only consist of unexported fields.\n\nThis check will not flag calls involving types that define custom\nmarshaling behavior, e.g. via MarshalJSON methods. It will also not\nflag empty structs."
44
- },
45
- "SA9004": {
46
- "title": "Only the first constant has an explicit type",
47
- "severity": "1",
48
- "categories": [
49
- "security"
50
- ],
51
- "description": "In a constant declaration such as the following:\n\n```go\nconst (\n First byte = 1\n Second = 2\n)\n```\n\nthe constant Second does not have the same type as the constant First.\nThis construct shouldn't be confused with\n\n```go\nconst (\n First byte = iota\n Second\n)\n```\n\nwhere First and Second do indeed have the same type. The type is only\npassed on when no explicit value is assigned to the constant.\n\nWhen declaring enumerations with explicit values it is therefore\nimportant not to write\n\n```go\nconst (\n EnumFirst EnumType = 1\n EnumSecond = 2\n EnumThird = 3\n)\n```\n\nThis discrepancy in types can cause various confusing behaviors and\nbugs.\n\n\n#### Wrong type in variable declarations\n\nThe most obvious issue with such incorrect enumerations expresses\nitself as a compile error:\n\n```go\npackage pkg\n\nconst (\n EnumFirst uint8 = 1\n EnumSecond = 2\n)\n\nfunc fn(useFirst bool) {\n x := EnumSecond\n if useFirst {\n x = EnumFirst\n }\n}\n```\n\nfails to compile with\n\n```go\n./const.go:11:5: cannot use EnumFirst (type uint8) as type int in assignment\n```\n\n\n#### Losing method sets\n\nA more subtle issue occurs with types that have methods and optional\ninterfaces. Consider the following:\n\n```go\npackage main\n\nimport \"fmt\"\n\ntype Enum int\n\nfunc (e Enum) String() string {\n return \"an enum\"\n}\n\nconst (\n EnumFirst Enum = 1\n EnumSecond = 2\n)\n\nfunc main() {\n fmt.Println(EnumFirst)\n fmt.Println(EnumSecond)\n}\n```\n\nThis code will output\n\n```go\nan enum\n2\n```\n\nas EnumSecond has no explicit type, and thus defaults to int."
52
- },
53
- "SA9007": {
54
- "title": "Deleting a directory that shouldn't be deleted",
55
- "severity": "1",
56
- "categories": [
57
- "security"
58
- ],
59
- "description": "It is virtually never correct to delete system directories such as\n/tmp or the user's home directory. However, it can be fairly easy to\ndo by mistake, for example by mistakingly using os.TempDir instead\nof ioutil.TempDir, or by forgetting to add a suffix to the result\nof os.UserHomeDir.\n\nWriting\n\n```go\nd := os.TempDir()\ndefer os.RemoveAll(d)\n```\n\nin your unit tests will have a devastating effect on the stability of your system.\n\nThis check flags attempts at deleting the following directories:\n\n- os.TempDir\n- os.UserCacheDir\n- os.UserConfigDir\n- os.UserHomeDir"
60
- },
61
- "SA9006": {
62
- "title": "Dubious bit shifting of a fixed size integer value",
63
- "severity": "1",
64
- "categories": [
65
- "security"
66
- ],
67
- "description": "Bit shifting a value past its size will always clear the value.\n\nFor instance:\n\n```go\nv := int8(42)\nv >>= 8\n```\n\nwill always result in 0.\n\nThis check flags bit shifting operations on fixed size integer values only.\nThat is, int, uint and uintptr are never flagged to avoid potential false\npositives in somewhat exotic but valid bit twiddling tricks:\n\n```go\n// Clear any value above 32 bits if integers are more than 32 bits.\nfunc f(i int) int {\n v := i >> 32\n v = v << 32\n return i-v\n}\n```"
68
- },
69
- "SA9001": {
70
- "title": "Defers in range loops may not run when you expect them to",
71
- "severity": "1",
72
- "categories": [
73
- "security"
74
- ],
75
- "description": ""
76
- },
77
- "SA9003": {
78
- "title": "Empty body in an if or else branch",
79
- "severity": "1",
80
- "categories": [
81
- "security"
82
- ],
83
- "description": ""
84
- },
85
- "SA9002": {
86
- "title": "Using a non-octal os.FileMode that looks like it was meant to be in octal.",
87
- "severity": "1",
88
- "categories": [
89
- "security"
90
- ],
91
- "description": ""
92
- },
93
- "SA1030": {
94
- "title": "Invalid argument in call to a strconv function",
95
- "severity": "1",
96
- "categories": [
97
- "security"
98
- ],
99
- "description": "This check validates the format, number base and bit size arguments of\nthe various parsing and formatting functions in strconv."
100
- },
101
- "S1018": {
102
- "title": "Use 'copy' for sliding elements",
103
- "severity": "1",
104
- "categories": [
105
- "security"
106
- ],
107
- "description": "copy() permits using the same source and destination slice, even with\noverlapping ranges. This makes it ideal for sliding elements in a\nslice."
108
- },
109
- "S1019": {
110
- "title": "Simplify 'make' call by omitting redundant arguments",
111
- "severity": "1",
112
- "categories": [
113
- "security"
114
- ],
115
- "description": "The 'make' function has default values for the length and capacity\narguments. For channels, the length defaults to zero, and for slices,\nthe capacity defaults to the length."
116
- },
117
- "S1016": {
118
- "title": "Use a type conversion instead of manually copying struct fields",
119
- "severity": "1",
120
- "categories": [
121
- "security"
122
- ],
123
- "description": "Two struct types with identical fields can be converted between each\nother. In older versions of Go, the fields had to have identical\nstruct tags. Since Go 1.8, however, struct tags are ignored during\nconversions. It is thus not necessary to manually copy every field\nindividually."
124
- },
125
- "QF1012": {
126
- "title": "Use fmt.Fprintf(x, ...) instead of x.Write(fmt.Sprintf(...))",
127
- "severity": "1",
128
- "categories": [
129
- "security"
130
- ],
131
- "description": ""
132
- },
133
- "QF1011": {
134
- "title": "Omit redundant type from variable declaration",
135
- "severity": "1",
136
- "categories": [
137
- "security"
138
- ],
139
- "description": ""
140
- },
141
- "QF1010": {
142
- "title": "Convert slice of bytes to string when printing it",
143
- "severity": "1",
144
- "categories": [
145
- "security"
146
- ],
147
- "description": ""
148
- },
149
- "S1012": {
150
- "title": "Replace time.Now().Sub(x) with time.Since(x)",
151
- "severity": "1",
152
- "categories": [
153
- "security"
154
- ],
155
- "description": "The time.Since helper has the same effect as using time.Now().Sub(x)\nbut is easier to read."
156
- },
157
- "S1010": {
158
- "title": "Omit default slice index",
159
- "severity": "1",
160
- "categories": [
161
- "security"
162
- ],
163
- "description": "When slicing, the second index defaults to the length of the value,\nmaking s[n:len(s)] and s[n:] equivalent."
