1 package sa9005
2 3 import (
4 "fmt"
5 "go/types"
6 7 "honnef.co/go/tools/analysis/callcheck"
8 "honnef.co/go/tools/analysis/code"
9 "honnef.co/go/tools/analysis/facts/generated"
10 "honnef.co/go/tools/analysis/lint"
11 "honnef.co/go/tools/go/types/typeutil"
12 "honnef.co/go/tools/internal/passes/buildir"
13 "honnef.co/go/tools/knowledge"
14 15 "golang.org/x/tools/go/analysis"
16 )
17 18 var SCAnalyzer = lint.InitializeAnalyzer(&lint.Analyzer{
19 Analyzer: &analysis.Analyzer{
20 Name: "SA9005",
21 Requires: []*analysis.Analyzer{
22 buildir.Analyzer,
23 // Filtering generated code because it may include empty structs generated from data models.
24 generated.Analyzer,
25 },
26 Run: callcheck.Analyzer(rules),
27 },
28 Doc: &lint.RawDocumentation{
29 Title: `Trying to marshal a struct with no public fields nor custom marshaling`,
30 Text: `
31 The \'encoding/json\' and \'encoding/xml\' packages only operate on exported
32 fields in structs, not unexported ones. It is usually an error to try
33 to (un)marshal structs that only consist of unexported fields.
34 35 This check will not flag calls involving types that define custom
36 marshaling behavior, e.g. via \'MarshalJSON\' methods. It will also not
37 flag empty structs.`,
38 Since: "2019.2",
39 Severity: lint.SeverityWarning,
40 MergeIf: lint.MergeIfAll,
41 },
42 })
43 44 var Analyzer = SCAnalyzer.Analyzer
45 46 var rules = map[string]callcheck.Check{
47 // TODO(dh): should we really flag XML? Even an empty struct
48 // produces a non-zero amount of data, namely its type name.
49 // Let's see if we encounter any false positives.
50 //
51 // Also, should we flag gob?
52 "encoding/json.Marshal": check(knowledge.Arg("json.Marshal.v"), "MarshalJSON", "MarshalText"),
53 "encoding/xml.Marshal": check(knowledge.Arg("xml.Marshal.v"), "MarshalXML", "MarshalText"),
54 "(*encoding/json.Encoder).Encode": check(knowledge.Arg("(*encoding/json.Encoder).Encode.v"), "MarshalJSON", "MarshalText"),
55 "(*encoding/xml.Encoder).Encode": check(knowledge.Arg("(*encoding/xml.Encoder).Encode.v"), "MarshalXML", "MarshalText"),
56 57 "encoding/json.Unmarshal": check(knowledge.Arg("json.Unmarshal.v"), "UnmarshalJSON", "UnmarshalText"),
58 "encoding/xml.Unmarshal": check(knowledge.Arg("xml.Unmarshal.v"), "UnmarshalXML", "UnmarshalText"),
59 "(*encoding/json.Decoder).Decode": check(knowledge.Arg("(*encoding/json.Decoder).Decode.v"), "UnmarshalJSON", "UnmarshalText"),
60 "(*encoding/xml.Decoder).Decode": check(knowledge.Arg("(*encoding/xml.Decoder).Decode.v"), "UnmarshalXML", "UnmarshalText"),
61 }
62 63 func check(argN int, meths ...string) callcheck.Check {
64 return func(call *callcheck.Call) {
65 if code.IsGenerated(call.Pass, call.Instr.Pos()) {
66 return
67 }
68 arg := call.Args[argN]
69 T := arg.Value.Value.Type()
70 Ts, ok := typeutil.Dereference(T).Underlying().(*types.Struct)
71 if !ok {
72 return
73 }
74 if Ts.NumFields() == 0 {
75 return
76 }
77 fields := typeutil.FlattenFields(Ts)
78 for _, field := range fields {
79 if field.Var.Exported() {
80 return
81 }
82 }
83 // OPT(dh): we could use a method set cache here
84 ms := call.Instr.Parent().Prog.MethodSets.MethodSet(T)
85 // TODO(dh): we're not checking the signature, which can cause false negatives.
86 // This isn't a huge problem, however, since vet complains about incorrect signatures.
87 for _, meth := range meths {
88 if ms.Lookup(nil, meth) != nil {
89 return
90 }
91 }
92 arg.Invalid(fmt.Sprintf("struct type '%s' doesn't have any exported fields, nor custom marshaling", typeutil.Dereference(T)))
93 }
94 }
95