Cosmin Cojocar
2aad3f02a5
Fix lint warnings by properly formatting the files
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-12-08 14:46:36 +01:00
Adam Kaplan
0e2a61899a
chore: Refactor Sample Code to Separate Files
...
Split the code in `source.go` to individual sample files, one per rule.
This will help contributors submit samples for new rules, or
improvements to existing rules. The cgo sample was all that was left
after refactoring, which resulted in its own sample file.
Sample code was also formatted to have some level of consistency.
Each sample go "file" attempts to keep the formatting of `gofmt`, and
each code sample is in its own section in the sample file.
Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2023-12-08 14:46:36 +01:00
Cosmin Cojocar
bc03d1c1bc
Update go version to 1.21.5 and 1.20.12 ( #1084 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-12-08 14:19:34 +01:00
renovate[bot]
79a6b475f0
chore(deps): update all dependencies ( #1080 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-04 10:06:03 +01:00
Cosmin Cojocar
eb256a7d70
Ignore the issues from generated files when using the analysis framework ( #1079 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-30 17:42:44 +01:00
Chaminda Divitotawela
43b7cbf661
Update README with upload-sarif v2 ( #1078 )
...
GitHub action upload-sarif v1 is deprecated and action fails if used. Updated README with v2 so workflow can be copy and use without modiciations
Fixes #1077
2023-11-28 09:09:22 +01:00
renovate[bot]
fece49805b
chore(deps): update dependency babel-standalone to v7.23.4
2023-11-27 09:30:11 +01:00
Pooja Shah
24c614bf16
Added ppc64le support
2023-11-16 10:07:21 +01:00
renovate[bot]
c736581f85
chore(deps): update all dependencies
2023-11-13 09:45:27 +01:00
Cosmin Cojocar
3188e3fb8e
Ensure ignores are handled properly for multi-line issues
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-10 10:48:04 +01:00
Cosmin Cojocar
6d56592f09
Update Go to version 1.21.4 and 1.20.11
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-10 10:38:54 +01:00
renovate[bot]
870103b709
chore(deps): update module golang.org/x/text to v0.14.0
2023-11-06 09:43:30 +01:00
renovate[bot]
b50e4936af
chore(deps): update all dependencies
2023-10-30 10:16:50 +01:00
Cosmin Cojocar
2f9965bfbd
Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-25 10:15:42 +02:00
Eng Zer Jun
fa1b74d4fc
Avoid allocations with (*regexp.Regexp).MatchString
...
We should use `(*regexp.Regexp).MatchString` instead of
`(*regexp.Regexp).Match([]byte(...))` when matching string to avoid
unnecessary `[]byte` conversions and reduce allocations.
Example benchmark:
var defaultTagRegex = regexp.MustCompile("\n *#nosec")
func BenchmarkMatch(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := defaultTagRegex.Match([]byte("\n #nosec")); !match {
b.Fail()
}
}
}
func BenchmarkMatchString(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := defaultTagRegex.MatchString("\n #nosec"); !match {
b.Fail()
}
}
}
goos: linux
goarch: amd64
pkg: github.com/securego/gosec/v2
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkMatch-16 5367033 210.6 ns/op 8 B/op 1 allocs/op
BenchmarkMatchString-16 9321561 126.3 ns/op 0 B/op 0 allocs/op
PASS
ok github.com/securego/gosec/v2 3.606s
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-25 09:56:02 +02:00
Cosmin Cojocar
64bbe90144
Fix some typos
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:32:21 +02:00
Cosmin Cojocar
d9071e359b
Update local installation instructions by removing the details for Go 1.16
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:28:11 +02:00
Cosmin Cojocar
5d837bcaab
Update gosec version to 2.18.2 in the action
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:22:59 +02:00
Cosmin Cojocar
55d7949601
Disable dot-imports in revive linter
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:00:13 +02:00
renovate[bot]
4656817593
chore(deps): update module github.com/onsi/gomega to v1.28.1
2023-10-23 09:37:22 +02:00
Cosmin Cojocar
5567ac4cfe
Run the gosec with data race detector active during tests
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 15:13:27 +02:00
Cosmin Cojocar
a2397580b6
Fix data race in the analyzer
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 15:13:27 +02:00
Cosmin Cojocar
c06903addd
Fix test that checks the overriden nosec directive
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 14:33:51 +02:00
Cosmin Cojocar
bde26196d0
Clean global state in flgs tests
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 14:33:51 +02:00
Cosmin Cojocar
e108c56933
Format the file
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
e298388908
Update README with details which describe the current behaviour of #nosec
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
d8a6d358dc
Ensure the ignores are parsed before analysing the package
...
