actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 12:05:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
588 commits 2 branches 41 tags 20 MiB
Commit graph

588 commits

This branch
This branch
All branches
Author SHA1 Message Date
mrtc0
0d4f1cb2cb
Support SARIF output (#539) 
* SARIF support

* add sarif option to help text
 2020-11-02 09:13:53 +01:00
renovate[bot]
a4746e18e3
Update all dependencies (#533) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-10-07 20:32:18 +02:00
Miki Tebeka
6bd6e4ba2c Use $(go env GOPATH) that works even when GOPATH is not set 2020-10-01 04:17:43 +10:00
Lucas Charles
aef335a98e Fix typo in README.md 
s/trucate/truncate for G101 configuration
 2020-10-01 04:17:00 +10:00
xpivarc
0ce48a584f
Reproducible junit report (#529) 
* Fix junit format ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Make ordering stable

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Test ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>
 2020-09-29 19:17:38 +02:00
Cosmin Cojocar
868556b846 Update README with the correct path to tlsconfig command 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-03 10:54:08 +02:00
Cosmin Cojocar
13519fda59 Update the tls configuration generate to handle also the NSS alternative names 
Regenerate the configuration of TLS rule.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-03 10:54:08 +02:00
Renovate Bot
e351067255 Update all dependencies 2020-09-01 08:58:31 +02:00
Cosmin Cojocar
166e4f5f45 Update README file with some more details required to run successfully a scan with the docker image 
The current working directory needs to be specified in the docker run option in order for gosec
to download the dependencies defined in the go module file.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-01 08:57:52 +02:00
Cosmin Cojocar
f5cc32a320 Update the Go version to 1.15 in the Makefile 
This is only used when building locally the docker image.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-01 08:57:52 +02:00
Cosmin Cojocar
ea0fa28b7f Update the Github go action version to 1.6.0 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:23 +02:00
Cosmin Cojocar
feea8bb243 Fix the action tag 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:23 +02:00
Cosmin Cojocar
6688a97661 Fix the github action for Go 1.15 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:23 +02:00
Cosmin Cojocar
7234349e33 Add Go 1.15 to the supported version and phase out the Go 1.12 
Also updated the release automation to release gosec with use Go 1.15

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:23 +02:00
Cosmin Cojocar
a3895d5c55 Fix typo in README file 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:02 +02:00
Jamie Cuthill
17c955519e Incorrect local installation instructions for v2 2020-08-21 11:23:36 +02:00
Cosmin Cojocar
f13b8bc639 Add also filepath.Rel as a sanitization method for input argument in the G304 rule 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-19 09:40:07 +02:00
Cosmin Cojocar
047729a84f Fix the rule G304 to handle the case when the input is cleaned as a variable assignment 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-19 09:40:07 +02:00
ggkitsas
b60ddc21ba feat: adds support for path.Join and for tar archives in G305 2020-08-03 09:17:45 +02:00
Renovate Bot
673a139e55 Update all dependencies 2020-08-03 09:07:46 +02:00
Cosmin Cojocar
110b62b05f Add io.CopyBuffer function to rule G110 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-29 14:25:45 +02:00
Cosmin Cojocar
6bcd89aa6b Mark all lines of a multi-line finding 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
4d4e5949c6 Add some comments 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
d1467ac998 Extend the code snippet included in the issue and refactored how the code snippet is printed 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
37d1af0af3 Expand the arguments to a list of strings when they are provided as a single string 
The GitHub action provide the arguments as a single string to the docker container,
so we need to expand them in order for gosec to properly interpret them.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-06 19:38:49 +02:00
Renovate Bot
59cbe0071f Update all dependencies 2020-07-01 09:13:45 +02:00
Cosmin Cojocar
ade81d3873 Rename file for consistency 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-29 13:52:47 +02:00
evalphobia
03f12f3f5d Change naming rule from blacklist to blocklist 2020-06-29 13:45:44 +02:00
Cosmin Cojocar
3784ffea4e Fix panic when reading the version from debug info in Go 1.13 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-25 15:27:53 +02:00
Cosmin Cojocar
55d368f2e5 Improve the TLS version checking 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-25 09:21:14 +02:00
Cosmin Cojocar
ad1cb7e47e Make sure some version information is set when no version was injected into the binary 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-25 09:20:55 +02:00
Cosmin Cojocar
1d2c951f2c Extend the rule G304 with os.OpenFile and add a test to cover it 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-17 13:14:08 +02:00
Cosmin Cojocar
0c1a71b8a1 Add more tests samples to increase coverage 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-15 15:12:02 +02:00
Cosmin Cojocar
fe07fcf276 Fix unit test when checking a mix of good and bad random functions 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-15 15:12:02 +02:00
Cosmin Cojocar
6bbf8f9cbc Extend the insecure random rule with more insecure random functions 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-06-15 15:12:02 +02:00
Hiroaki Sano
af699f6a62
Exclude .git directory from scan (#485) 2020-06-09 15:16:27 +02:00
renovate[bot]
6202b38a44
Update all dependencies (#484) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-06-02 09:31:29 +02:00
Cosmin Cojocar
6a130d55b3
Update the link pointing to issues to CWE mapping to use the master version (#483) 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-28 14:40:15 +02:00
Lukas Aron
826db1cfec
Fix the build tags propagation 
The build tags are now propagated into the build context when analysing a package.
 2020-05-27 12:42:19 +02:00
Cosmin Cojocar
7da9248ce6 Change the issue test to verify that a multi-line finding contains a line range 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-27 10:16:56 +02:00
Cosmin Cojocar
7aedcc56ab Remove print line from tests 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-27 10:16:56 +02:00
Cosmin Cojocar
30e93bf865 Improve the SQL strings concat rules to handle multiple string concatenation 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-27 10:16:56 +02:00
Cosmin Cojocar
68bce94323 Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context 
In addition makes pattern matching used by the rules cases insensitive.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-27 10:16:56 +02:00
Cosmin Cojocar
32be4a5cc6 Make sure all rules are mapped to CWE numbers 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-26 08:59:14 +02:00
Grant Murphy
8630c43b66 Add null pointer check in G601 
fixes: #475
 2020-05-21 05:51:45 +02:00
Lukas Aron
1418b856ea ondisk -> onDisk 2020-05-19 11:34:34 +02:00
Lukas Aron
b2cfc5d638 USERS.md type in the title fixed. 2020-05-19 11:34:34 +02:00
Cosmin Cojocar
425b8f9531 Display a sponsor button in the repository 
Enable the funding button in the project following https://help.github.com/en/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository
 2020-05-14 09:33:18 +02:00
Cosmin Cojocar
0714a1e62a Update the users file with some more projects and companies 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-12 08:51:13 +02:00
Cosmin Cojocar
1b915ddad7 Set up a gosec's users list 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-12 08:51:13 +02:00