Cosmin Cojocar
c06903addd
Fix test that checks the overriden nosec directive
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 14:33:51 +02:00
Cosmin Cojocar
e108c56933
Format the file
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
d8a6d358dc
Ensure the ignores are parsed before analysing the package
...
In addition this handles the ignores for multi-line issues
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
0ec6cd95d7
Refactor how ignored issues are tracked
...
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-13 14:11:08 +02:00
Cosmin Cojocar
9120883a15
Fix no-sec alternative tag ( #962 )
...
The no-sec alternative tag prepends now automatically the # symbol
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-05-25 11:54:26 +02:00
Matthieu MOREL
68b520165d
enable ginkgolinter linter ( #948 )
...
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
2023-04-04 08:52:59 +02:00
Cosmin Cojocar
df14837174
Update to Go 1.20 and fix unit tests ( #923 )
...
* Fix unit tests for Go 1.20
* Update to Go 1.20 in the build scripts
* Remove support for 1.18 in the build
* Fix the golangci lint version according to Go version used
* Fix golangci version string
* Fix gci linter warning
* Remove golint in favour of golangci
2023-02-06 14:15:05 +01:00
Cosmin Cojocar
0ba05e160a
chore: fix lint warnings
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-08 10:56:19 +02:00
kruskal
7d539ed494
feat: add concurrency option to parallelize package loading ( #778 )
...
* feat: add concurrency option to parallelize package loading
* refactor: move wg.add inside the for loop
* fix: gracefully stop the workers on error
* test: add test for concurrent scan
2022-02-16 18:23:37 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 ( #753 )
2022-01-03 18:11:35 +01:00
Yiwei Ding
72f1145f8a
Fix #743 ( #748 )
...
* Check if nosec tag is in front of a line
* Use \n instead of a whitespace in a test case
2022-01-03 16:48:42 +01:00
Yiwei Ding
2d1c1a6df7
Track both #nosec and #nosec rulelist for one violation ( #741 )
2021-12-20 23:33:01 +01:00
Ville Skyttä
d23ab2d997
Remove space between //
and #nosec
in examples and internal use
...
Comments intended for machines to read do not have the space by
convention.
2021-12-15 19:31:14 +01:00
Yiwei Ding
35af340d07
Fix #736 ( #738 )
2021-12-13 17:45:47 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings
2021-12-09 11:53:36 +01:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci ( #698 )
2021-09-13 09:40:10 +02:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such
2021-08-18 13:00:38 +02:00
Marc Brugger
62db81342e
Allow excluding generated files
2021-08-04 17:33:20 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build
2021-05-31 10:44:12 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt
2021-05-07 18:04:01 +02:00
Grant Murphy
8630c43b66
Add null pointer check in G601
...
fixes : #475
2020-05-21 05:51:45 +02:00
Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Cosmin Cojocar
3d5c97b418
Add a test sample for Cgo files
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-16 09:06:23 +01:00
Rafael dos Santos
f43a957359
Check for both default and alternative nosec tags ( #426 )
...
* Check both nosec tags
* Adjust test to find vulnerabilities
* Add a few alias in Makefile to get GOPATH
2020-01-06 09:47:28 +01:00
Daniel Carlier
8932f702ce
Add flag to handle '#nosec' alternative ( #346 )
...
* Add logic to check for a #nosec alternative
* Add NoSecAlternative as a new global variable
* Add nosec-tag flag
2019-09-04 10:20:43 +02:00
Cosmin Cojocar
63b44b6681
Add some more tests to make codecov happy
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 11:56:26 +02:00
Cosmin Cojocar
0ebfa2f8b7
Rework analyzer unit test to pass the go tip version ( #318 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-17 15:35:46 +02:00
Cosmin Cojocar
b68ac76dbc
Fix formatting
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
3e69a8c8a2
Append the package load errors to analyser's errors
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
aac9b00845
Refactor properly the package error parsing and cover all test cases
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
625718d294
Refactor the test for Go build errors
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
bac6f0fb8f
Add tests for an empty package without any test file
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
76b2c12044
Add a test to cover the processing of empty packages
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
f1ea7f6ee3
Add tests for analyser test pacakge check
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
b49c9532a8
Add a flag which allows to scan also the tests files
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
4dfaf0a997
Refactor the analyzer to process one package at the time
...
This avoids loading all packages in memory before running the checks.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-28 09:06:52 +02:00
Martin Vrachev
62b5195dd9
Report for Golang errors ( #284 )
...
* Report for Golang errors
Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.
The real problem here is that the user will never know about the issue if he generates the output in a file.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
Cosmin Cojocar
f87af5fa72
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration ( #274 )
...
* Define more explicit the global options in the configuration
* Detect in audit mode the unhandled errors even thought they are explicitly ignored
2019-01-14 21:37:40 +10:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
Cosmin Cojocar
64d58c2e51
Refactor the test code sample to support multiple files per sample
2018-09-28 11:42:25 +03:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org ( #214 )
2018-07-19 17:40:28 +10:00
cosmincojocar
4ae8c95b40
Add an option for Go build tags ( #201 )
...
* Add an option for Go build tags
* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
Jon McClintock
429ac07bbd
Change the exclude syntax to be a part of #nosec
2018-03-08 19:01:00 +00:00
Jon McClintock
1429033aca
Add support for #excluding specific rules
2018-03-02 23:44:51 +00:00
Grant Murphy
485bc31df8
Fix go vet errors in tests
2018-01-30 00:55:35 +00:00
Andrew S. Brown
22dc89384d
Do a single build for all packages.
...
This is much faster because the loader can reuse packages.
2018-01-07 15:02:33 -08:00
Grant Murphy
25d74c6b20
address review comments
2017-12-14 10:04:22 +10:00
Grant Murphy
6943f9e5e4
Major rework of codebase
...
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00