Cosmin Cojocar
722acb64cb
Change the GitHub workflow to run the builds only on ubuntu-latest platform
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:59:02 +02:00
Cosmin Cojocar
5284f34b6f
Change the GitHub workflow to use an action which install Go using a Go version from the matrix
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:52:42 +02:00
Cosmin Cojocar
8de5fb6eb2
Migrate the build to GitHub Actions
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 03:32:24 -07:00
Cosmin Cojocar
7da9f46445
Fix the call list info to handle selector expressions
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-16 09:44:57 +01:00
Cosmin Cojocar
cf2590442c
Fix the subproc rule to handle correctly the CommandContext check
...
In this case, we need to skip the first argument because it is the context.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Cosmin Cojocar
f97f86103c
Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls
...
Also add the corresponding tests for this.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Tomas Kral
c998389da2
re-generate install.sh with latest godownloader ( #446 )
2020-03-02 14:48:48 +01:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
renovate[bot]
a2ac0bf32b
Update all dependencies ( #445 )
...
Co-authored-by: WhiteSource Renovate <renovatebot@gmail.com>
2020-03-01 21:44:28 +01:00
Sam Caccavale
a305f10eb9
Fileperms ( #442 )
2020-02-28 12:48:18 +01:00
Lars Lehtonen
00363edac5
remove support for go 1.11 ( #444 )
2020-02-28 12:47:01 +01:00
Renovate Bot
d13bb6d242
Update all dependencies
2020-02-03 10:45:20 +01:00
Cosmin Cojocar
17df5b3702
Fix typos
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-29 09:41:46 +01:00
Cosmin Cojocar
3e069e7756
Fix the errors rule whitelist to work on types methods
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-29 09:41:46 +01:00
Hiroki Suezawa
459e2d3e91
Modify rule for integer overflow to have more acurate results ( #434 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-21 10:13:11 +01:00
Hiroki Suezawa
a4d7b3628b
Add G110(Potential DoS vulnerability via decompression bomb)
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Cosmin Cojocar
3d5c97b418
Add a test sample for Cgo files
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-16 09:06:23 +01:00
Cosmin Cojocar
81e8278164
Add the Cgo files to the analysed files and ingonre all non-Go files
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-16 09:06:23 +01:00
Cosmin Cojocar
a1969e208c
Handle all errors in the formatter tests ( #431 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-16 09:05:38 +01:00
Hiroki Suezawa
9cb83e10af
Add a rule which detects when there is potential integer overflow ( #422 )
...
* Add G109(Potential Integer OverFlow Detection)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* add CWE to G109(Potential Integer Overflow)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* Modify G109 to use gosec.Context
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00
Rafael dos Santos
f43a957359
Check for both default and alternative nosec tags ( #426 )
...
* Check both nosec tags
* Adjust test to find vulnerabilities
* Add a few alias in Makefile to get GOPATH
2020-01-06 09:47:28 +01:00
Hiroki Suezawa
79fbf3af8d
Add golint format to output format ( #428 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
renovate[bot]
57c3788fe5
Update all dependencies ( #427 )
2020-01-02 17:56:50 +01:00
Grant Murphy
5d613739e1
fix(docker) gcc and libc-dev required bindings
...
The docker image doesn't include the necessary packages to build / analyze
some packages. Adding gcc and libc-dev to addess this.
2019-12-20 08:45:01 +10:00
renovate[bot]
cb4f343eaf
Update all dependencies ( #417 )
2019-12-17 09:31:52 +01:00
Lars Lehtonen
df484bfa9e
cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 ( #412 )
...
* cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14
* cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11
2019-11-19 11:41:25 +01:00
renovate[bot]
b4c76d4234
Update all dependencies ( #410 )
2019-11-04 16:45:32 +01:00
Cosmin Cojocar
99170e0d76
Update the README with some details about the CWE mapping ( #407 )
...
* Fix some typos in the README file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Update the README with some details about the CWE mapping
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-31 11:56:17 +01:00
Julian Thome
53be8dd864
Add CWE rule mappings ( #405 )
...
* added mappings
* added cwe to template
* link in function to template
* moved mappings and added test cases
* wording
* cleanup
2019-10-31 09:22:38 +01:00
Cosmin Cojocar
28c1128b73
Add more tests to improve the coverage of resolve
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
d78f02634a
Format import to make codecov happy
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
50e1fe267d
Improve the SSRF rule to report an issue for package scoped variables
...
Made also the rule to not report an issue when encountering function
scoped variable which terminate in a basic literal such as a string.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
07770ae76d
Add a test for composite literals when trying to resolve an AST tree node
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
f413f1436d
Handle the ValueSpec when trying to resolve an AST tree node
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
c1970ff5c9
Handle the ValueSpec when trying to resolve an AST tree node
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 11:56:58 +02:00
Cosmin Cojocar
ea9faae22d
Update the Go version to 1.13 in the Dockerfile ( #403 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 09:44:34 +02:00
Cosmin Cojocar
186dec7b26
Convert the global settings to correct type when reading them from file ( #399 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-08 09:44:17 +02:00
Cosmin Cojocar
e680875ea1
Replace the deprecated load mode with more specific flags are recommended in the packages docs ( #400 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-02 14:05:14 +02:00
renovate[bot]
ad375d3b8f
Update golang.org/x/tools commit hash to 7c411de ( #389 )
2019-10-01 09:10:45 +02:00
Grant Murphy
607f2408a5
reconfigure rennoavate bot ( #395 )
...
I *think* this schedule only monthly semver updates but still give us
vulnerability alerts.
See: https://docs.renovatebot.com/presets for more information.
2019-10-01 09:10:23 +02:00
Cosmin Cojocar
832d7bb398
Update README with CII Best Practicies badge
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-27 08:53:58 +10:00
Cosmin Cojocar
29341f6e9c
Fix the rule G108/pporf to handle the case when the pporf import has not name
...
This is causing a crash.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-24 18:16:45 +10:00
Martin Vrachev
b504783a71
Change unit tests to check for one thing ( #381 )
...
The unit tests should check for a single thing at a time.
This was not true for some the tests.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-09-24 10:15:56 +02:00
renovate[bot]
7dbc65b199
Update golang.org/x/tools commit hash to 3ac2a5b ( #387 )
2019-09-24 10:14:45 +02:00
Renovate Bot
f3bd9fb960
Update golang.org/x/tools commit hash to 0f9bb8f
2019-09-24 11:40:53 +10:00
Renovate Bot
c6ac709aa8
Update golang.org/x/net commit hash to aa69164
2019-09-24 00:41:44 +00:00
Renovate Bot
7a6460dde9
Update golang.org/x/crypto commit hash to 9ee001b
2019-09-24 09:35:22 +10:00
Cosmin Cojocar
d8f249a079
Update README with rule G108
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-24 09:32:09 +10:00
Cosmin Cojocar
9cee24cccd
Add a rule which detects when pprof endpoint is automatically exposed
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-24 09:32:09 +10:00
Renovate Bot
73fbc9ba49
Update golang.org/x/net commit hash to 1a5e07d
2019-09-23 09:54:52 +00:00