test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)

Author: Eshani Parulekar

testutils/g304_samples.go

@@ -301,5 +301,47 @@ func main() {
 package main
 
 var THEWD string
+`}, 0, gosec.NewConfig()},
+	{[]string{`
+package main
+
+import (
+	"os"
+	"path/filepath"
+)
+
+func open(fn string, perm os.FileMode) {
+	fh, err := os.OpenFile(filepath.Clean(fn), os.O_RDONLY, perm)
+	if err != nil {
+		panic(err)
+	}
+	defer fh.Close()
+}
+
+func main() {
+	fn := "filename"
+	open(fn, 0o600)
+}
+`}, 0, gosec.NewConfig()},
+	{[]string{`
+package main
+
+import (
+	"os"
+	"path/filepath"
+)
+
+func open(fn string, flag int) {
+	fh, err := os.OpenFile(filepath.Clean(fn), flag, 0o600)
+	if err != nil {
+		panic(err)
+	}
+	defer fh.Close()
+}
+
+func main() {
+	fn := "filename"
+	open(fn, os.O_RDONLY)
+}
 `}, 0, gosec.NewConfig()},
 }