search

petergtz / pegomock

Pegomock is a powerful, yet simple mocking framework for the Go programming language
Apache License 2.0
252 stars 28 forks source link

Explicitly validate the len of params to ensure we don't get index ou… #126

Closed AndrewRPorter closed 3 weeks ago

AndrewRPorter commented 1 month ago

Please make sure to open your PR against the develop branch.

v4 commits do not exist in develop branch, so PR is created against main.

Pull Request Changes

Closes

https://github.com/petergtz/pegomock/issues/125

petergtz commented 1 month ago

Ah, never mind my last comment, I was also able to remove the draft status.

petergtz commented 1 month ago

Okay, tests show this doesn't work for variadic arguments. I recommend to stick with changing from comparison > 0 to != 0, assuming it will satisfy CodeQL. This will not change the logic and therefore not break the tests.

AndrewRPorter commented 3 weeks ago

Sadly it doesn't look like changing the check to != 0 fixes the CodeQL warnings.

Instead, I just added a check for non variadic arguments.

This change generates verification methods like:

func (c *MockDisplay_ChanParams_OngoingVerification) GetAllCapturedArguments() (_param0 []<-chan string, _param1 []chan<- error) {
    _params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations)
    if len(_params) > 0 {
        if 0 < len(_params) {
            _param0 = make([]<-chan string, len(c.methodInvocations))
            for u, param := range _params[0] {
                _param0[u] = param.(<-chan string)
            }
        }
        if 1 < len(_params) {
            _param1 = make([]chan<- error, len(c.methodInvocations))
            for u, param := range _params[1] {
                _param1[u] = param.(chan<- error)
            }
        }
    }
    return
}
petergtz commented 3 weeks ago

Merged and cut a new release 4.1.0 with your changes. Thank you very much for your contribution @AndrewRPorter.