164
- },
165
- "S1011": {
166
- "title": "Use a single append to concatenate two slices",
167
- "severity": "1",
168
- "categories": [
169
- "security"
170
- ],
171
- "description": ""
172
- },
173
- "SA6005": {
174
- "title": "Inefficient string comparison with strings.ToLower or strings.ToUpper",
175
- "severity": "1",
176
- "categories": [
177
- "security"
178
- ],
179
- "description": "Converting two strings to the same case and comparing them like so\n\n```go\nif strings.ToLower(s1) == strings.ToLower(s2) {\n ...\n}\n```\n\nis significantly more expensive than comparing them with\nstrings.EqualFold(s1, s2). This is due to memory usage as well as\ncomputational complexity.\n\nstrings.ToLower will have to allocate memory for the new strings, as\nwell as convert both strings fully, even if they differ on the very\nfirst byte. strings.EqualFold, on the other hand, compares the strings\none character at a time. It doesn't need to create two intermediate\nstrings and can return as soon as the first non-matching character has\nbeen found.\n\nFor a more in-depth explanation of this issue, see\nhttps://blog.digitalocean.com/how-to-efficiently-compare-strings-in-go/"
180
- },
181
- "SA6000": {
182
- "title": "Using regexp.Match or related in a loop, should use regexp.Compile",
183
- "severity": "1",
184
- "categories": [
185
- "security"
186
- ],
187
- "description": ""
188
- },
189
- "SA6001": {
190
- "title": "Missing an optimization opportunity when indexing maps by byte slices",
191
- "severity": "1",
192
- "categories": [
193
- "security"
194
- ],
195
- "description": "Map keys must be comparable, which precludes the use of byte slices.\nThis usually leads to using string keys and converting byte slices to\nstrings.\n\nNormally, a conversion of a byte slice to a string needs to copy the data and\ncauses allocations. The compiler, however, recognizes m[string(b)] and\nuses the data of b directly, without copying it, because it knows that\nthe data can't change during the map lookup. This leads to the\ncounter-intuitive situation that\n\n```go\nk := string(b)\nprintln(m[k])\nprintln(m[k])\n```\n\nwill be less efficient than\n\n```go\nprintln(m[string(b)])\nprintln(m[string(b)])\n```\n\nbecause the first version needs to copy and allocate, while the second\none does not.\n\nFor some history on this optimization, check out commit\nf5f5a8b6209f84961687d993b93ea0d397f5d5bf in the Go repository."
196
- },
197
- "SA6002": {
198
- "title": "Storing non-pointer values in sync.Pool allocates memory",
199
- "severity": "1",
200
- "categories": [
201
- "security"
202
- ],
203
- "description": "A sync.Pool is used to avoid unnecessary allocations and reduce the\namount of work the garbage collector has to do.\n\nWhen passing a value that is not a pointer to a function that accepts\nan interface, the value needs to be placed on the heap, which means an\nadditional allocation. Slices are a common thing to put in sync.Pools,\nand they're structs with 3 fields (length, capacity, and a pointer to\nan array). In order to avoid the extra allocation, one should store a\npointer to the slice instead.\n\nSee the comments on https://go-review.googlesource.com/c/go/+/24371\nthat discuss this problem."
204
- },
205
- "SA6003": {
206
- "title": "Converting a string to a slice of runes before ranging over it",
207
- "severity": "1",
208
- "categories": [
209
- "security"
210
- ],
211
- "description": "You may want to loop over the runes in a string. Instead of converting\nthe string to a slice of runes and looping over that, you can loop\nover the string itself. That is,\n\n```go\nfor _, r := range s {}\n```\n\nand\n\n```go\nfor _, r := range []rune(s) {}\n```\n\nwill yield the same values. The first version, however, will be faster\nand avoid unnecessary memory allocations.\n\nDo note that if you are interested in the indices, ranging over a\nstring and over a slice of runes will yield different indices. The\nfirst one yields byte offsets, while the second one yields indices in\nthe slice of runes."
212
- },
213
- "S1029": {
214
- "title": "Range over the string directly",
215
- "severity": "1",
216
- "categories": [
217
- "security"
218
- ],
219
- "description": "Ranging over a string will yield byte offsets and runes. If the offset\nisn't used, this is functionally equivalent to converting the string\nto a slice of runes and ranging over that. Ranging directly over the\nstring will be more performant, however, as it avoids allocating a new\nslice, the size of which depends on the length of the string."
220
- },
221
- "S1028": {
222
- "title": "Simplify error construction with fmt.Errorf",
223
- "severity": "1",
224
- "categories": [
225
- "security"
226
- ],
227
- "description": ""
228
- },
229
- "S1023": {
230
- "title": "Omit redundant control flow",
231
- "severity": "1",
232
- "categories": [
233
- "security"
234
- ],
235
- "description": "Functions that have no return value do not need a return statement as\nthe final statement of the function.\n\nSwitches in Go do not have automatic fallthrough, unlike languages\nlike C. It is not necessary to have a break statement as the final\nstatement in a case block."
236
- },
237
- "S1021": {
238
- "title": "Merge variable declaration and assignment",
239
- "severity": "1",
240
- "categories": [
241
- "security"
242
- ],
243
- "description": ""
244
- },
245
- "S1020": {
246
- "title": "Omit redundant nil check in type assertion",
247
- "severity": "1",
248
- "categories": [
249
- "security"
250
- ],
251
- "description": ""
252
- },
253
- "QF1005": {
254
- "title": "Expand call to math.Pow",
255
- "severity": "1",
256
- "categories": [
257
- "security"
258
- ],
259
- "description": "Some uses of math.Pow can be simplified to basic multiplication."
260
- },
261
- "S1025": {
262
- "title": "Don't use fmt.Sprintf(\"%s\", x) unnecessarily",
263
- "severity": "1",
264
- "categories": [
265
- "security"
266
- ],
267
- "description": "In many instances, there are easier and more efficient ways of getting\na value's string representation. Whenever a value's underlying type is\na string already, or the type has a String method, they should be used\ndirectly.\n\nGiven the following shared definitions\n\n```go\ntype T1 string\ntype T2 int\n\nfunc (T2) String() string { return \"Hello, world\" }\n\nvar x string\nvar y T1\nvar z T2\n```\n\nwe can simplify\n\n```go\nfmt.Sprintf(\"%s\", x)\nfmt.Sprintf(\"%s\", y)\nfmt.Sprintf(\"%s\", z)\n```\n\nto\n\n```go\nx\nstring(y)\nz.String()\n```"
268
- },
269
- "S1024": {
270
- "title": "Replace x.Sub(time.Now()) with time.Until(x)",
271
- "severity": "1",
272
- "categories": [
273
- "security"
274
- ],
275
- "description": "The time.Until helper has the same effect as using x.Sub(time.Now())\nbut is easier to read."
276
- },
277
- "S1034": {
278
- "title": "Use result of type assertion to simplify cases",
279
- "severity": "1",
280
- "categories": [
281
- "security"
282
- ],
283
- "description": ""
284
- },
285
- "S1035": {
286
- "title": "Redundant call to net/http.CanonicalHeaderKey in method call on net/http.Header",
287
- "severity": "1",
288
- "categories": [
289
- "security"
290
- ],
291
- "description": "The methods on net/http.Header, namely Add, Del, Get\nand Set, already canonicalize the given header name."
292
- },
293
- "S1036": {
294
- "title": "Unnecessary guard around map access",
295
- "severity": "1",
296
- "categories": [
297
- "security"
298
- ],
299
- "description": "When accessing a map key that doesn't exist yet, one receives a zero\nvalue. Often, the zero value is a suitable value, for example when\nusing append or doing integer math.\n\nThe following\n\n```go\nif _, ok := m[\"foo\"]; ok {\n m[\"foo\"] = append(m[\"foo\"], \"bar\")\n} else {\n m[\"foo\"] = []string{\"bar\"}\n}\n```\n\ncan be simplified to\n\n```go\nm[\"foo\"] = append(m[\"foo\"], \"bar\")\n```\n\nand\n\n```go\nif _, ok := m2[\"k\"]; ok {\n m2[\"k\"] += 4\n} else {\n m2[\"k\"] = 4\n}\n```\n\ncan be simplified to\n\n```go\nm[\"k\"] += 4\n```"
300
- },
301
- "S1037": {
302
- "title": "Elaborate way of sleeping",
303
- "severity": "1",
304
- "categories": [
305
- "security"
306
- ],
307
- "description": "Using a select statement with a single case receiving\nfrom the result of time.After is a very elaborate way of sleeping that\ncan much simpler be expressed with a simple call to time.Sleep."
