525 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Cosmin Cojocar	3b6c3f13f1	Update README with some instruction how to run gosec as a GitHub action ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-08 00:39:01 -07:00
Cosmin Cojocar	08202fee80	Add a GitHub action to run gosec ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-08 00:39:01 -07:00
Cosmin Cojocar	c6e10af40f	Handle properly the gosec module version v2 ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-06 09:06:23 -07:00
Renovate Bot	e946c8c399	Update all dependencies	2020-04-01 01:20:31 -07:00
Cosmin Cojocar	e030aa4f76	Remove the go 1.14 version from github action ... It seems to fail when starting the action. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 13:20:59 +02:00
Cosmin Cojocar	ee176ff8fc	Fix the job names in the Github workflow ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 13:16:53 +02:00
Cosmin Cojocar	cabccc75ef	Add to GitHub workflow some jobs for go1.13 and go1.12 ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 13:15:21 +02:00
Cosmin Cojocar	a111777041	Change the GitHub workflow to use only the latest Go version ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 13:06:29 +02:00
Cosmin Cojocar	722acb64cb	Change the GitHub workflow to run the builds only on ubuntu-latest platform ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 12:59:02 +02:00
Cosmin Cojocar	5284f34b6f	Change the GitHub workflow to use an action which install Go using a Go version from the matrix ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 12:52:42 +02:00
Cosmin Cojocar	8de5fb6eb2	Migrate the build to GitHub Actions ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-30 03:32:24 -07:00
Cosmin Cojocar	7da9f46445	Fix the call list info to handle selector expressions ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-16 09:44:57 +01:00
Cosmin Cojocar	cf2590442c	Fix the subproc rule to handle correctly the CommandContext check ... In this case, we need to skip the first argument because it is the context. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-13 13:25:35 +01:00
Cosmin Cojocar	f97f86103c	Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls ... Also add the corresponding tests for this. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-03-13 13:25:35 +01:00
Tomas Kral	c998389da2	re-generate install.sh with latest godownloader (#446)	2020-03-02 14:48:48 +01:00
Sam Caccavale	7525fe4bb7	Rule for defering methods which return errors (#441)	2020-03-01 21:45:37 +01:00
renovate[bot]	a2ac0bf32b	Update all dependencies (#445) ... Co-authored-by: WhiteSource Renovate <renovatebot@gmail.com>	2020-03-01 21:44:28 +01:00
Sam Caccavale	a305f10eb9	Fileperms (#442)	2020-02-28 12:48:18 +01:00
Lars Lehtonen	00363edac5	remove support for go 1.11 (#444)	2020-02-28 12:47:01 +01:00
Renovate Bot	d13bb6d242	Update all dependencies	2020-02-03 10:45:20 +01:00
Cosmin Cojocar	17df5b3702	Fix typos ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-01-29 09:41:46 +01:00
Cosmin Cojocar	3e069e7756	Fix the errors rule whitelist to work on types methods ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-01-29 09:41:46 +01:00
Hiroki Suezawa	459e2d3e91	Modify rule for integer overflow to have more acurate results (#434) ... Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-21 10:13:11 +01:00
Hiroki Suezawa	a4d7b3628b	Add G110(Potential DoS vulnerability via decompression bomb) ... Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-20 10:37:56 +01:00
Cosmin Cojocar	3d5c97b418	Add a test sample for Cgo files ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-01-16 09:06:23 +01:00
Cosmin Cojocar	81e8278164	Add the Cgo files to the analysed files and ingonre all non-Go files ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-01-16 09:06:23 +01:00
Cosmin Cojocar	a1969e208c	Handle all errors in the formatter tests (#431) ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-01-16 09:05:38 +01:00
Hiroki Suezawa	9cb83e10af	Add a rule which detects when there is potential integer overflow (#422) ... * Add G109(Potential Integer OverFlow Detection) Signed-off-by: Hiroki Suezawa <suezawa@gmail.com> * add CWE to G109(Potential Integer Overflow) Signed-off-by: Hiroki Suezawa <suezawa@gmail.com> * Modify G109 to use gosec.Context Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-06 09:55:52 +01:00
Rafael dos Santos	f43a957359	Check for both default and alternative nosec tags (#426) ... * Check both nosec tags * Adjust test to find vulnerabilities * Add a few alias in Makefile to get GOPATH	2020-01-06 09:47:28 +01:00
Hiroki Suezawa	79fbf3af8d	Add golint format to output format (#428) ... Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-03 10:56:21 +01:00
renovate[bot]	57c3788fe5	Update all dependencies (#427)	2020-01-02 17:56:50 +01:00
Grant Murphy	5d613739e1	fix(docker) gcc and libc-dev required bindings ... The docker image doesn't include the necessary packages to build / analyze some packages. Adding gcc and libc-dev to addess this.	2019-12-20 08:45:01 +10:00
renovate[bot]	cb4f343eaf	Update all dependencies (#417)	2019-12-17 09:31:52 +01:00
Lars Lehtonen	df484bfa9e	cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412) ... * cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14 * cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11	2019-11-19 11:41:25 +01:00
renovate[bot]	b4c76d4234	Update all dependencies (#410)	2019-11-04 16:45:32 +01:00
Cosmin Cojocar	99170e0d76	Update the README with some details about the CWE mapping (#407) ... * Fix some typos in the README file Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Update the README with some details about the CWE mapping Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-31 11:56:17 +01:00
Julian Thome	53be8dd864	Add CWE rule mappings (#405) ... * added mappings * added cwe to template * link in function to template * moved mappings and added test cases * wording * cleanup	2019-10-31 09:22:38 +01:00
Cosmin Cojocar	28c1128b73	Add more tests to improve the coverage of resolve ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	d78f02634a	Format import to make codecov happy ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	50e1fe267d	Improve the SSRF rule to report an issue for package scoped variables ... Made also the rule to not report an issue when encountering function scoped variable which terminate in a basic literal such as a string. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	07770ae76d	Add a test for composite literals when trying to resolve an AST tree node ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	f413f1436d	Handle the ValueSpec when trying to resolve an AST tree node ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	c1970ff5c9	Handle the ValueSpec when trying to resolve an AST tree node ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 11:56:58 +02:00
Cosmin Cojocar	ea9faae22d	Update the Go version to 1.13 in the Dockerfile (#403) ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 09:44:34 +02:00
Cosmin Cojocar	186dec7b26	Convert the global settings to correct type when reading them from file (#399) ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-08 09:44:17 +02:00
Cosmin Cojocar	e680875ea1	Replace the deprecated load mode with more specific flags are recommended in the packages docs (#400) ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-10-02 14:05:14 +02:00
renovate[bot]	ad375d3b8f	Update golang.org/x/tools commit hash to 7c411de (#389)	2019-10-01 09:10:45 +02:00
Grant Murphy	607f2408a5	reconfigure rennoavate bot (#395) ... I *think* this schedule only monthly semver updates but still give us vulnerability alerts. See: https://docs.renovatebot.com/presets for more information.	2019-10-01 09:10:23 +02:00
Cosmin Cojocar	832d7bb398	Update README with CII Best Practicies badge ... Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-27 08:53:58 +10:00
Cosmin Cojocar	29341f6e9c	Fix the rule G108/pporf to handle the case when the pporf import has not name ... This is causing a crash. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-24 18:16:45 +10:00