File tree 1 file changed +23
-0
lines changed 1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change @@ -20,6 +20,29 @@ import (
2020 "github.com/quasilyte/go-ruleguard/dsl/types"
2121)
2222
23+ // dbauthzAuthorizationContext is a lint rule that protects the usage of
24+ // system contexts. This is a dangerous pattern that can lead to
25+ // leaking database information as a system context can be essentially
26+ // "sudo".
27+ //
28+ // Anytime a function like "AsSystem" is used, it should be accompanied by a comment
29+ // explaining why it's ok and a nolint.
30+ func dbauthzAuthorizationContext (m dsl.Matcher ) {
31+ m .Import ("context" )
32+ m .Import ("github.com/coder/coder/coderd/database/dbauthz" )
33+
34+ m .Match (
35+ `dbauthz.$f($c)` ,
36+ ).
37+ Where (
38+ m ["c" ].Type .Implements ("context.Context" ) &&
39+ // Only report on functions that start with "As".
40+ m ["f" ].Text .Matches ("^As" ),
41+ ).
42+ // Instructions for fixing the lint error should be included on the dangerous function.
43+ Report ("Using '$f' is dangerous and should be accompanied by a comment explaining why it's ok and a nolint." )
44+ }
45+
2346// Use xerrors everywhere! It provides additional stacktrace info!
2447//
2548//nolint:unused,deadcode,varnamelen
You can’t perform that action at this time.
0 commit comments