308
- },
309
- "S1030": {
310
- "title": "Use bytes.Buffer.String or bytes.Buffer.Bytes",
311
- "severity": "1",
312
- "categories": [
313
- "security"
314
- ],
315
- "description": "bytes.Buffer has both a String and a Bytes method. It is almost never\nnecessary to use string(buf.Bytes()) or []byte(buf.String()) \u2013 simply\nuse the other method.\n\nThe only exception to this are map lookups. Due to a compiler optimization,\nm[string(buf.Bytes())] is more efficient than m[buf.String()]."
316
- },
317
- "SA2001": {
318
- "title": "Empty critical section, did you mean to defer the unlock?",
319
- "severity": "1",
320
- "categories": [
321
- "security"
322
- ],
323
- "description": "Empty critical sections of the kind\n\n```go\nmu.Lock()\nmu.Unlock()\n```\n\nare very often a typo, and the following was intended instead:\n\n```go\nmu.Lock()\ndefer mu.Unlock()\n```\n\nDo note that sometimes empty critical sections can be useful, as a\nform of signaling to wait on another goroutine. Many times, there are\nsimpler ways of achieving the same effect. When that isn't the case,\nthe code should be amply commented to avoid confusion. Combining such\ncomments with a //lint:ignore directive can be used to suppress this\nrare false positive."
324
- },
325
- "S1032": {
326
- "title": "Use sort.Ints(x), sort.Float64s(x), and sort.Strings(x)",
327
- "severity": "1",
328
- "categories": [
329
- "security"
330
- ],
331
- "description": "The sort.Ints, sort.Float64s and sort.Strings functions are easier to\nread than sort.Sort(sort.IntSlice(x)), sort.Sort(sort.Float64Slice(x))\nand sort.Sort(sort.StringSlice(x))."
332
- },
333
- "S1033": {
334
- "title": "Unnecessary guard around call to 'delete'",
335
- "severity": "1",
336
- "categories": [
337
- "security"
338
- ],
339
- "description": "Calling delete on a nil map is a no-op."
340
- },
341
- "S1038": {
342
- "title": "Unnecessarily complex way of printing formatted string",
343
- "severity": "1",
344
- "categories": [
345
- "security"
346
- ],
347
- "description": "Instead of using fmt.Print(fmt.Sprintf(...)), one can use fmt.Printf(...)."
348
- },
349
- "S1039": {
350
- "title": "Unnecessary use of fmt.Sprint",
351
- "severity": "1",
352
- "categories": [
353
- "security"
354
- ],
355
- "description": "Calling fmt.Sprint with a single string argument is unnecessary\nand identical to using the string directly."
356
- },
357
- "S1009": {
358
- "title": "Omit redundant nil check on slices",
359
- "severity": "1",
360
- "categories": [
361
- "security"
362
- ],
363
- "description": "The len function is defined for all slices, even nil ones, which have\na length of zero. It is not necessary to check if a slice is not nil\nbefore checking that its length is not zero."
364
- },
365
- "S1008": {
366
- "title": "Simplify returning boolean expression",
367
- "severity": "1",
368
- "categories": [
369
- "security"
370
- ],
371
- "description": ""
372
- },
373
- "S1040": {
374
- "title": "Type assertion to current type",
375
- "severity": "1",
376
- "categories": [
377
- "security"
378
- ],
379
- "description": "The type assertion x.(SomeInterface), when x already has type\nSomeInterface, can only fail if x is nil. Usually, this is\nleft-over code from when x had a different type and you can safely\ndelete the type assertion. If you want to check that x is not nil,\nconsider being explicit and using an actual if x == nil comparison\ninstead of relying on the type assertion panicking."
380
- },
381
- "S1006": {
382
- "title": "Use 'for { ... }' for infinite loops",
383
- "severity": "1",
384
- "categories": [
385
- "security"
386
- ],
387
- "description": "For infinite loops, using for { ... } is the most idiomatic choice."
388
- },
389
- "QF1004": {
390
- "title": "Use strings.ReplaceAll instead of strings.Replace with n == -1",
391
- "severity": "1",
392
- "categories": [
393
- "security"
394
- ],
395
- "description": ""
396
- },
397
- "SA1008": {
398
- "title": "Non-canonical key in http.Header map",
399
- "severity": "1",
400
- "categories": [
401
- "security"
402
- ],
403
- "description": "Keys in http.Header maps are canonical, meaning they follow a specific\ncombination of uppercase and lowercase letters. Methods such as\nhttp.Header.Add and http.Header.Del convert inputs into this canonical\nform before manipulating the map.\n\nWhen manipulating http.Header maps directly, as opposed to using the\nprovided methods, care should be taken to stick to canonical form in\norder to avoid inconsistencies. The following piece of code\ndemonstrates one such inconsistency:\n\n```go\nh := http.Header{}\nh[\"etag\"] = []string{\"1234\"}\nh.Add(\"etag\", \"5678\")\nfmt.Println(h)\n\n// Output:\n// map[Etag:[5678] etag:[1234]]\n```\n\nThe easiest way of obtaining the canonical form of a key is to use\nhttp.CanonicalHeaderKey."
404
- },
405
- "SA2000": {
406
- "title": "sync.WaitGroup.Add called inside the goroutine, leading to a race condition",
407
- "severity": "1",
408
- "categories": [
409
- "security"
410
- ],
411
- "description": ""
412
- },
413
- "S1017": {
414
- "title": "Replace manual trimming with strings.TrimPrefix",
415
- "severity": "1",
416
- "categories": [
417
- "security"
418
- ],
419
- "description": "Instead of using strings.HasPrefix and manual slicing, use the\nstrings.TrimPrefix function. If the string doesn't start with the\nprefix, the original string will be returned. Using strings.TrimPrefix\nreduces complexity, and avoids common bugs, such as off-by-one\nmistakes."
420
- },
421
- "SA2002": {
422
- "title": "Called testing.T.FailNow or SkipNow in a goroutine, which isn't allowed",
423
- "severity": "1",
424
- "categories": [
425
- "security"
426
- ],
427
- "description": ""
428
- },
429
- "SA2003": {
430
- "title": "Deferred Lock right after locking, likely meant to defer Unlock instead",
431
- "severity": "1",
432
- "categories": [
433
- "security"
434
- ],
435
- "description": ""
436
- },
437
- "SA4003": {
438
- "title": "Comparing unsigned values against negative values is pointless",
439
- "severity": "1",
440
- "categories": [
441
- "security"
442
- ],
443
- "description": ""
444
- },
445
- "SA4000": {
446
- "title": "Binary operator has identical expressions on both sides",
447
- "severity": "1",
448
- "categories": [
449
- "security"
450
- ],
451
- "description": ""
452
- },
453
- "SA4001": {
454
- "title": "&*x gets simplified to x, it does not copy x",
455
- "severity": "1",
456
- "categories": [
457
- "security"
458
- ],
459
- "description": ""
460
- },
461
- "SA4006": {
462
- "title": "A value assigned to a variable is never read before being overwritten. Forgotten error check or dead code?",
463
- "severity": "1",
464
- "categories": [
465
- "security"
466
- ],
467
- "description": ""
468
- },
469
- "SA4004": {
470
- "title": "The loop exits unconditionally after one iteration",
471
- "severity": "1",
472
- "categories": [
473
- "security"
474
- ],
475
- "description": ""
476
- },
477
- "SA4005": {
478
- "title": "Field assignment that will never be observed. Did you mean to use a pointer receiver?",
479
- "severity": "1",
480
- "categories": [
481
- "security"
482
- ],
483
- "description": ""
484
- },
485
- "SA4008": {
486
- "title": "The variable in the loop condition never changes, are you incrementing the wrong variable?",
487
- "severity": "1",
488
- "categories": [
489
- "security"
490
- ],
491
- "description": ""
492
- },
493
- "SA4009": {
494
- "title": "A function argument is overwritten before its first use",
495
- "severity": "1",
496
- "categories": [
497
- "security"
498
- ],
499
- "description": ""
500
- },
501
- "SA1016": {
502
- "title": "Trapping a signal that cannot be trapped",
503
- "severity": "1",
504
- "categories": [
505
- "security"
506
- ],
507
- "description": "Not all signals can be intercepted by a process. Specifically, on\nUNIX-like systems, the syscall.SIGKILL and syscall.SIGSTOP signals are\nnever passed to the process, but instead handled directly by the\nkernel. It is therefore pointless to try and handle these signals."
