nyx/tests/fixtures/patterns/go/positive.go

package main

import (
	"crypto/md5"
	"crypto/sha1"
	"database/sql"
	"encoding/gob"
	"os"
	"os/exec"
	"unsafe"
)

// go.cmdi.exec_command
func triggerExecCommand(cmd string) {
	exec.Command("bash", "-c", cmd)
}

// go.memory.unsafe_pointer
func triggerUnsafePointer() {
	x := 42
	p := unsafe.Pointer(&x)
	_ = p
}

// go.transport.insecure_skip_verify
func triggerInsecureSkipVerify() {
	_ = struct{ InsecureSkipVerify bool }{InsecureSkipVerify: true}
}

// go.crypto.md5
func triggerMD5(data []byte) {
	md5.Sum(data)
}

// go.crypto.sha1
func triggerSHA1(data []byte) {
	sha1.Sum(data)
}

// go.sqli.query_concat
func triggerSQLConcat(db *sql.DB, user string) {
	db.Query("SELECT * FROM users WHERE name = '" + user + "'")
}

// go.secrets.hardcoded_key
func triggerHardcodedSecret() {
	password := "super_secret_password_12345"
	_ = password
}

// go.deser.gob_decode
func triggerGobDecode(f *os.File) {
	dec := gob.NewDecoder(f)
	_ = dec
}
Phase 1 (#33) * chore: Exclude CLAUDE.md from Cargo.toml * feat: add callgraph module and integrate into main analysis flow * feat: enhance CLI with new severity filtering and analysis modes * feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling * feat: implement state-model dataflow analysis for resource lifecycle and auth state * feat: enhance diagnostic output formatting and add evidence structure * feat: implement attack surface ranking for diagnostics with scoring and sorting * feat: add comprehensive documentation for installation, usage, and rules reference * feat: add multiple language support for command execution and evaluation endpoints * feat: implement inline suppression for findings using `nyx:ignore` comments * feat: add confidence levels to AST patterns and update output structure * feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets * feat: bump version to 0.4.0 and update changelog with new features and improvements * feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs 2026-02-25 21:16:36 -05:00			`package main`

			`import (`
			`"crypto/md5"`
			`"crypto/sha1"`
			`"database/sql"`
			`"encoding/gob"`
			`"os"`
			`"os/exec"`
			`"unsafe"`
			`)`

			`// go.cmdi.exec_command`
			`func triggerExecCommand(cmd string) {`
			`exec.Command("bash", "-c", cmd)`
			`}`

			`// go.memory.unsafe_pointer`
			`func triggerUnsafePointer() {`
			`x := 42`
			`p := unsafe.Pointer(&x)`
			`_ = p`
			`}`

			`// go.transport.insecure_skip_verify`
			`func triggerInsecureSkipVerify() {`
			`_ = struct{ InsecureSkipVerify bool }{InsecureSkipVerify: true}`
			`}`

			`// go.crypto.md5`
			`func triggerMD5(data []byte) {`
			`md5.Sum(data)`
			`}`

			`// go.crypto.sha1`
			`func triggerSHA1(data []byte) {`
			`sha1.Sum(data)`
			`}`

			`// go.sqli.query_concat`
			`func triggerSQLConcat(db *sql.DB, user string) {`
			`db.Query("SELECT * FROM users WHERE name = '" + user + "'")`
			`}`

			`// go.secrets.hardcoded_key`
			`func triggerHardcodedSecret() {`
			`password := "super_secret_password_12345"`
			`_ = password`
			`}`

			`// go.deser.gob_decode`
			`func triggerGobDecode(f *os.File) {`
			`dec := gob.NewDecoder(f)`
			`_ = dec`
			`}`