renovate[bot]
50d1b4ae6b
chore(deps): update module google.golang.org/api to v0.199.0
2024-10-01 16:51:00 +02:00
Cosmin Cojocar
c0ba7c7a74
Update the gosec to v2.21.4 in the Github action
...
Security Scan / build (push) Has been cancelled
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
CI / coverage (push) Has been cancelled
Change-Id: Idb7fd0b7f7524adf3a87dc06e1fe3935a5593c60
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-26 14:24:09 +02:00
Cosmin Cojocar
a3299ce10c
Add the version into goreleaser config
...
Change-Id: Id759cc78f3c8f3c69864311e91dd64cbacb1b958
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-26 14:24:09 +02:00
renovate[bot]
d4617f51ba
chore(deps): update module google.golang.org/api to v0.198.0 ( #1233 )
...
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
Security Scan / build (push) Has been cancelled
CI / coverage (push) Has been cancelled
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-23 09:30:44 +02:00
Laurent Demailly
1d23143bee
Prevent panic: unexpected constant value: <nil> ( #1232 )
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
Security Scan / build (push) Has been cancelled
CI / coverage (push) Has been cancelled
2024-09-20 10:58:58 +02:00
Laurent Demailly
6741874d9b
Fix running single analyzer which isn't a rule bug ( #1231 )
...
* Fix running single analyzer which isn't a rule bug
* remove uncessary diff (even if it's proper fmt)
2024-09-20 10:56:50 +02:00
Cosmin Cojocar
a83689867d
Update gosec version to v2.21.3 in github action ( #1227 )
...
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
Security Scan / build (push) Has been cancelled
CI / coverage (push) Has been cancelled
Change-Id: If12ea73f08ff79b5c53ece6c96454fb99418ced2
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-18 14:10:47 +02:00
Cosmin Cojocar
be8bd6e40b
Populate the fixes only when autofix is not empty ( #1226 )
...
Change-Id: If4de66d1ea0fd5a179808d023fdac677437c6d5a
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-18 13:43:01 +02:00
renovate[bot]
3004932005
chore(deps): update all dependencies ( #1223 )
...
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
Security Scan / build (push) Has been cancelled
CI / coverage (push) Has been cancelled
* chore(deps): update all dependencies
* Update go.mod
* Remove the toolchain directive
Change-Id: I2ecbdec86e3eb8a771232f649f6da2273b3026ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <cosmin@cojocar.ch>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-16 10:42:08 +02:00
czechbol
1f3bdd9349
G115 Struct Attribute Checks ( #1221 )
...
* allow struct attributes checks
* fix explicit check results
2024-09-16 10:30:54 +02:00
Cosmin Cojocar
5f3194b581
Update the github action to v2.21.2 ( #1218 )
...
CI / test (map[go:1.22.7 golangci:latest]) (push) Has been cancelled
CI / test (map[go:1.23.1 golangci:latest]) (push) Has been cancelled
CI / coverage (push) Has been cancelled
Security Scan / build (push) Has been cancelled
Change-Id: I0b31f470f716e6b0ea1dacae7814075ee9f6d898
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-09 16:20:57 +02:00
Cosmin Cojocar
abfe8cfd6d
Update the SARIF schema URL ( #1217 )
...
Change-Id: I4a19f289ed6c4da8277bcc30be7c905ca13b6898
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-09 15:36:18 +02:00
Cosmin Cojocar
0396179112
Update go version to 1.23.1 and 1.22.7 ( #1216 )
...
Change-Id: I2c5ad3b96a96470ce663de84d767590b842990ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-09 15:29:43 +02:00
renovate[bot]
5e53c8b9f7
chore(deps): update all dependencies ( #1215 )
...
* chore(deps): update all dependencies
* Update go.mod
* Update go.mod
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-09-09 15:20:27 +02:00
Cosmin Cojocar
014751c91c
Update gosec version to v2.21.1 in github action ( #1213 )
...
Change-Id: I0dda98f91eabc1881c55cb886425acf62a000002
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 17:22:49 +02:00
Cosmin Cojocar
0ce4453ddd
Rollback the SARIF version to 2.1 since github doesn't support 2.2 ( #1210 )
...