508
- },
509
- "SA1017": {
510
- "title": "Channels used with os/signal.Notify should be buffered",
511
- "severity": "1",
512
- "categories": [
513
- "security"
514
- ],
515
- "description": "The os/signal package uses non-blocking channel sends when delivering\nsignals. If the receiving end of the channel isn't ready and the\nchannel is either unbuffered or full, the signal will be dropped. To\navoid missing signals, the channel should be buffered and of the\nappropriate size. For a channel used for notification of just one\nsignal value, a buffer of size 1 is sufficient."
516
- },
517
- "SA1014": {
518
- "title": "Non-pointer value passed to Unmarshal or Decode",
519
- "severity": "1",
520
- "categories": [
521
- "security"
522
- ],
523
- "description": ""
524
- },
525
- "SA1015": {
526
- "title": "Using time.Tick in a way that will leak. Consider using time.NewTicker, and only use time.Tick in tests, commands and endless functions",
527
- "severity": "1",
528
- "categories": [
529
- "security"
530
- ],
531
- "description": ""
532
- },
533
- "SA1012": {
534
- "title": "A nil context.Context is being passed to a function, consider using context.TODO instead",
535
- "severity": "1",
536
- "categories": [
537
- "security"
538
- ],
539
- "description": ""
540
- },
541
- "SA1013": {
542
- "title": "io.Seeker.Seek is being called with the whence constant as the first argument, but it should be the second",
543
- "severity": "1",
544
- "categories": [
545
- "security"
546
- ],
547
- "description": ""
548
- },
549
- "SA1010": {
550
- "title": "(*regexp.Regexp).FindAll called with n == 0, which will always return zero results",
551
- "severity": "1",
552
- "categories": [
553
- "security"
554
- ],
555
- "description": "If n >= 0, the function returns at most n matches/submatches. To\nreturn all results, specify a negative number."
556
- },
557
- "SA1011": {
558
- "title": "Various methods in the 'strings' package expect valid UTF-8, but invalid input is provided",
559
- "severity": "1",
560
- "categories": [
561
- "security"
562
- ],
563
- "description": ""
564
- },
565
- "ST1022": {
566
- "title": "The documentation of an exported variable or constant should start with variable's name",
567
- "severity": "1",
568
- "categories": [
569
- "security"
570
- ],
571
- "description": "Doc comments work best as complete sentences, which\nallow a wide variety of automated presentations. The first sentence\nshould be a one-sentence summary that starts with the name being\ndeclared.\n\nIf every doc comment begins with the name of the item it describes,\nyou can use the doc subcommand of the go tool and run the output\nthrough grep.\n\nSee https://golang.org/doc/effective_go.html#commentary for more\ninformation on how to write good documentation."
572
- },
573
- "ST1023": {
574
- "title": "Redundant type in variable declaration",
575
- "severity": "1",
576
- "categories": [
577
- "security"
578
- ],
579
- "description": ""
580
- },
581
- "ST1020": {
582
- "title": "The documentation of an exported function should start with the function's name",
583
- "severity": "1",
584
- "categories": [
585
- "security"
586
- ],
587
- "description": "Doc comments work best as complete sentences, which\nallow a wide variety of automated presentations. The first sentence\nshould be a one-sentence summary that starts with the name being\ndeclared.\n\nIf every doc comment begins with the name of the item it describes,\nyou can use the doc subcommand of the go tool and run the output\nthrough grep.\n\nSee https://golang.org/doc/effective_go.html#commentary for more\ninformation on how to write good documentation."
588
- },
589
- "ST1021": {
590
- "title": "The documentation of an exported type should start with type's name",
591
- "severity": "1",
592
- "categories": [
593
- "security"
594
- ],
595
- "description": "Doc comments work best as complete sentences, which\nallow a wide variety of automated presentations. The first sentence\nshould be a one-sentence summary that starts with the name being\ndeclared.\n\nIf every doc comment begins with the name of the item it describes,\nyou can use the doc subcommand of the go tool and run the output\nthrough grep.\n\nSee https://golang.org/doc/effective_go.html#commentary for more\ninformation on how to write good documentation."
596
- },
597
- "SA1018": {
598
- "title": "strings.Replace called with n == 0, which does nothing",
599
- "severity": "1",
600
- "categories": [
601
- "security"
602
- ],
603
- "description": "With n == 0, zero instances will be replaced. To replace all\ninstances, use a negative number, or use strings.ReplaceAll."
604
- },
605
- "SA1019": {
606
- "title": "Using a deprecated function, variable, constant or field",
607
- "severity": "1",
608
- "categories": [
609
- "security"
610
- ],
611
- "description": ""
612
- },
613
- "QF1008": {
614
- "title": "Omit embedded fields from selector expression",
615
- "severity": "1",
616
- "categories": [
617
- "security"
618
- ],
619
- "description": ""
620
- },
621
- "ST1016": {
622
- "title": "Use consistent method receiver names",
623
- "severity": "1",
624
- "categories": [
625
- "security"
626
- ],
627
- "description": ""
628
- },
629
- "SA4011": {
630
- "title": "Break statement with no effect. Did you mean to break out of an outer loop?",
631
- "severity": "1",
632
- "categories": [
633
- "security"
634
- ],
635
- "description": ""
636
- },
637
- "SA4010": {
638
- "title": "The result of append will never be observed anywhere",
639
- "severity": "1",
640
- "categories": [
641
- "security"
642
- ],
643
- "description": ""
644
- },
645
- "SA4013": {
646
- "title": "Negating a boolean twice (!!b) is the same as writing b. This is either redundant, or a typo.",
647
- "severity": "1",
648
- "categories": [
649
- "security"
650
- ],
651
- "description": ""
652
- },
653
- "SA4012": {
654
- "title": "Comparing a value against NaN even though no value is equal to NaN",
655
- "severity": "1",
656
- "categories": [
657
- "security"
658
- ],
659
- "description": ""
660
- },
661
- "SA4015": {
662
- "title": "Calling functions like math.Ceil on floats converted from integers doesn't do anything useful",
663
- "severity": "1",
664
- "categories": [
665
- "security"
666
- ],
667
- "description": ""
668
- },
669
- "SA4014": {
670
- "title": "An if/else if chain has repeated conditions and no side-effects; if the condition didn't match the first time, it won't match the second time, either",
671
- "severity": "1",
672
- "categories": [
673
- "security"
674
- ],
675
- "description": ""
676
- },
677
- "SA4017": {
678
- "title": "Discarding the return values of a function without side effects, making the call pointless",
679
- "severity": "1",
680
- "categories": [
681
- "security"
682
- ],
683
- "description": ""
684
- },
685
- "SA4016": {
686
- "title": "Certain bitwise operations, such as x ^ 0, do not do anything useful",
687
- "severity": "1",
688
- "categories": [
689
- "security"
690
- ],
691
- "description": ""
692
- },
693
- "SA4019": {
694
- "title": "Multiple, identical build constraints in the same file",
695
- "severity": "1",
696
- "categories": [
697
- "security"
698
- ],
699
- "description": ""
700
- },
701
- "SA4018": {
702
- "title": "Self-assignment of variables",
703
- "severity": "1",
704
- "categories": [
705
- "security"
706
- ],
707
- "description": ""
708
- },
709
- "SA1005": {
710
- "title": "Invalid first argument to exec.Command",
711
- "severity": "1",
712
- "categories": [
713
- "security"
714
- ],
715
- "description": "os/exec runs programs directly (using variants of the fork and exec\nsystem calls on Unix systems). This shouldn't be confused with running\na command in a shell. The shell will allow for features such as input\nredirection, pipes, and general scripting. The shell is also\nresponsible for splitting the user's input into a program name and its\narguments. For example, the equivalent to\n\n```go\nls / /tmp\n```\n\nwould be\n\n```go\nexec.Command(\"ls\", \"/\", \"/tmp\")\n```\n\nIf you want to run a command in a shell, consider using something like\nthe following \u2013 but be aware that not all systems, particularly\nWindows, will have a /bin/sh program:\n\n```go\nexec.Command(\"/bin/sh\", \"-c\", \"ls | grep Awesome\")\n```"
716
- },
717
- "SA1004": {
718
- "title": "Suspiciously small untyped constant in time.Sleep",
719
- "severity": "1",
720
- "categories": [
721
- "security"
722
- ],
723
- "description": "The time.Sleep function takes a time.Duration as its only argument.\nDurations are expressed in nanoseconds. Thus, calling time.Sleep(1)\nwill sleep for 1 nanosecond. This is a common source of bugs, as sleep\nfunctions in other languages often accept seconds or milliseconds.\n\nThe time package provides constants such as time.Second to express\nlarge durations. These can be combined with arithmetic to express\narbitrary durations, for example 5 * time.Second for 5 seconds.\n\nIf you truly meant to sleep for a tiny amount of time, use\nn * time.Nanosecond to signal to Staticcheck that you did mean to sleep\nfor some amount of nanoseconds."
