Cosmin Cojocar
0396179112
Update go version to 1.23.1 and 1.22.7 ( #1216 )
...
Change-Id: I2c5ad3b96a96470ce663de84d767590b842990ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-09 15:29:43 +02:00
renovate[bot]
5e53c8b9f7
chore(deps): update all dependencies ( #1215 )
...
* chore(deps): update all dependencies
* Update go.mod
* Update go.mod
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-09-09 15:20:27 +02:00
Cosmin Cojocar
014751c91c
Update gosec version to v2.21.1 in github action ( #1213 )
...
Change-Id: I0dda98f91eabc1881c55cb886425acf62a000002
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 17:22:49 +02:00
Cosmin Cojocar
0ce4453ddd
Rollback the SARIF version to 2.1 since github doesn't support 2.2 ( #1210 )
...
Change-Id: If3500ec2c522339ca0a4e6c1f58574ce3cc870a9
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:56:15 +02:00
Cosmin Cojocar
ea26e8431f
Update gosec in github action to v2.21.0 ( #1208 )
...
Change-Id: Ia6a5cc01472103d435cd5931aaef98a71a0a89f2
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:49:35 +02:00
Cosmin Cojocar
b278b40c52
Update cosign version to v2.4.0 in release github workflow ( #1207 )
...
Change-Id: I78b4ad65597f6c10d9cc3113864fd73a25101b25
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:22:00 +02:00
czechbol
eaedce9a8b
Improvement the int conversion overflow logic to handle bound checks ( #1194 )
...
* add test cases
Signed-off-by: czechbol <adamludes@gmail.com>
* fix bounds check logic
Signed-off-by: czechbol <adamludes@gmail.com>
* tweak test cases
Signed-off-by: czechbol <adamludes@gmail.com>
* fix codestyle
Signed-off-by: czechbol <adamludes@gmail.com>
* improve bounds check logic
Signed-off-by: czechbol <adamludes@gmail.com>
* max recursion depth
Signed-off-by: czechbol <adamludes@gmail.com>
* add test case for len function
Signed-off-by: czechbol <adamludes@gmail.com>
* relax len function bounds checks
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
* handle cases when convert instruction is after the if blocks
Signed-off-by: czechbol <adamludes@gmail.com>
* improve range check discovery, add tests
Signed-off-by: czechbol <adamludes@gmail.com>
* refactor for readability
Signed-off-by: czechbol <adamludes@gmail.com>
* add cap function test
Signed-off-by: czechbol <adamludes@gmail.com>
* calculate signed min without throwing overflow warnings
Signed-off-by: czechbol <adamludes@gmail.com>
* perform bounds checks int size calculations
Signed-off-by: czechbol <adamludes@gmail.com>
* basic equal operator logic
Signed-off-by: czechbol <adamludes@gmail.com>
* uintptr -> unsafe.Pointer test case
Signed-off-by: czechbol <adamludes@gmail.com>
* fix review comments
Signed-off-by: czechbol <adamludes@gmail.com>
* Rebase and fix go module
Change-Id: I8da6495eaaf25b1739389aa98492bd7df338085b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
* fix false positive for negated value
Signed-off-by: czechbol <adamludes@gmail.com>
* fix range conditions
Signed-off-by: czechbol <adamludes@gmail.com>
* Ignore the golangci/gosec G115 warning
Change-Id: I0db56cb0a5f9ab6e815e2480ec0b66d7061b23d3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: czechbol <adamludes@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:09:54 +02:00
William Bergeron-Drouin
ea5b2766bb
fix: G602 support for nested conditionals with bounds check ( #1201 )
...
* Recursive fix
* Add some more test cases
* Fix formatting
* Add depth check
2024-09-04 11:07:42 +02:00
Cosmin Cojocar
11d69032b0
Update go.mod to sue go 1.22.0 toolchain
2024-09-02 09:46:29 +02:00
renovate[bot]
655527dfb4
chore(deps): update all dependencies
2024-09-02 09:46:29 +02:00
Cosmin Cojocar
0898560169
Make variable name more clear
...
Change-Id: I5b863c0da6cc3d01efa527c60c93fdcbc8c5a53c
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
ac67231ec5
Make variable names more explicity and reduce duplications
...
Change-Id: Ifa141b70351136cfe7d0756a83e8166a24b5d538
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
e0414c4640
Fix formatting
...
Change-Id: I49caeb75f1bd7ecdb9b4f99466d96ad81e2e95ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
c7003fc7e5
Refactor to reduce some fuctions and variable names
...
Change-Id: I7f42c1de4e39dceb8e8144037d5af9223331ff06
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
2401936458
Pass the value argument directly since is an interface
...
The value doens't require to be passed as a pointer since is a
interface.
Change-Id: Ia21bceb5f315f4c30bd28425d62f678e9203e93f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Dimitar Banchev
f5d312825f
Added suggested changes
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a14ca4ac59
Added another test case in order to increase code coverage
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a6dd589bae
Removed function parameter which is always the same
2024-08-30 19:35:07 +02:00
Dimitar Banchev
b4c746962f
Formatting problems(CI was not passing)
2024-08-30 19:35:07 +02:00
Dimitar Banchev
7f8f654235
Updated analyzer to use new way of initialization
...