Change-Id: If3500ec2c522339ca0a4e6c1f58574ce3cc870a9
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:56:15 +02:00
Cosmin Cojocar
ea26e8431f
Update gosec in github action to v2.21.0 ( #1208 )
...
Change-Id: Ia6a5cc01472103d435cd5931aaef98a71a0a89f2
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:49:35 +02:00
Cosmin Cojocar
b278b40c52
Update cosign version to v2.4.0 in release github workflow ( #1207 )
...
Change-Id: I78b4ad65597f6c10d9cc3113864fd73a25101b25
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:22:00 +02:00
czechbol
eaedce9a8b
Improvement the int conversion overflow logic to handle bound checks ( #1194 )
...
* add test cases
Signed-off-by: czechbol <adamludes@gmail.com>
* fix bounds check logic
Signed-off-by: czechbol <adamludes@gmail.com>
* tweak test cases
Signed-off-by: czechbol <adamludes@gmail.com>
* fix codestyle
Signed-off-by: czechbol <adamludes@gmail.com>
* improve bounds check logic
Signed-off-by: czechbol <adamludes@gmail.com>
* max recursion depth
Signed-off-by: czechbol <adamludes@gmail.com>
* add test case for len function
Signed-off-by: czechbol <adamludes@gmail.com>
* relax len function bounds checks
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
* handle cases when convert instruction is after the if blocks
Signed-off-by: czechbol <adamludes@gmail.com>
* improve range check discovery, add tests
Signed-off-by: czechbol <adamludes@gmail.com>
* refactor for readability
Signed-off-by: czechbol <adamludes@gmail.com>
* add cap function test
Signed-off-by: czechbol <adamludes@gmail.com>
* calculate signed min without throwing overflow warnings
Signed-off-by: czechbol <adamludes@gmail.com>
* perform bounds checks int size calculations
Signed-off-by: czechbol <adamludes@gmail.com>
* basic equal operator logic
Signed-off-by: czechbol <adamludes@gmail.com>
* uintptr -> unsafe.Pointer test case
Signed-off-by: czechbol <adamludes@gmail.com>
* fix review comments
Signed-off-by: czechbol <adamludes@gmail.com>
* Rebase and fix go module
Change-Id: I8da6495eaaf25b1739389aa98492bd7df338085b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
* fix false positive for negated value
Signed-off-by: czechbol <adamludes@gmail.com>
* fix range conditions
Signed-off-by: czechbol <adamludes@gmail.com>
* Ignore the golangci/gosec G115 warning
Change-Id: I0db56cb0a5f9ab6e815e2480ec0b66d7061b23d3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: czechbol <adamludes@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:09:54 +02:00
William Bergeron-Drouin
ea5b2766bb
fix: G602 support for nested conditionals with bounds check ( #1201 )
...
* Recursive fix
* Add some more test cases
* Fix formatting
* Add depth check
2024-09-04 11:07:42 +02:00
Cosmin Cojocar
11d69032b0
Update go.mod to sue go 1.22.0 toolchain
2024-09-02 09:46:29 +02:00
renovate[bot]
655527dfb4
chore(deps): update all dependencies
2024-09-02 09:46:29 +02:00
Cosmin Cojocar
0898560169
Make variable name more clear
...
Change-Id: I5b863c0da6cc3d01efa527c60c93fdcbc8c5a53c
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
ac67231ec5
Make variable names more explicity and reduce duplications
...
Change-Id: Ifa141b70351136cfe7d0756a83e8166a24b5d538
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
e0414c4640
Fix formatting
...
Change-Id: I49caeb75f1bd7ecdb9b4f99466d96ad81e2e95ac
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
c7003fc7e5
Refactor to reduce some fuctions and variable names
...
Change-Id: I7f42c1de4e39dceb8e8144037d5af9223331ff06
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Cosmin Cojocar
2401936458
Pass the value argument directly since is an interface
...
The value doens't require to be passed as a pointer since is a
interface.
Change-Id: Ia21bceb5f315f4c30bd28425d62f678e9203e93f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-30 19:35:07 +02:00
Dimitar Banchev
f5d312825f
Added suggested changes
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a14ca4ac59
Added another test case in order to increase code coverage
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a6dd589bae
Removed function parameter which is always the same
2024-08-30 19:35:07 +02:00
Dimitar Banchev
b4c746962f
Formatting problems(CI was not passing)
2024-08-30 19:35:07 +02:00
Dimitar Banchev
7f8f654235
Updated analyzer to use new way of initialization
...
