G602: False positives for slices with bounds check on a higher hierarchy

[xWiiLLz]

Summary

Noticed that we're receiving errors for the G602 (slices out of bounds) rules when we have proper bound checks

Steps to reproduce the behavior

Code sample (inspired by the current unit tests):

package main

import "fmt"

func main() {
	s := make([]byte, 0)
	if len(s) > 0 {
		switch s[0] {
		case 0:
			fmt.Println("zero")
			return
		default:
			fmt.Println(s[0])
			return
		}
	}
}

package main

import "fmt"

func main() {
	s := make([]byte, 0)
	if len(s) > 0 {
		switch s[0] {
		case 0:
			b := true
			if b == true {
				// Should work for many-levels of nesting when the condition is not on the target slice
				fmt.Println(s[0])
			}
			return
		default:
			fmt.Println(s[0])
			return
		}
	}
}

package main

import "fmt"

func main() {
	s := make([]byte, 0)
	if len(s) > 0 {
		if len(s) > 1 {
			fmt.Println(s[1])
		}
		fmt.Println(s[0])
	}
}

gosec version

v2.20.1-0.20240826145712-bcec04e78483

Go version (output of 'go version')

go version go1.23.0 darwin/arm64

Operating system / Environment

Mac OS Sonoma 14.6.1 (M1/arm64)

Expected behavior

I'd expect these samples to not return any errors

Actual behavior

They all return errors since the bounds check does not look deeper into conditionals