724
- },
725
- "SA1007": {
726
- "title": "Invalid URL in net/url.Parse",
727
- "severity": "1",
728
- "categories": [
729
- "security"
730
- ],
731
- "description": ""
732
- },
733
- "SA1006": {
734
- "title": "Printf with dynamic first argument and no further arguments",
735
- "severity": "1",
736
- "categories": [
737
- "security"
738
- ],
739
- "description": "Using fmt.Printf with a dynamic first argument can lead to unexpected\noutput. The first argument is a format string, where certain character\ncombinations have special meaning. If, for example, a user were to\nenter a string such as\n\n```go\nInterest rate: 5%\n```\n\nand you printed it with\n\n```go\nfmt.Printf(s)\n```\n\nit would lead to the following output:\n\n```go\nInterest rate: 5%!(NOVERB).\n```\n\nSimilarly, forming the first parameter via string concatenation with\nuser input should be avoided for the same reason. When printing user\ninput, either use a variant of fmt.Print, or use the %s Printf verb\nand pass the string as an argument."
740
- },
741
- "SA1001": {
742
- "title": "Invalid template",
743
- "severity": "1",
744
- "categories": [
745
- "security"
746
- ],
747
- "description": ""
748
- },
749
- "SA1000": {
750
- "title": "Invalid regular expression",
751
- "severity": "1",
752
- "categories": [
753
- "security"
754
- ],
755
- "description": ""
756
- },
757
- "SA1003": {
758
- "title": "Unsupported argument to functions in encoding/binary",
759
- "severity": "1",
760
- "categories": [
761
- "security"
762
- ],
763
- "description": "The encoding/binary package can only serialize types with known sizes.\nThis precludes the use of the int and uint types, as their sizes\ndiffer on different architectures. Furthermore, it doesn't support\nserializing maps, channels, strings, or functions.\n\nBefore Go 1.8, bool wasn't supported, either."
764
- },
765
- "SA1002": {
766
- "title": "Invalid format in time.Parse",
767
- "severity": "1",
768
- "categories": [
769
- "security"
770
- ],
771
- "description": ""
772
- },
773
- "SA5012": {
774
- "title": "Passing odd-sized slice to function expecting even size",
775
- "severity": "1",
776
- "categories": [
777
- "security"
778
- ],
779
- "description": "Some functions that take slices as parameters expect the slices to have an even number of elements. \nOften, these functions treat elements in a slice as pairs. \nFor example, strings.NewReplacer takes pairs of old and new strings, \nand calling it with an odd number of elements would be an error."
780
- },
781
- "SA5010": {
782
- "title": "Impossible type assertion",
783
- "severity": "1",
784
- "categories": [
785
- "security"
786
- ],
787
- "description": "Some type assertions can be statically proven to be\nimpossible. This is the case when the method sets of both\narguments of the type assertion conflict with each other, for\nexample by containing the same method with different\nsignatures.\n\nThe Go compiler already applies this check when asserting from an\ninterface value to a concrete type. If the concrete type misses\nmethods from the interface, or if function signatures don't match,\nthen the type assertion can never succeed.\n\nThis check applies the same logic when asserting from one interface to\nanother. If both interface types contain the same method but with\ndifferent signatures, then the type assertion can never succeed,\neither."
788
- },
789
- "SA5011": {
790
- "title": "Possible nil pointer dereference",
791
- "severity": "1",
792
- "categories": [
793
- "security"
794
- ],
795
- "description": "A pointer is being dereferenced unconditionally, while\nalso being checked against nil in another place. This suggests that\nthe pointer may be nil and dereferencing it may panic. This is\ncommonly a result of improperly ordered code or missing return\nstatements. Consider the following examples:\n\n```go\nfunc fn(x *int) {\n fmt.Println(*x)\n\n // This nil check is equally important for the previous dereference\n if x != nil {\n foo(*x)\n }\n}\n\nfunc TestFoo(t *testing.T) {\n x := compute()\n if x == nil {\n t.Errorf(\"nil pointer received\")\n }\n\n // t.Errorf does not abort the test, so if x is nil, the next line will panic.\n foo(*x)\n}\n```\n\nStaticcheck tries to deduce which functions abort control flow.\nFor example, it is aware that a function will not continue\nexecution after a call to panic or log.Fatal. However, sometimes\nthis detection fails, in particular in the presence of\nconditionals. Consider the following example:\n\n```go\nfunc Log(msg string, level int) {\n fmt.Println(msg)\n if level == levelFatal {\n os.Exit(1)\n }\n}\n\nfunc Fatal(msg string) {\n Log(msg, levelFatal)\n}\n\nfunc fn(x *int) {\n if x == nil {\n Fatal(\"unexpected nil pointer\")\n }\n fmt.Println(*x)\n}\n```\n\nStaticcheck will flag the dereference of x, even though it is perfectly\nsafe. Staticcheck is not able to deduce that a call to\nFatal will exit the program. For the time being, the easiest\nworkaround is to modify the definition of Fatal like so:\n\n```go\nfunc Fatal(msg string) {\n Log(msg, levelFatal)\n panic(\"unreachable\")\n}\n```\n\nWe also hard-code functions from common logging packages such as\nlogrus. Please file an issue if we're missing support for a\npopular package."
796
- },
797
- "SA4031": {
798
- "title": "Checking never-nil value against nil",
799
- "severity": "1",
800
- "categories": [
801
- "security"
802
- ],
803
- "description": ""
804
- },
805
- "S1031": {
806
- "title": "Omit redundant nil check around loop",
807
- "severity": "1",
808
- "categories": [
809
- "security"
810
- ],
811
- "description": "You can use range on nil slices and maps, the loop will simply never\nexecute. This makes an additional nil check around the loop\nunnecessary."