* Removed old way of initializing analyzers
* Added the new analyzer to the rest of the default analyzers
* Fixed small bug in the rule
* Removed the test for the new analyzer from the file responsible for testing the rules
* Merged the diffrent examples into 1 variable
* Added tests for the analyzer
* Removed code that was used for testing rules, but it was used to test the analyzer
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a26215cf23
Migrated the rule to the analyzers folder
2024-08-30 19:35:07 +02:00
Dimitar Banchev
3f6e1e7326
Refractored code a little bit
2024-08-30 19:35:07 +02:00
Dimitar Banchev
0eb8143c23
Added new rule G407(hardcoded IV/nonce)
...
The rule is supposed to detect for the usage of hardcoded or static nonce/Iv in many encryption algorithms:
* The different modes of AES (mainly tested here)
* It should be able to work with ascon
Currently the rules doesn't check when constant variables are used.
TODO: Improve the rule, to detected for constatant variable usage
2024-08-30 19:35:07 +02:00
Ben Krieger
4ae73c8ba3
Fix conversion overflow false positive when using ParseUint
2024-08-28 08:58:42 +02:00
Cosmin Cojocar
c52dc0ea4e
Add a build step to measure the scan perfomance
...
This step will measure the scan performance difference against the
master version.
Change-Id: I1b9196ef3348350cf818471f55d9024d14064ac6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-26 19:08:32 +02:00
czechbol
bcec04e784
Fix conversion overflow false positives when they are checked or pre-determined
...
Signed-off-by: czechbol <adamludes@gmail.com>
2024-08-26 16:57:12 +02:00
Cosmin Cojocar
71e397b994
Update go.mod
2024-08-26 16:47:36 +02:00
renovate[bot]
aec45b0b7d
chore(deps): update all dependencies
2024-08-26 16:47:36 +02:00
Cosmin Cojocar
ab3f6c1c83
Fix false positive in conversion overflow check from uint8/int8 type
...
Change-Id: I543545e22fa12de0d85dcf92664a0a54e8f7244a
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-22 09:47:52 +02:00
Cosmin Cojocar
a39ec5a16b
Disable staticcheck SA1019 rule
...
Change-Id: Ia9db0083f5ffb34d911b5ca491ef0ce23be979f8
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Cosmin Cojocar
a1b2ab80af
Update the golangci linters
...
Change-Id: I8938d57e9751913f65b4825a44c252b31888f9e8
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Cosmin Cojocar
8467f012e0
Add more test to cover more use cases for G115 rule
...
Change-Id: Icb60fe14ae12439c1ee0e507a407a23ce4c64c85
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Rahul Gadi
81cda2f91f
Allow excluding analyzers globally ( #1180 )
...
* This change does not exclude analyzers for inline comment
* Changed the expected issues count for G103, G109 samples for test. Previously G115 has been included in the issue count
* Show analyzers IDs(G115, G602) in gosec usage help
* See #1175
2024-08-20 10:43:40 +02:00
Cosmin Cojocar
18135b439c
Update to Go 1.23.0 ( #1183 )
...
Change-Id: I11a6402e85ac543305e8bad4ea35239779424dd6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-19 09:17:50 +02:00
renovate[bot]
91c708a620
chore(deps): update all dependencies ( #1182 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-19 08:58:30 +02:00
Cosmin Cojocar
92bac42afc
Read the AI API key also from an environment variable ( #1181 )
...
* Read the AI API key also from an environment variable
Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
* Fix lint warning
Change-Id: Icd3eb8a029764db76596c3e171275c03a23f8cef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-18 17:59:45 +02:00
Tran The Lam
56f943b802
Add support to generate auto fixes using LLM (AI) ( #1177 )
...
This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers.
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-12 12:52:41 +02:00
renovate[bot]
f33fd4bf29
chore(deps): update all dependencies
2024-08-12 10:21:07 +02:00
renovate[bot]
55a47f3774
chore(deps): update all dependencies
2024-08-05 17:38:32 +02:00
renovate[bot]
a5d9ef67e2
chore(deps): update all dependencies
2024-07-29 10:58:28 +02:00
renovate[bot]
68424445af
chore(deps): update dependency babel-standalone to v7.24.10
2024-07-23 11:43:16 +02:00
Alex Gartner
08b94f9392
Resolve underlying type to detect overflows in type aliases
2024-07-20 10:06:43 +02:00
renovate[bot]
4487a0c5a2
chore(deps): update dependency babel-standalone to v7.24.8
2024-07-15 09:13:59 +02:00
Alex Gartner
007626773c
Fix multifile ignores
2024-07-15 09:00:36 +02:00
Alex Gartner
2f1b81b889
Add -enable-audit cli flag
2024-07-13 11:25:25 +02:00
Cosmin Cojocar
87fcb9b95b
Update to go 1.22.5 and 1.21.12
...
Change-Id: I3334016ed2714ce4aed959d7f19a33e220c000e4
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-07-08 16:00:12 +02:00
renovate[bot]
466992feca
chore(deps): update all dependencies
2024-07-08 15:49:41 +02:00
Dimitar Banchev
9a4a741e6b
Added more rules
...
* Rule G406 responsible for the usage of deprecated MD4 and RIPEMD160 added.
* Rules G506, G507 responsible for tracking the usage of the already mentioned libraries added.
* Slight changes in the Makefile(`make clean` wasn't removing all expected files)
* Added license to `analyzer_test.go`
2024-06-25 13:18:27 +02:00
Dimitar Banchev
6382394ce8
Fixed coverage workflow
...
* Renamed file(removed space)
* Changed the expected issues ( 1 -> 2)
2024-06-24 15:25:54 +02:00
Dimitar Banchev
5666ea35ba
Fixed CI workflow
...
The CI workflow wasn't able to complete succesfully.
* Formatted the call_list_test.go file
2024-06-24 15:25:54 +02:00