Currently, rule G204 warns you about every single use of the
functions syscall.Exec, os.exec.CommandContext and os.Exec.Command.
This can create false positives and it's not accurate because you can
use those functions with perfectly secure arguments like hardcoded
strings for example.
With this change, G204 will warn you in 3 cases when passing arguments
to a function which starts a new process the arguments:
1) are variables initialized by calling another function
2) are functions
3) are command-line arguments or environmental variables
Closes: https://github.com/securego/gosec/issues/338
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
The big#Int.Exp used to be vulnerable in older versions of Go, but in the
meantime has been fixed (https://github.com/golang/go/issues/15184).
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Tidy up the go modules to remove unused modules
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Update go modules to latest compatible version
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* fix(formatters) null value causes npe in sonarqube
the json encoding of uninitialized arrays is null. this causes a npe in
sonarqube tool. we should return an empty array rather than a null value
here.
relates to: #333
This takes into account the filtered number of issues instead of
the total number. This number is more relevant to developers, as
the intention was to not take certain issues into account anyway.
Currently, if you download the gosec binary using the commands
suggested in the README and you decide to check the checksum
of the binary, you just downloaded then your checksum check will fail.
As a result, the user can think that your binary is corrupted.
The reason for that failure is that the checksums are for the
tar.gz files provided in the release notes.
This should be documented to avoid future unclarities.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
* Fix formating in README
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Split the various test goals in the Makefile
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Remove the prerequisites from README since they are automatically installed
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Remove unnecessary install steps from Travis CI build
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Make sure golint is installed before running the lint command
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Make sure ginkgo command is installed before running the tests
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