* Removed old way of initializing analyzers
* Added the new analyzer to the rest of the default analyzers
* Fixed small bug in the rule
* Removed the test for the new analyzer from the file responsible for testing the rules
* Merged the diffrent examples into 1 variable
* Added tests for the analyzer
* Removed code that was used for testing rules, but it was used to test the analyzer
2024-08-30 19:35:07 +02:00
Dimitar Banchev
a26215cf23
Migrated the rule to the analyzers folder
2024-08-30 19:35:07 +02:00
Dimitar Banchev
3f6e1e7326
Refractored code a little bit
2024-08-30 19:35:07 +02:00
Dimitar Banchev
0eb8143c23
Added new rule G407(hardcoded IV/nonce)
...
The rule is supposed to detect for the usage of hardcoded or static nonce/Iv in many encryption algorithms:
* The different modes of AES (mainly tested here)
* It should be able to work with ascon
Currently the rules doesn't check when constant variables are used.
TODO: Improve the rule, to detected for constatant variable usage
2024-08-30 19:35:07 +02:00
Ben Krieger
4ae73c8ba3
Fix conversion overflow false positive when using ParseUint
2024-08-28 08:58:42 +02:00
Cosmin Cojocar
c52dc0ea4e
Add a build step to measure the scan perfomance
...
This step will measure the scan performance difference against the
master version.
Change-Id: I1b9196ef3348350cf818471f55d9024d14064ac6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-26 19:08:32 +02:00
czechbol
bcec04e784
Fix conversion overflow false positives when they are checked or pre-determined
...
Signed-off-by: czechbol <adamludes@gmail.com>
2024-08-26 16:57:12 +02:00
Cosmin Cojocar
71e397b994
Update go.mod
2024-08-26 16:47:36 +02:00
renovate[bot]
aec45b0b7d
chore(deps): update all dependencies
2024-08-26 16:47:36 +02:00
Cosmin Cojocar
ab3f6c1c83
Fix false positive in conversion overflow check from uint8/int8 type
...
Change-Id: I543545e22fa12de0d85dcf92664a0a54e8f7244a
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-22 09:47:52 +02:00
Cosmin Cojocar
a39ec5a16b
Disable staticcheck SA1019 rule
...
Change-Id: Ia9db0083f5ffb34d911b5ca491ef0ce23be979f8
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Cosmin Cojocar
a1b2ab80af
Update the golangci linters
...
Change-Id: I8938d57e9751913f65b4825a44c252b31888f9e8
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Cosmin Cojocar
8467f012e0
Add more test to cover more use cases for G115 rule
...
Change-Id: Icb60fe14ae12439c1ee0e507a407a23ce4c64c85
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-21 15:00:06 +02:00
Rahul Gadi
81cda2f91f
Allow excluding analyzers globally ( #1180 )
...
* This change does not exclude analyzers for inline comment
* Changed the expected issues count for G103, G109 samples for test. Previously G115 has been included in the issue count
* Show analyzers IDs(G115, G602) in gosec usage help
* See #1175
2024-08-20 10:43:40 +02:00
Cosmin Cojocar
18135b439c
Update to Go 1.23.0 ( #1183 )
...
Change-Id: I11a6402e85ac543305e8bad4ea35239779424dd6
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-19 09:17:50 +02:00
renovate[bot]
91c708a620
chore(deps): update all dependencies ( #1182 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-19 08:58:30 +02:00
Cosmin Cojocar
92bac42afc
Read the AI API key also from an environment variable ( #1181 )
...
* Read the AI API key also from an environment variable
Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
* Fix lint warning
Change-Id: Icd3eb8a029764db76596c3e171275c03a23f8cef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-18 17:59:45 +02:00
Tran The Lam
56f943b802
Add support to generate auto fixes using LLM (AI) ( #1177 )
...
This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers.
---------
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-08-12 12:52:41 +02:00
renovate[bot]
f33fd4bf29
chore(deps): update all dependencies
2024-08-12 10:21:07 +02:00