Create go rule S5443: Using publicly writable directories is security-sensitive (#4632)

* Add go to rule S5443 * Initial draft * Improve examples * Add intro texts to code examples * Remove unwanted // compliant commentary from fixed examples --------- Co-authored-by: Teemu Rytilahti <teemu.rytilahti@sonarsource.com>
2025-01-31 11:52:04 +01:00 · 2025-01-31 11:52:04 +01:00 · 7e54acfafa
commit 7e54acfafa
parent 14c80b84d0
2 changed files with 67 additions and 0 deletions
--- a/rules/S5443/go/metadata.json
+++ b/rules/S5443/go/metadata.json
@ -0,0 +1,2 @@
+{
+}
--- a/rules/S5443/go/rule.adoc
+++ b/rules/S5443/go/rule.adoc
@ -0,0 +1,65 @@
+include::../description.adoc[]
+
+include::../ask-yourself.adoc[]
+
+include::../recommended.adoc[]
+
+== Sensitive Code Example
+
+Examples of sensitive file creation:
+
+[source,go]
+----
+file, _ = os.Create("/tmp/tempfile.txt") // Sensitive
+
+file, _ = os.Create(os.TempDir()+"/tempfile.txt") // Sensitive
+
+file, _ := os.OpenFile("/tmp/tempfile.txt", os.O_CREATE, 0755) // Sensitive
+
+os.WriteFile("/tmp/tempfile.txt", []byte{"sensitive"}, 0755)  // Sensitive
+----
+
+Example of sensitive directory creation:
+
+[source,go]
+----
+tempdir := "/tmp/tempdir/"
+os.Mkdir(tempdir, 0755)  // Sensitive
+file, _ := os.Create("/tmp/tempdir/tempfile.txt")
+----
+
+== Compliant Solution
+
+Compliant temporary file creation:
+
+[source,go]
+----
+file, _ := os.CreateTemp("", "example-pattern")
+----
+
+Compliant temporary directory creation:
+
+[source,go]
+----
+dir, _ := os.MkdirTemp("", "example-directory")
+filename := filepath.Join(dir, "tempfile.txt")
+file, _ := os.Create(filename)
+----
+
+include::../see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+'''
+== Comments And Links
+(visible only on this page)
+
+include::../comments-and-links.adoc[]
+
+endif::env-github,rspecator-view[]