G303: catch with os.WriteFile, add os.Create test case (#718)

* Add G303 os.Create test case

* Catch G303 with os.WriteFile too

Author: scop

rules/tempfiles.go

@@ -44,7 +44,7 @@ func (t *badTempFile) Match(n ast.Node, c *gosec.Context) (gi *gosec.Issue, err
 func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	calls := gosec.NewCallList()
 	calls.Add("io/ioutil", "WriteFile")
-	calls.Add("os", "Create")
+	calls.AddAll("os", "Create", "WriteFile")
 	return &badTempFile{
 		calls: calls,
 		args:  regexp.MustCompile(`^/tmp/.*$|^/var/tmp/.*$`),

testutils/source.go

@@ -1757,14 +1757,25 @@ package samples
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 )
 
 func main() {
 	err := ioutil.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
 	if err != nil {
 		fmt.Println("Error while writing!")
 	}
-}`}, 1, gosec.NewConfig()}}
+	f, err := os.Create("/tmp/demo2")
+	if err != nil {
+		fmt.Println("Error while writing!")
+	} else if err = f.Close(); err != nil {
+		fmt.Println("Error while closing!")
+	}
+	err = os.WriteFile("/tmp/demo2", []byte("This is some data"), 0644)
+	if err != nil {
+		fmt.Println("Error while writing!")
+	}
+}`}, 3, gosec.NewConfig()}}
 
 	// SampleCodeG304 - potential file inclusion vulnerability
 	SampleCodeG304 = []CodeSample{{[]string{`