https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source says:
> This line must appear before the first non-comment, non-blank text in the file.
Original test cases fail with the previous commit because test source does not comply with this spec.
So, probably we should update test case to comply with the spec.
(This is a breaking change, though)
As of Go1.21, we can use https://pkg.go.dev/go/ast#IsGenerated to check if a file is generated.
Probably we want to use this instead of own implementation.
Split the code in `source.go` to individual sample files, one per rule.
This will help contributors submit samples for new rules, or
improvements to existing rules. The cgo sample was all that was left
after refactoring, which resulted in its own sample file.
Sample code was also formatted to have some level of consistency.
Each sample go "file" attempts to keep the formatting of `gofmt`, and
each code sample is in its own section in the sample file.
Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
GitHub action upload-sarif v1 is deprecated and action fails if used. Updated README with v2 so workflow can be copy and use without modiciations
Fixes#1077
We should use `(*regexp.Regexp).MatchString` instead of
`(*regexp.Regexp).Match([]byte(...))` when matching string to avoid
unnecessary `[]byte` conversions and reduce allocations.
Example benchmark:
var defaultTagRegex = regexp.MustCompile("\n *#nosec")
func BenchmarkMatch(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := defaultTagRegex.Match([]byte("\n #nosec")); !match {
b.Fail()
}
}
}
func BenchmarkMatchString(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := defaultTagRegex.MatchString("\n #nosec"); !match {
b.Fail()
}
}
}
goos: linux
goarch: amd64
pkg: github.com/securego/gosec/v2
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkMatch-16 5367033 210.6 ns/op 8 B/op 1 allocs/op
BenchmarkMatchString-16 9321561 126.3 ns/op 0 B/op 0 allocs/op
PASS
ok github.com/securego/gosec/v2 3.606s
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
