G704: false positive on constant source #1629
Description
This code currently triggers the taint analysis and reports G704, even though there is no concrete tainted source for the sink:
type HTTPDoer interface {
Do(req *http.Request) (*http.Response, error)
}
type NamedClient struct {
HTTPClient *http.Client
}
func (c *NamedClient) Do(req *http.Request) (*http.Response, error) {
req.Header.Set("User-Agent", "test-agent")
return c.HTTPClient.Do(req) // <-- 💥
}
func doImport(httpDoer HTTPDoer) error {
ctx := context.Background()
req, err := http.NewRequestWithContext(ctx, http.MethodPost, "/import", http.NoBody)
if err != nil {
return fmt.Errorf("creating import POST: %w", err)
}
resp, err := httpDoer.Do(req)
if err != nil {
return fmt.Errorf("performing import POST: %w", err)
}
defer resp.Body.Close()
return nil
}