812
- },
813
- "ST1018": {
814
- "title": "Avoid zero-width and control characters in string literals",
815
- "severity": "1",
816
- "categories": [
817
- "security"
818
- ],
819
- "description": ""
820
- },
821
- "S1000": {
822
- "title": "Use plain channel send or receive instead of single-case select",
823
- "severity": "1",
824
- "categories": [
825
- "security"
826
- ],
827
- "description": "Select statements with a single case can be replaced with a simple\nsend or receive."
828
- },
829
- "S1003": {
830
- "title": "Replace call to strings.Index with strings.Contains",
831
- "severity": "1",
832
- "categories": [
833
- "security"
834
- ],
835
- "description": ""
836
- },
837
- "QF1007": {
838
- "title": "Merge conditional assignment into variable declaration",
839
- "severity": "1",
840
- "categories": [
841
- "security"
842
- ],
843
- "description": ""
844
- },
845
- "S1002": {
846
- "title": "Omit comparison with boolean constant",
847
- "severity": "1",
848
- "categories": [
849
- "security"
850
- ],
851
- "description": ""
852
- },
853
- "ST1005": {
854
- "title": "Incorrectly formatted error string",
855
- "severity": "1",
856
- "categories": [
857
- "security"
858
- ],
859
- "description": "Error strings follow a set of guidelines to ensure uniformity and good\ncomposability.\n\nQuoting Go Code Review Comments:\n\n> Error strings should not be capitalized (unless beginning with\n> proper nouns or acronyms) or end with punctuation, since they are\n> usually printed following other context. That is, use\n> fmt.Errorf(\"something bad\") not fmt.Errorf(\"Something bad\"), so\n> that log.Printf(\"Reading %s: %v\", filename, err) formats without a\n> spurious capital letter mid-message."
860
- },
861
- "ST1006": {
862
- "title": "Poorly chosen receiver name",
863
- "severity": "1",
864
- "categories": [
865
- "security"
866
- ],
867
- "description": "Quoting Go Code Review Comments:\n\n> The name of a method's receiver should be a reflection of its\n> identity; often a one or two letter abbreviation of its type\n> suffices (such as \"c\" or \"cl\" for \"Client\"). Don't use generic\n> names such as \"me\", \"this\" or \"self\", identifiers typical of\n> object-oriented languages that place more emphasis on methods as\n> opposed to functions. The name need not be as descriptive as that\n> of a method argument, as its role is obvious and serves no\n> documentary purpose. It can be very short as it will appear on\n> almost every line of every method of the type; familiarity admits\n> brevity. Be consistent, too: if you call the receiver \"c\" in one\n> method, don't call it \"cl\" in another."
868
- },
869
- "SA4028": {
870
- "title": "x % 1 is always zero",
871
- "severity": "1",
872
- "categories": [
873
- "security"
874
- ],
875
- "description": ""
876
- },
877
- "SA4029": {
878
- "title": "Ineffective attempt at sorting slice",
879
- "severity": "1",
880
- "categories": [
881
- "security"
882
- ],
883
- "description": "sort.Float64Slice, sort.IntSlice, and sort.StringSlice are\ntypes, not functions. Doing x = sort.StringSlice(x) does nothing,\nespecially not sort any values. The correct usage is\nsort.Sort(sort.StringSlice(x)) or sort.StringSlice(x).Sort(),\nbut there are more convenient helpers, namely sort.Float64s,\nsort.Ints, and sort.Strings."
884
- },
885
- "ST1003": {
886
- "title": "Poorly chosen identifier",
887
- "severity": "1",
888
- "categories": [
889
- "security"
890
- ],
891
- "description": "Identifiers, such as variable and package names, follow certain rules.\n\nSee the following links for details:\n\n- https://golang.org/doc/effective_go.html#package-names\n- https://golang.org/doc/effective_go.html#mixed-caps\n- https://github.com/golang/go/wiki/CodeReviewComments#initialisms\n- https://github.com/golang/go/wiki/CodeReviewComments#variable-names"
892
- },
893
- "SA4024": {
894
- "title": "Checking for impossible return value from a builtin function",
895
- "severity": "1",
896
- "categories": [
897
- "security"
898
- ],
899
- "description": "Return values of the len and cap builtins cannot be negative.\n\nSee https://golang.org/pkg/builtin/#len and https://golang.org/pkg/builtin/#cap.\n\nExample:\n\n```go\nif len(slice) < 0 {\n fmt.Println(\"unreachable code\")\n}\n```"
900
- },
901
- "SA4025": {
902
- "title": "Integer division of literals that results in zero",
903
- "severity": "1",
904
- "categories": [
905
- "security"
906
- ],
907
- "description": "When dividing two integer constants, the result will\nalso be an integer. Thus, a division such as 2 / 3 results in 0.\nThis is true for all of the following examples:\n\n\t_ = 2 / 3\n\tconst _ = 2 / 3\n\tconst _ float64 = 2 / 3\n\t_ = float64(2 / 3)\n\nStaticcheck will flag such divisions if both sides of the division are\ninteger literals, as it is highly unlikely that the division was\nintended to truncate to zero. Staticcheck will not flag integer\ndivision involving named constants, to avoid noisy positives."
908
- },
909
- "QF1006": {
910
- "title": "Lift if+break into loop condition",
911
- "severity": "1",
912
- "categories": [
913
- "security"
914
- ],
915
- "description": ""
916
- },
917
- "SA4027": {
918
- "title": "(*net/url.URL).Query returns a copy, modifying it doesn't change the URL",
919
- "severity": "1",
920
- "categories": [
921
- "security"
922
- ],
923
- "description": "(*net/url.URL).Query parses the current value of net/url.URL.RawQuery\nand returns it as a map of type net/url.Values. Subsequent changes to\nthis map will not affect the URL unless the map gets encoded and\nassigned to the URL's RawQuery.\n\nAs a consequence, the following code pattern is an expensive no-op:\nu.Query().Add(key, value)."
924
- },
925
- "ST1008": {
926
- "title": "A function's error value should be its last return value",
927
- "severity": "1",
928
- "categories": [
929
- "security"
930
- ],
931
- "description": "A function's error value should be its last return value."
932
- },
933
- "SA4021": {
934
- "title": "'x = append(y)' is equivalent to 'x = y'",
935
- "severity": "1",
936
- "categories": [
937
- "security"
938
- ],
939
- "description": ""
940
- },
941
- "SA4022": {
942
- "title": "Comparing the address of a variable against nil",
943
- "severity": "1",
944
- "categories": [
945
- "security"
946
- ],
947
- "description": "Code such as 'if &x == nil' is meaningless, because taking the address of a variable always yields a non-nil pointer."
