Skip to content

Commit 2ae1f47

Browse files
stbenjamstbenjam
authored
Merge pull request #3 from avorima/scan-host-literal
Ignore string literals without colon
2 parents e0f1191 + e14d69b commit 2ae1f47

File tree

2 files changed

+27
-9
lines changed

2 files changed

+27
-9
lines changed

pkg/analyzer/analyzer.go

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"go/ast"
66
"go/token"
77
"regexp"
8+
"strings"
89

910
"golang.org/x/tools/go/analysis/passes/inspect"
1011
"golang.org/x/tools/go/ast/inspector"
@@ -86,10 +87,20 @@ func checkForHostPortConstruction(sprintf *ast.CallExpr) error {
8687
regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9+-.]*://[^/]*@%s:.*$`), // URL with basic auth
8788
}
8889

89-
for _, re := range regexes {
90-
if re.MatchString(fs) {
91-
return fmt.Errorf("host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf")
90+
for idx, re := range regexes {
91+
if !re.MatchString(fs) {
92+
continue
9293
}
94+
95+
// Match without basic auth and only handle cases where the hostname and optionally the port are specified.
96+
if idx == 0 && len(sprintf.Args) <= 3 {
97+
arg, ok := getStringLiteral(sprintf.Args, 1)
98+
if ok && !strings.Contains(arg, ":") {
99+
continue
100+
}
101+
}
102+
103+
return fmt.Errorf("host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf")
93104
}
94105

95106
return nil

testdata/src/p/p.go

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,20 +27,27 @@ func _() {
2727

2828
_ = fmt.Sprintf("http://example.com:9211")
2929

30-
_ = fmt.Sprintf("gopher://%s:%d", "myHost", 70) // want "should be constructed with net.JoinHostPort"
30+
_ = fmt.Sprintf("gopher://%s:%d", "myHost", 70)
3131

32-
_ = fmt.Sprintf("telnet+ssl://%s:%d", "myHost", 23) // want "should be constructed with net.JoinHostPort"
32+
_ = fmt.Sprintf("telnet+ssl://%s:%d", "myHost", 23)
3333

34-
_ = fmt.Sprintf("weird3.6://%s:%d", "myHost", 23) // want "should be constructed with net.JoinHostPort"
34+
_ = fmt.Sprintf("weird3.6://%s:%d", "myHost", 23)
3535

3636
_ = fmt.Sprintf("https://user@%s:%d", "myHost", 8443) // want "should be constructed with net.JoinHostPort"
3737

3838
_ = fmt.Sprintf("postgres://%s:%s@%s:5050/%s", "foo", "bar", "baz", "qux") // want "should be constructed with net.JoinHostPort"
3939

40-
_ = fmt.Sprintf("https://%s:%d", "myHost", 8443) // want "should be constructed with net.JoinHostPort"
40+
_ = fmt.Sprintf("https://%s:%d", "myHost", 8443)
4141

42-
_ = fmt.Sprintf("https://%s:9211", "myHost") // want "should be constructed with net.JoinHostPort"
42+
_ = fmt.Sprintf("https://%s:9211", "myHost")
43+
44+
_ = fmt.Sprintf("postgres://%s:%s@%s:5050/%s", "myHost") // want "should be constructed with net.JoinHostPort"
45+
46+
_ = fmt.Sprintf("https://%s:9211", "my:Host") // want "should be constructed with net.JoinHostPort"
4347

4448
ip := "fd00::1"
4549
_ = fmt.Sprintf("http://%s:1936/healthz", ip) // want "should be constructed with net.JoinHostPort"
46-
}
50+
51+
const host = "myHost"
52+
_ = fmt.Sprintf("https://%s:9211", host) // want "should be constructed with net.JoinHostPort"
53+
}

0 commit comments

Comments
 (0)