Update unsafe rule to match package explicitly

gcmurphy · gcmurphy · commit 63e8b1af23f9 · 2016-11-15T13:53:36.000-08:00
Unsafe is not tracked in Package.Imports(), the regexp was not explicit
enough and foounsafe.Blah() would trigger an error.
diff --git a/core/analyzer.go b/core/analyzer.go
@@ -138,7 +138,6 @@ func (gas *Analyzer) process(filename string, source interface{}) error {
 		for _, pkg := range gas.context.Pkg.Imports() {
 			gas.context.Imports.Imported[pkg.Path()] = pkg.Name()
 		}
-
 		ast.Walk(gas, root)
 		gas.Stats.NumFiles++
 	}
@@ -203,8 +202,8 @@ func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {
 
 		// Track aliased and initialization imports
 		if imported, ok := n.(*ast.ImportSpec); ok {
+			path := strings.Trim(imported.Path.Value, `"`)
 			if imported.Name != nil {
-				path := strings.Trim(imported.Path.Value, `"`)
 				if imported.Name.Name == "_" {
 					// Initialization import
 					gas.context.Imports.InitOnly[path] = true
@@ -213,7 +212,12 @@ func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {
 					gas.context.Imports.Aliased[path] = imported.Name.Name
 				}
 			}
+			// unsafe is not included in Package.Imports()
+			if path == "unsafe" {
+				gas.context.Imports.Imported[path] = path
+			}
 		}
+
 		if val, ok := gas.ruleset[reflect.TypeOf(n)]; ok {
 			for _, rule := range val {
 				ret, err := rule.Match(n, &gas.context)
diff --git a/rules/unsafe.go b/rules/unsafe.go
@@ -17,24 +17,25 @@ package rules
 import (
 	gas "github.com/GoASTScanner/gas/core"
 	"go/ast"
-	"regexp"
 )
 
 type UsingUnsafe struct {
 	gas.MetaData
-	pattern *regexp.Regexp
+	pkg   string
+	calls []string
 }
 
 func (r *UsingUnsafe) Match(n ast.Node, c *gas.Context) (gi *gas.Issue, err error) {
-	if node := gas.MatchCall(n, r.pattern); node != nil {
+	if _, matches := gas.MatchCallByPackage(n, c, r.pkg, r.calls...); matches {
 		return gas.NewIssue(c, n, r.What, r.Severity, r.Confidence), nil
 	}
 	return nil, nil
 }
 
 func NewUsingUnsafe(conf map[string]interface{}) (gas.Rule, []ast.Node) {
 	return &UsingUnsafe{
-		pattern: regexp.MustCompile(`unsafe\..*`),
+		pkg:   "unsafe",
+		calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"},
 		MetaData: gas.MetaData{
 			What:       "Use of unsafe calls should be audited",
 			Severity:   gas.Low,

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,6 @@ func (gas *Analyzer) process(filename string, source interface{}) error {`
`138`	`138`	`for _, pkg := range gas.context.Pkg.Imports() {`
`139`	`139`	`gas.context.Imports.Imported[pkg.Path()] = pkg.Name()`
`140`	`140`	`}`
`141`		`-`
`142`	`141`	`ast.Walk(gas, root)`
`143`	`142`	`gas.Stats.NumFiles++`
`144`	`143`	`}`
`@@ -203,8 +202,8 @@ func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {`
`203`	`202`
`204`	`203`	`// Track aliased and initialization imports`
`205`	`204`	`if imported, ok := n.(*ast.ImportSpec); ok {`
	`205`	+ path := strings.Trim(imported.Path.Value, `"`)
`206`	`206`	`if imported.Name != nil {`
`207`		- path := strings.Trim(imported.Path.Value, `"`)
`208`	`207`	`if imported.Name.Name == "_" {`
`209`	`208`	`// Initialization import`
`210`	`209`	`gas.context.Imports.InitOnly[path] = true`
`@@ -213,7 +212,12 @@ func (gas *Analyzer) Visit(n ast.Node) ast.Visitor {`
`213`	`212`	`gas.context.Imports.Aliased[path] = imported.Name.Name`
`214`	`213`	`}`
`215`	`214`	`}`
	`215`	`+ // unsafe is not included in Package.Imports()`
	`216`	`+ if path == "unsafe" {`
	`217`	`+ gas.context.Imports.Imported[path] = path`
	`218`	`+ }`
`216`	`219`	`}`
	`220`	`+`
`217`	`221`	`if val, ok := gas.ruleset[reflect.TypeOf(n)]; ok {`
`218`	`222`	`for _, rule := range val {`
`219`	`223`	`ret, err := rule.Match(n, &gas.context)`