948
- },
949
- "SA4023": {
950
- "title": "Impossible comparison of interface value with untyped nil",
951
- "severity": "1",
952
- "categories": [
953
- "security"
954
- ],
955
- "description": "Under the covers, interfaces are implemented as two elements, a\ntype T and a value V. V is a concrete value such as an int,\nstruct or pointer, never an interface itself, and has type T. For\ninstance, if we store the int value 3 in an interface, the\nresulting interface value has, schematically, (T=int, V=3). The\nvalue V is also known as the interface's dynamic value, since a\ngiven interface variable might hold different values V (and\ncorresponding types T) during the execution of the program.\n\nAn interface value is nil only if the V and T are both\nunset, (T=nil, V is not set), In particular, a nil interface will\nalways hold a nil type. If we store a nil pointer of type *int\ninside an interface value, the inner type will be *int regardless\nof the value of the pointer: (T=*int, V=nil). Such an interface\nvalue will therefore be non-nil even when the pointer value V\ninside is nil.\n\nThis situation can be confusing, and arises when a nil value is\nstored inside an interface value such as an error return:\n\n```go\nfunc returnsError() error {\n var p *MyError = nil\n if bad() {\n p = ErrBad\n }\n return p // Will always return a non-nil error.\n}\n```\n\nIf all goes well, the function returns a nil p, so the return\nvalue is an error interface value holding (T=*MyError, V=nil).\nThis means that if the caller compares the returned error to nil,\nit will always look as if there was an error even if nothing bad\nhappened. To return a proper nil error to the caller, the\nfunction must return an explicit nil:\n\n```go\nfunc returnsError() error {\n if bad() {\n return ErrBad\n }\n return nil\n}\n```\n\nIt's a good idea for functions that return errors always to use\nthe error type in their signature (as we did above) rather than a\nconcrete type such as *MyError, to help guarantee the error is\ncreated correctly. As an example, os.Open returns an error even\nthough, if not nil, it's always of concrete type *os.PathError.\n\nSimilar situations to those described here can arise whenever\ninterfaces are used. Just keep in mind that if any concrete value\nhas been stored in the interface, the interface will not be nil.\nFor more information, see The Laws of\nReflection (https://golang.org/doc/articles/laws_of_reflection.html).\n\nThis text has been copied from\nhttps://golang.org/doc/faq#nil_error, licensed under the Creative\nCommons Attribution 3.0 License."
956
- },
957
- "SA5009": {
958
- "title": "Invalid Printf call",
959
- "severity": "1",
960
- "categories": [
961
- "security"
962
- ],
963
- "description": ""
964
- },
965
- "SA5008": {
966
- "title": "Invalid struct tag",
967
- "severity": "1",
968
- "categories": [
969
- "security"
970
- ],
971
- "description": ""
972
- },
973
- "SA5001": {
974
- "title": "Deferring Close before checking for a possible error",
975
- "severity": "1",
976
- "categories": [
977
- "security"
978
- ],
979
- "description": ""
980
- },
981
- "SA5000": {
982
- "title": "Assignment to nil map",
983
- "severity": "1",
984
- "categories": [
985
- "security"
986
- ],
987
- "description": ""
988
- },
989
- "SA5003": {
990
- "title": "Defers in infinite loops will never execute",
991
- "severity": "1",
992
- "categories": [
993
- "security"
994
- ],
995
- "description": "Defers are scoped to the surrounding function, not the surrounding\nblock. In a function that never returns, i.e. one containing an\ninfinite loop, defers will never execute."
996
- },
997
- "SA5002": {
998
- "title": "The empty for loop ('for {}') spins and can block the scheduler",
999
- "severity": "1",
1000
- "categories": [
1001
- "security"
1002
- ],
1003
- "description": ""
1004
- },
1005
- "SA5005": {
1006
- "title": "The finalizer references the finalized object, preventing garbage collection",
1007
- "severity": "1",
1008
- "categories": [
1009
- "security"
1010
- ],
1011
- "description": "A finalizer is a function associated with an object that runs when the\ngarbage collector is ready to collect said object, that is when the\nobject is no longer referenced by anything.\n\nIf the finalizer references the object, however, it will always remain\nas the final reference to that object, preventing the garbage\ncollector from collecting the object. The finalizer will never run,\nand the object will never be collected, leading to a memory leak. That\nis why the finalizer should instead use its first argument to operate\non the object. That way, the number of references can temporarily go\nto zero before the object is being passed to the finalizer."
1012
- },
1013
- "SA5004": {
1014
- "title": "'for { select { ...' with an empty default branch spins",
1015
- "severity": "1",
1016
- "categories": [
1017
- "security"
1018
- ],
1019
- "description": ""
1020
- },
1021
- "SA5007": {
1022
- "title": "Infinite recursive call",
1023
- "severity": "1",
1024
- "categories": [
1025
- "security"
1026
- ],
1027
- "description": "A function that calls itself recursively needs to have an exit\ncondition. Otherwise it will recurse forever, until the system runs\nout of memory.\n\nThis issue can be caused by simple bugs such as forgetting to add an\nexit condition. It can also happen \"on purpose\". Some languages have\ntail call optimization which makes certain infinite recursive calls\nsafe to use. Go, however, does not implement TCO, and as such a loop\nshould be used instead."
1028
- },
1029
- "S1007": {
1030
- "title": "Simplify regular expression by using raw string literal",
1031
- "severity": "1",
1032
- "categories": [
1033
- "security"
1034
- ],
1035
- "description": "Raw string literals use backticks instead of quotation marks and do not support\nany escape sequences. This means that the backslash can be used\nfreely, without the need of escaping.\n\nSince regular expressions have their own escape sequences, raw strings\ncan improve their readability."
1036
- },
1037
- "ST1000": {
1038
- "title": "Incorrect or missing package comment",
1039
- "severity": "1",
1040
- "categories": [
1041
- "security"
1042
- ],
1043
- "description": "Packages must have a package comment that is formatted according to\nthe guidelines laid out in\nhttps://github.com/golang/go/wiki/CodeReviewComments#package-comments."
1044
- },
1045
- "ST1001": {
1046
- "title": "Dot imports are discouraged",
1047
- "severity": "1",
1048
- "categories": [
1049
- "security"
1050
- ],
1051
- "description": "Dot imports that aren't in external test packages are discouraged.\n\nThe dot_import_whitelist option can be used to whitelist certain\nimports.\n\nQuoting Go Code Review Comments:\n\n> The import . form can be useful in tests that, due to circular\n> dependencies, cannot be made part of the package being tested:\n> \n> package foo_test\n> \n> import (\n> \"bar/testutil\" // also imports \"foo\"\n> . \"foo\"\n> )\n> \n> In this case, the test file cannot be in package foo because it\n> uses bar/testutil, which imports foo. So we use the import .\n> form to let the file pretend to be part of package foo even though\n> it is not. Except for this one case, do not use import . in your\n> programs. It makes the programs much harder to read because it is\n> unclear whether a name like Quux is a top-level identifier in the\n> current package or in an imported package."
1052
- },
1053
- "ST1013": {
1054
- "title": "Should use constants for HTTP error codes, not magic numbers",
1055
- "severity": "1",
1056
- "categories": [
1057
- "security"
1058
- ],
1059
- "description": "HTTP has a tremendous number of status codes. While some of those are\nwell known (200, 400, 404, 500), most of them are not. The net/http\npackage provides constants for all status codes that are part of the\nvarious specifications. It is recommended to use these constants\ninstead of hard-coding magic numbers, to vastly improve the\nreadability of your code."
1060
- },
1061
- "ST1012": {
1062
- "title": "Poorly chosen name for error variable",
1063
- "severity": "1",
1064
- "categories": [
1065
- "security"
1066
- ],
1067
- "description": "Error variables that are part of an API should be called errFoo or\nErrFoo."
1068
- },
1069
- "ST1011": {
1070
- "title": "Poorly chosen name for variable of type time.Duration",
1071
- "severity": "1",
1072
- "categories": [
1073
- "security"
1074
- ],
1075
- "description": "time.Duration values represent an amount of time, which is represented\nas a count of nanoseconds. An expression like 5 * time.Microsecond\nyields the value 5000. It is therefore not appropriate to suffix a\nvariable of type time.Duration with any time unit, such as Msec or\nMilli."
1076
- },
1077
- "ST1017": {
1078
- "title": "Don't use Yoda conditions",
1079
- "severity": "1",
1080
- "categories": [
1081
- "security"
1082
- ],
1083
- "description": "Yoda conditions are conditions of the kind 'if 42 == x', where the\nliteral is on the left side of the comparison. These are a common\nidiom in languages in which assignment is an expression, to avoid bugs\nof the kind 'if (x = 42)'. In Go, which doesn't allow for this kind of\nbug, we prefer the more idiomatic 'if x == 42'."
