Merge pull request #18 from MVrachev/add-more-to-g107

ccojocar · web-flow · commit db12d16fc497 · 2020-04-14T00:36:06.000-07:00
Add one more example to g107
diff --git a/docs/rules/g107_url_arg_to_http_request_as_taint_input.md b/docs/rules/g107_url_arg_to_http_request_as_taint_input.md
@@ -33,13 +33,44 @@ func main() {
 }
 ```
 
+```
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+var url string = "https://www.google.com"
+
+func main() {
+
+	resp, err := http.Get(url)
+	if err != nil {
+		panic(err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("%s", body)
+}
+```
+
 ## Gosec command line output
 
 ```
 [examples/main.go:12] - G107: Potential HTTP request made with variable url (Confidence: MEDIUM, Severity: MEDIUM)
   > http.Get(url)
 ```
 
+```
+[/Users/mvrachev/Martins/go/src/github.com/securego/examples/main.go:17] - G107: Potential HTTP request made with variable url (Confidence: MEDIUM, Severity: MEDIUM)
+  > http.Get(url)
+```
+
 ## The right way
 
 ```
