Commit graph

1087 commits

Author SHA1 Message Date
renovate[bot]
91c708a620
chore(deps): update all dependencies (#1182)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-19 08:58:30 +02:00
Cosmin Cojocar
92bac42afc
Read the AI API key also from an environment variable (#1181)
* Read the AI API key also from an environment variable

Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* Fix lint warning

Change-Id: Icd3eb8a029764db76596c3e171275c03a23f8cef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-18 17:59:45 +02:00
Tran The Lam
56f943b802
Add support to generate auto fixes using LLM (AI) (#1177)
This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers.

---------

Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-12 12:52:41 +02:00
renovate[bot]
f33fd4bf29 chore(deps): update all dependencies 2024-08-12 10:21:07 +02:00
renovate[bot]
55a47f3774 chore(deps): update all dependencies 2024-08-05 17:38:32 +02:00
renovate[bot]
a5d9ef67e2 chore(deps): update all dependencies 2024-07-29 10:58:28 +02:00
renovate[bot]
68424445af chore(deps): update dependency babel-standalone to v7.24.10 2024-07-23 11:43:16 +02:00
Alex Gartner
08b94f9392 Resolve underlying type to detect overflows in type aliases 2024-07-20 10:06:43 +02:00
renovate[bot]
4487a0c5a2 chore(deps): update dependency babel-standalone to v7.24.8 2024-07-15 09:13:59 +02:00
Alex Gartner
007626773c Fix multifile ignores 2024-07-15 09:00:36 +02:00
Alex Gartner
2f1b81b889 Add -enable-audit cli flag 2024-07-13 11:25:25 +02:00
Cosmin Cojocar
87fcb9b95b Update to go 1.22.5 and 1.21.12
Change-Id: I3334016ed2714ce4aed959d7f19a33e220c000e4
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-07-08 16:00:12 +02:00
renovate[bot]
466992feca chore(deps): update all dependencies 2024-07-08 15:49:41 +02:00
Dimitar Banchev
9a4a741e6b Added more rules
* Rule G406 responsible for the usage of deprecated MD4 and RIPEMD160 added.
* Rules G506, G507 responsible for tracking the usage of the already mentioned libraries added.
* Slight changes in the Makefile(`make clean` wasn't removing all expected files)
* Added license to `analyzer_test.go`
2024-06-25 13:18:27 +02:00
Dimitar Banchev
6382394ce8 Fixed coverage workflow
* Renamed file(removed space)
* Changed the expected issues ( 1 -> 2)
2024-06-24 15:25:54 +02:00
Dimitar Banchev
5666ea35ba Fixed CI workflow
The CI workflow wasn't able to complete succesfully.

* Formatted the call_list_test.go file
2024-06-24 15:25:54 +02:00
Dimitar Banchev
fc0957f6a3 Minor changes
* Renamed the file responsible for rule G401
* Removed copyright of HP from the new rule
2024-06-24 15:25:54 +02:00
Dimitar Banchev
58e4fccc13 Split the G401 rule into two separate ones
Now the G401 rule is split into hashing and encryption algorithms.

G401 is responsible for checking the usage of MD5 and SHA1, with corresponding CWE of 328.
And G405(New rule) is responsible for checking the usege of DES and RC4, with corresponding CWE of 327.
2024-06-24 15:25:54 +02:00
Dimitar Banchev
2e71f37efd Updated G401 corresponding CWE
The corresponding CWE from G401 rule was changed from CWE-326 -> CWE-328.
In my opinion, this CWE suits better the rule.
2024-06-24 15:25:54 +02:00
renovate[bot]
3edc633c24 chore(deps): update docker/build-push-action action to v6 2024-06-24 15:24:22 +02:00
Cosmin Cojocar
2ae137abcf Update to go versions to 1.21.11 and 1.22.4
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-06-11 21:47:56 +02:00
renovate[bot]
30a8a9c8c3 chore(deps): update all dependencies 2024-06-11 21:31:12 +02:00
Cosmin Cojocar
ac75d44f56 Fix nosec when applied to a block
Handle properly nosec directive when applied to a block or as a single
line on a multi-line issue.

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-28 12:54:05 +02:00
Cosmin Cojocar
ed3f51e663 Add more types to templates rule
Add additional types such as CSS, JSStr and Srcset to the template rule.
These types are marked as a security risk in the godoc
https://pkg.go.dev/html/template.

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-28 10:39:33 +02:00
Cosmin Cojocar
c3209fcaac Map the G115 rule to an CWE ID
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 15:12:55 +02:00
renovate[bot]
45fbb27d87 chore(deps): update all dependencies 2024-05-27 13:03:14 +02:00
Cosmin Cojocar
43bef719b4 Update README with G115 rule description
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
555fe448dd Remove deprecated megacheck linter from golangci
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
81b076f53d Format imports
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
f775eb19c5 Update .gitignore
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
4bf5667f66 Add a new rule to detect integer overflow on integer types conversion
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Fernandez Ludovic
5f0084eb01 feat: add env var to override the Go version detection 2024-05-25 11:00:44 +02:00
Cosmin Cojocar
75dd9d61ff Use the proper logic when disabling the go module version
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:31:43 +02:00
Cosmin Cojocar
1e1fc91d15 Update the README with some details related to Go version used by the rules
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:24:44 +02:00
Cosmin Cojocar
9a036658b7 Add an environment varialbe which disables the parsing of Go version from module file
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:24:44 +02:00
renovate[bot]
b633c4c0ec chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 2024-05-20 10:36:33 +02:00
Cosmin Cojocar
40f29c8d4a Update docker image in action to v2.20.0
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:57:16 +02:00
Cosmin Cojocar
6fbd381238 Catch os.ModePerm permissions in os.WriteFile
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:33:23 +02:00
Cosmin Cojocar
dc5e5a99d0 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:33:23 +02:00
Cosmin Cojocar
417a44c73b Add filepath.EvalSymlinks to clean functions in rule G304
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-13 17:19:29 +02:00
renovate[bot]
d34f8b77d5 chore(deps): update all dependencies 2024-05-13 14:19:10 +02:00
Cosmin Cojocar
8658b8eab6 Update Go to version 2.22.3 in CI and release
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-12 11:40:57 +02:00
renovate[bot]
d3b2359ae2 chore(deps): update module golang.org/x/text to v0.15.0 2024-05-06 12:35:14 +02:00
renovate[bot]
cf29d543e2 chore(deps): update all dependencies 2024-05-02 10:27:10 +02:00
renovate[bot]
09d62bd630 chore(deps): update module github.com/onsi/gomega to v1.33.0 2024-04-22 09:11:31 +02:00
Cosmin Cojocar
3b23ec8f09 Update to go 1.22.2
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-04-08 11:51:51 +02:00
renovate[bot]
31009c3db8 chore(deps): update all dependencies 2024-04-08 11:41:11 +02:00
renovate[bot]
daf6f670f7 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 2024-04-02 09:51:47 +02:00
renovate[bot]
e27f442499 chore(deps): update all dependencies 2024-03-25 11:02:28 +01:00
Martin Desrumaux
551361539e fix(helpers/goversion): get from go.mod 2024-03-20 11:43:30 +01:00