In addition this handles the ignores for multi-line issues
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
renovate[bot]
7846db034c
chore(deps): update all dependencies
2023-10-16 09:29:43 +02:00
Cosmin Cojocar
8e0cf8c5ce
Update gosec to version 2.18.1 in the action
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 15:19:58 +02:00
Cosmin Cojocar
6b12a71071
Update cosign version to v2.2.0
2023-10-13 15:19:58 +02:00
Cosmin Cojocar
0ec6cd95d7
Refactor how ignored issues are tracked
...
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 14:11:08 +02:00
Cosmin Cojocar
f338a98bf3
Restrict the maximum depth when tracking the slice bounds
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 10:03:27 +02:00
Cosmin Cojocar
7e2d8d35f4
Handle empty ssa results
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 10:03:27 +02:00
Cosmin Cojocar
074353a2ab
Handle gracefully any panic that occurs when building the SSA representation of a package
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-12 10:37:29 +02:00
Cosmin Cojocar
ec31a3a691
Fix typo
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-12 10:15:03 +02:00
Cosmin Cojocar
a11eb28e2f
Handle new function when getting the call info in case is overriden
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-12 10:15:03 +02:00
dependabot[bot]
5b7867d125
Bump golang.org/x/net from 0.16.0 to 0.17.0 ( #1037 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 09:10:25 +02:00
Cosmin Cojocar
dd08f99f53
Update to Go 1.21.3 and 1.20.10 ( #1035 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-11 10:18:12 +02:00
Cosmin Cojocar
616520f44f
Update the list of unsafe functions detected by the unsafe rule ( #1033 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-10 09:47:36 +02:00
Cosmin Cojocar
3952187ea7
Update the action to use gosec version v2.18.0 ( #1029 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-09 10:37:52 +02:00
Cosmin Cojocar
2b62dd1d8a
Use a step ID in github release action to get the digest of the image ( #1028 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-09 10:35:36 +02:00
Cosmin Cojocar
53fc0c3c83
Update to go version 1.21.2 and 1.20.9 ( #1027 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-09 09:35:41 +02:00
renovate[bot]
7f7c47fefe
chore(deps): update all dependencies ( #1026 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-09 09:22:00 +02:00
Oleksandr Redko
d864a91884
Enable gochecknoinits; fix lint issues; use consts for some vars ( #1022 )
2023-10-05 13:00:22 +02:00
Oleksandr Redko
09cf6efb3e
Fix typos in struct fields, comments, and docs ( #1023 )
2023-10-05 12:59:17 +02:00
renovate[bot]
665e87b287
chore(deps): update all dependencies
2023-10-05 12:58:26 +02:00
Cosmin Cojocar
4def3a4eb0
Fix lint warning
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-25 13:24:34 +02:00
Cosmin Cojocar
0d332a1027
Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
...
It seems that the os.Create will create by default a file with 0666 permissions.
This should be detected when the configured permissions are less than 0666. By default will not detect this case
unless the more restrictive mode is configured.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-25 13:24:34 +02:00
Cosmin Cojocar
293d887525
Fix lint warnings
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-20 10:19:51 +02:00
Cosmin Cojocar
ac482cb87c
Update ginkgo to latest version
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-20 10:19:51 +02:00