Find G303 with filepath.Join'd temp dirs (#754)

Author: scop

rules/tempfiles.go

@@ -71,6 +71,7 @@ func NewBadTempFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	argCalls.Add("os", "TempDir")
 	nestedCalls := gosec.NewCallList()
 	nestedCalls.Add("path", "Join")
+	nestedCalls.Add("path/filepath", "Join")
 	return &badTempFile{
 		calls:       calls,
 		args:        regexp.MustCompile(`^(/(usr|var))?/tmp(/.*)?$`),

testutils/source.go

@@ -1759,6 +1759,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 )
 
 func main() {
@@ -1796,7 +1797,11 @@ func main() {
 	if err != nil {
 		fmt.Println("Error while writing!")
 	}
-}`}, 8, gosec.NewConfig()}}
+	err = os.WriteFile(filepath.Join(os.TempDir(), "demo2"), []byte("This is some data"), 0644)
+	if err != nil {
+		fmt.Println("Error while writing!")
+	}
+}`}, 9, gosec.NewConfig()}}
 
 	// SampleCodeG304 - potential file inclusion vulnerability
 	SampleCodeG304 = []CodeSample{{[]string{`