1084
- },
1085
- "QF1009": {
1086
- "title": "Use time.Time.Equal instead of == operator",
1087
- "severity": "1",
1088
- "categories": [
1089
- "security"
1090
- ],
1091
- "description": ""
1092
- },
1093
- "ST1015": {
1094
- "title": "A switch's default case should be the first or last case",
1095
- "severity": "1",
1096
- "categories": [
1097
- "security"
1098
- ],
1099
- "description": ""
1100
- },
1101
- "S1005": {
1102
- "title": "Drop unnecessary use of the blank identifier",
1103
- "severity": "1",
1104
- "categories": [
1105
- "security"
1106
- ],
1107
- "description": "In many cases, assigning to the blank identifier is unnecessary."
1108
- },
1109
- "S1004": {
1110
- "title": "Replace call to bytes.Compare with bytes.Equal",
1111
- "severity": "1",
1112
- "categories": [
1113
- "security"
1114
- ],
1115
- "description": ""
1116
- },
1117
- "ST1019": {
1118
- "title": "Importing the same package multiple times",
1119
- "severity": "1",
1120
- "categories": [
1121
- "security"
1122
- ],
1123
- "description": "Go allows importing the same package multiple times, as long as\ndifferent import aliases are being used. That is, the following\nbit of code is valid:\n\n```go\nimport (\n \"fmt\"\n fumpt \"fmt\"\n format \"fmt\"\n _ \"fmt\"\n)\n```\n\nHowever, this is very rarely done on purpose. Usually, it is a\nsign of code that got refactored, accidentally adding duplicate\nimport statements. It is also a rarely known feature, which may\ncontribute to confusion.\n\nDo note that sometimes, this feature may be used\nintentionally (see for example\nhttps://github.com/golang/go/commit/3409ce39bfd7584523b7a8c150a310cea92d879d)\n\u2013 if you want to allow this pattern in your code base, you're\nadvised to disable this check."
1124
- },
1125
- "SA4030": {
1126
- "title": "Ineffective attempt at generating random number",
1127
- "severity": "1",
1128
- "categories": [
1129
- "security"
1130
- ],
1131
- "description": "Functions in the math/rand package that accept upper limits, such\nas Intn, generate random numbers in the half-open interval [0,n). In\nother words, the generated numbers will be >= 0 and < n \u2013 they\ndon't include n. rand.Intn(1) therefore doesn't generate 0\nor 1, it always generates 0."
1132
- },
1133
- "S1001": {
1134
- "title": "Replace for loop with call to copy",
1135
- "severity": "1",
1136
- "categories": [
1137
- "security"
1138
- ],
1139
- "description": "Use copy() for copying elements from one slice to another. For\narrays of identical size, you can use simple assignment."
1140
- },
1141
- "QF1001": {
1142
- "title": "Apply De Morgan's law",
1143
- "severity": "1",
1144
- "categories": [
1145
- "security"
1146
- ],
1147
- "description": ""
1148
- },
1149
- "QF1002": {
1150
- "title": "Convert untagged switch to tagged switch",
1151
- "severity": "1",
1152
- "categories": [
1153
- "security"
1154
- ],
1155
- "description": "An untagged switch that compares a single variable against a series of\nvalues can be replaced with a tagged switch."
1156
- },
1157
- "QF1003": {
1158
- "title": "Convert if/else-if chain to tagged switch",
1159
- "severity": "1",
1160
- "categories": [
1161
- "security"
1162
- ],
1163
- "description": "A series of if/else-if checks comparing the same variable against\nvalues can be replaced with a tagged switch."
1164
- },
1165
- "SA1029": {
1166
- "title": "Inappropriate key in call to context.WithValue",
1167
- "severity": "1",
1168
- "categories": [
1169
- "security"
1170
- ],
1171
- "description": "The provided key must be comparable and should not be\nof type string or any other built-in type to avoid collisions between\npackages using context. Users of WithValue should define their own\ntypes for keys.\n\nTo avoid allocating when assigning to an interface{},\ncontext keys often have concrete type struct{}. Alternatively,\nexported context key variables' static type should be a pointer or\ninterface."
1172
- },
1173
- "SA1028": {
1174
- "title": "sort.Slice can only be used on slices",
1175
- "severity": "1",
1176
- "categories": [
1177
- "security"
1178
- ],
1179
- "description": "The first argument of sort.Slice must be a slice."
1180
- },
1181
- "SA1027": {
1182
- "title": "Atomic access to 64-bit variable must be 64-bit aligned",
1183
- "severity": "1",
1184
- "categories": [
1185
- "security"
1186
- ],
1187
- "description": "On ARM, x86-32, and 32-bit MIPS, it is the caller's responsibility to\narrange for 64-bit alignment of 64-bit words accessed atomically. The\nfirst word in a variable or in an allocated struct, array, or slice\ncan be relied upon to be 64-bit aligned.\n\nYou can use the structlayout tool to inspect the alignment of fields\nin a struct."
1188
- },
1189
- "SA1026": {
1190
- "title": "Cannot marshal channels or functions",
1191
- "severity": "1",
1192
- "categories": [
1193
- "security"
1194
- ],
1195
- "description": ""
1196
- },
1197
- "SA1025": {
1198
- "title": "It is not possible to use (*time.Timer).Reset's return value correctly",
1199
- "severity": "1",
1200
- "categories": [
1201
- "security"
1202
- ],
1203
- "description": ""
1204
- },
1205
- "SA1024": {
1206
- "title": "A string cutset contains duplicate characters",
1207
- "severity": "1",
1208
- "categories": [
1209
- "security"
1210
- ],
1211
- "description": "The strings.TrimLeft and strings.TrimRight functions take cutsets, not\nprefixes. A cutset is treated as a set of characters to remove from a\nstring. For example,\n\n```go\nstrings.TrimLeft(\"42133word\", \"1234\")\n```\n\nwill result in the string \"word\" \u2013 any characters that are 1, 2, 3 or\n4 are cut from the left of the string.\n\nIn order to remove one string from another, use strings.TrimPrefix instead."
1212
- },
1213
- "SA1023": {
1214
- "title": "Modifying the buffer in an io.Writer implementation",
1215
- "severity": "1",
1216
- "categories": [
1217
- "security"
1218
- ],
1219
- "description": "Write must not modify the slice data, even temporarily."
1220
- },
1221
- "SA4026": {
1222
- "title": "Go constants cannot express negative zero",
1223
- "severity": "1",
1224
- "categories": [
1225
- "security"
1226
- ],
1227
- "description": "In IEEE 754 floating point math, zero has a sign and can be positive\nor negative. This can be useful in certain numerical code.\n\nGo constants, however, cannot express negative zero. This means that\nthe literals -0.0 and 0.0 have the same ideal value (zero) and\nwill both represent positive zero at runtime.\n\nTo explicitly and reliably create a negative zero, you can use the\nmath.Copysign function: math.Copysign(0, -1)."
1228
- },
1229
- "SA1021": {
1230
- "title": "Using bytes.Equal to compare two net.IP",
1231
- "severity": "1",
1232
- "categories": [
1233
- "security"
1234
- ],
1235
- "description": "A net.IP stores an IPv4 or IPv6 address as a slice of bytes. The\nlength of the slice for an IPv4 address, however, can be either 4 or\n16 bytes long, using different ways of representing IPv4 addresses. In\norder to correctly compare two net.IPs, the net.IP.Equal method should\nbe used, as it takes both representations into account."
1236
- },
1237
- "SA1020": {
1238
- "title": "Using an invalid host:port pair with a net.Listen-related function",
1239
- "severity": "1",
1240
- "categories": [
1241
- "security"
1242
- ],
1243
- "description": ""
1244
- }
1245
- }
1246
-