actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 11:35:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1090 commits 2 branches 41 tags 20 MiB
Commit graph

30 commits

Author SHA1 Message Date
Laurent Demailly
1d23143bee
Prevent panic: unexpected constant value: <nil> (#1232)
Some checks failed
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
Details
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
Details
Security Scan / build (push) Has been cancelled
Details
CI / coverage (push) Has been cancelled
Details
2024-09-20 10:58:58 +02:00
Laurent Demailly
6741874d9b
Fix running single analyzer which isn't a rule bug (#1231) 
* Fix running single analyzer which isn't a rule bug

* remove uncessary diff (even if it's proper fmt)
 2024-09-20 10:56:50 +02:00
czechbol
1f3bdd9349
G115 Struct Attribute Checks (#1221) 
* allow struct attributes checks

* fix explicit check results
 2024-09-16 10:30:54 +02:00
czechbol
eaedce9a8b
Improvement the int conversion overflow logic to handle bound checks (#1194) 
* add test cases

Signed-off-by: czechbol <adamludes@gmail.com>

* fix bounds check logic

Signed-off-by: czechbol <adamludes@gmail.com>

* tweak test cases

Signed-off-by: czechbol <adamludes@gmail.com>

* fix codestyle

Signed-off-by: czechbol <adamludes@gmail.com>

* improve bounds check logic

Signed-off-by: czechbol <adamludes@gmail.com>

* max recursion depth

Signed-off-by: czechbol <adamludes@gmail.com>

* add test case for len function

Signed-off-by: czechbol <adamludes@gmail.com>

* relax len function bounds checks

Co-authored-by: Ben Krieger <ben.krieger@intel.com>

* handle cases when convert instruction is after the if blocks

Signed-off-by: czechbol <adamludes@gmail.com>

* improve range check discovery, add tests

Signed-off-by: czechbol <adamludes@gmail.com>

* refactor for readability

Signed-off-by: czechbol <adamludes@gmail.com>

* add cap function test

Signed-off-by: czechbol <adamludes@gmail.com>

* calculate signed min without throwing overflow warnings

Signed-off-by: czechbol <adamludes@gmail.com>

* perform bounds checks int size calculations

Signed-off-by: czechbol <adamludes@gmail.com>

* basic equal operator logic

Signed-off-by: czechbol <adamludes@gmail.com>

* uintptr -> unsafe.Pointer test case

Signed-off-by: czechbol <adamludes@gmail.com>

* fix review comments

Signed-off-by: czechbol <adamludes@gmail.com>

* Rebase and fix go module

Change-Id: I8da6495eaaf25b1739389aa98492bd7df338085b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* fix false positive for negated value

Signed-off-by: czechbol <adamludes@gmail.com>

* fix range conditions

Signed-off-by: czechbol <adamludes@gmail.com>

* Ignore the golangci/gosec G115 warning

Change-Id: I0db56cb0a5f9ab6e815e2480ec0b66d7061b23d3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: czechbol <adamludes@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
 2024-09-04 16:09:54 +02:00
William Bergeron-Drouin
ea5b2766bb
fix: G602 support for nested conditionals with bounds check (#1201) 
* Recursive fix

* Add some more test cases

* Fix formatting

* Add depth check
 2024-09-04 11:07:42 +02:00
Cosmin Cojocar
0898560169 Make variable name more clear 
Change-Id: I5b863c0da6cc3d01efa527c60c93fdcbc8c5a53c
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-30 19:35:07 +02:00
Cosmin Cojocar
ac67231ec5 Make variable names more explicity and reduce duplications 
Change-Id: Ifa141b70351136cfe7d0756a83e8166a24b5d538
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-30 19:35:07 +02:00
Cosmin Cojocar
e0414c4640 Fix formatting 
Change-Id: I49caeb75f1bd7ecdb9b4f99466d96ad81e2e95ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-30 19:35:07 +02:00
Cosmin Cojocar
c7003fc7e5 Refactor to reduce some fuctions and variable names 
Change-Id: I7f42c1de4e39dceb8e8144037d5af9223331ff06
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-30 19:35:07 +02:00
Cosmin Cojocar
2401936458 Pass the value argument directly since is an interface 
The value doens't require to be passed as a pointer since is a
interface.

Change-Id: Ia21bceb5f315f4c30bd28425d62f678e9203e93f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-30 19:35:07 +02:00
Dimitar Banchev
f5d312825f Added suggested changes 2024-08-30 19:35:07 +02:00
Dimitar Banchev
a6dd589bae Removed function parameter which is always the same 2024-08-30 19:35:07 +02:00
Dimitar Banchev
b4c746962f Formatting problems(CI was not passing) 2024-08-30 19:35:07 +02:00
Dimitar Banchev
7f8f654235 Updated analyzer to use new way of initialization 
* Removed old way of initializing analyzers
* Added the new analyzer to the rest of the default analyzers
* Fixed small bug in the rule
* Removed the test for the new analyzer from the file responsible for testing the rules
* Merged the diffrent examples into 1 variable
* Added tests for the analyzer
* Removed code that was used for testing rules, but it was used to test the analyzer
 2024-08-30 19:35:07 +02:00
Dimitar Banchev
a26215cf23 Migrated the rule to the analyzers folder 2024-08-30 19:35:07 +02:00
Ben Krieger
4ae73c8ba3 Fix conversion overflow false positive when using ParseUint 2024-08-28 08:58:42 +02:00
czechbol
bcec04e784 Fix conversion overflow false positives when they are checked or pre-determined 
Signed-off-by: czechbol <adamludes@gmail.com>
 2024-08-26 16:57:12 +02:00
Cosmin Cojocar
ab3f6c1c83 Fix false positive in conversion overflow check from uint8/int8 type 
Change-Id: I543545e22fa12de0d85dcf92664a0a54e8f7244a
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2024-08-22 09:47:52 +02:00
Rahul Gadi
81cda2f91f
Allow excluding analyzers globally (#1180) 
* This change does not exclude analyzers for inline comment
* Changed the expected issues count for G103, G109 samples for test. Previously G115 has been included in the issue count
* Show analyzers IDs(G115, G602) in gosec usage help
* See #1175
 2024-08-20 10:43:40 +02:00
Alex Gartner
08b94f9392 Resolve underlying type to detect overflows in type aliases 2024-07-20 10:06:43 +02:00
Cosmin Cojocar
81b076f53d Format imports 
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
 2024-05-27 13:03:01 +02:00
Cosmin Cojocar
4bf5667f66 Add a new rule to detect integer overflow on integer types conversion 
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
 2024-05-27 13:03:01 +02:00
Cosmin Cojocar
f338a98bf3 Restrict the maximum depth when tracking the slice bounds 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-13 10:03:27 +02:00
Cosmin Cojocar
293d887525 Fix lint warnings 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-20 10:19:51 +02:00
Cosmin Cojocar
e02e2f6d5b Redesign and reimplement the slice out of bounds check using SSA code representation 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-20 10:19:51 +02:00
Oleksandr Redko
1f689968ec Fix typos in comments, vars and tests 2023-05-30 08:26:41 +02:00
Matthieu MOREL
d6aeaad931
correct gci linter (#946) 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-30 09:31:24 +02:00
Cosmin Cojocar
4340efaa9a Format file 2023-02-16 09:45:28 +01:00
Cosmin Cojocar
f850069114 Use the gosec issue in the go analysers 2023-02-16 09:45:28 +01:00
Cosmin Cojocar
31e63276f1 Add support for Go analysis framework and SSA code representation 2023-02-16 09:45:28 +01:00