gosec

mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00

Author	SHA1	Message	Date
Cosmin Cojocar	f5cc32a320	Update the Go version to 1.15 in the Makefile This is only used when building locally the docker image. Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-01 08:57:52 +02:00
Cosmin Cojocar	ea0fa28b7f	Update the Github go action version to 1.6.0 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	feea8bb243	Fix the action tag Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	6688a97661	Fix the github action for Go 1.15 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	7234349e33	Add Go 1.15 to the supported version and phase out the Go 1.12 Also updated the release automation to release gosec with use Go 1.15 Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:23 +02:00
Cosmin Cojocar	a3895d5c55	Fix typo in README file Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-31 10:27:02 +02:00
Jamie Cuthill	17c955519e	Incorrect local installation instructions for v2	2020-08-21 11:23:36 +02:00
Cosmin Cojocar	f13b8bc639	Add also filepath.Rel as a sanitization method for input argument in the G304 rule Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-19 09:40:07 +02:00
Cosmin Cojocar	047729a84f	Fix the rule G304 to handle the case when the input is cleaned as a variable assignment Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-08-19 09:40:07 +02:00
ggkitsas	b60ddc21ba	feat: adds support for path.Join and for tar archives in G305	2020-08-03 09:17:45 +02:00
Renovate Bot	673a139e55	Update all dependencies	2020-08-03 09:07:46 +02:00
Cosmin Cojocar	110b62b05f	Add io.CopyBuffer function to rule G110 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-07-29 14:25:45 +02:00
Cosmin Cojocar	6bcd89aa6b	Mark all lines of a multi-line finding Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-07-07 10:00:15 +02:00
Cosmin Cojocar	4d4e5949c6	Add some comments Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-07-07 10:00:15 +02:00
Cosmin Cojocar	d1467ac998	Extend the code snippet included in the issue and refactored how the code snippet is printed Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-07-07 10:00:15 +02:00
Cosmin Cojocar	37d1af0af3	Expand the arguments to a list of strings when they are provided as a single string The GitHub action provide the arguments as a single string to the docker container, so we need to expand them in order for gosec to properly interpret them. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-07-06 19:38:49 +02:00
Renovate Bot	59cbe0071f	Update all dependencies	2020-07-01 09:13:45 +02:00
Cosmin Cojocar	ade81d3873	Rename file for consistency Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-29 13:52:47 +02:00
evalphobia	03f12f3f5d	Change naming rule from blacklist to blocklist	2020-06-29 13:45:44 +02:00
Cosmin Cojocar	3784ffea4e	Fix panic when reading the version from debug info in Go 1.13 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 15:27:53 +02:00
Cosmin Cojocar	55d368f2e5	Improve the TLS version checking Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 09:21:14 +02:00
Cosmin Cojocar	ad1cb7e47e	Make sure some version information is set when no version was injected into the binary Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 09:20:55 +02:00
Cosmin Cojocar	1d2c951f2c	Extend the rule G304 with os.OpenFile and add a test to cover it Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-17 13:14:08 +02:00
Cosmin Cojocar	0c1a71b8a1	Add more tests samples to increase coverage Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-15 15:12:02 +02:00
Cosmin Cojocar	fe07fcf276	Fix unit test when checking a mix of good and bad random functions Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-15 15:12:02 +02:00
Cosmin Cojocar	6bbf8f9cbc	Extend the insecure random rule with more insecure random functions Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-15 15:12:02 +02:00
Hiroaki Sano	af699f6a62	Exclude .git directory from scan (#485 )	2020-06-09 15:16:27 +02:00
renovate[bot]	6202b38a44	Update all dependencies (#484 ) Co-authored-by: Renovate Bot <bot@renovateapp.com>	2020-06-02 09:31:29 +02:00
Cosmin Cojocar	6a130d55b3	Update the link pointing to issues to CWE mapping to use the master version (#483 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-28 14:40:15 +02:00
Lukas Aron	826db1cfec	Fix the build tags propagation The build tags are now propagated into the build context when analysing a package.	2020-05-27 12:42:19 +02:00
Cosmin Cojocar	7da9248ce6	Change the issue test to verify that a multi-line finding contains a line range Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-27 10:16:56 +02:00
Cosmin Cojocar	7aedcc56ab	Remove print line from tests Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-27 10:16:56 +02:00
Cosmin Cojocar	30e93bf865	Improve the SQL strings concat rules to handle multiple string concatenation Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-27 10:16:56 +02:00
Cosmin Cojocar	68bce94323	Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context In addition makes pattern matching used by the rules cases insensitive. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-27 10:16:56 +02:00
Cosmin Cojocar	32be4a5cc6	Make sure all rules are mapped to CWE numbers Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-26 08:59:14 +02:00
Grant Murphy	8630c43b66	Add null pointer check in G601 fixes: #475	2020-05-21 05:51:45 +02:00
Lukas Aron	1418b856ea	ondisk -> onDisk	2020-05-19 11:34:34 +02:00
Lukas Aron	b2cfc5d638	USERS.md type in the title fixed.	2020-05-19 11:34:34 +02:00
Cosmin Cojocar	425b8f9531	Display a sponsor button in the repository Enable the funding button in the project following https://help.github.com/en/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository	2020-05-14 09:33:18 +02:00
Cosmin Cojocar	0714a1e62a	Update the users file with some more projects and companies Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-12 08:51:13 +02:00
Cosmin Cojocar	1b915ddad7	Set up a gosec's users list Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-05-12 08:51:13 +02:00
Vitaly Velikodny	668512fc5c	Update bad_defer.go Fix a mistake in the message: > G307: Deferring unsafe method "*os.File" on type "Close" (gosec) type and method changed	2020-05-06 16:23:04 +02:00
Caccavale	ee3146e637	Rule which detects aliasing of values in RangeStmt	2020-04-24 07:46:25 -07:00
Cosmin Cojocar	8662624e28	Update the build badge to ge the status from GitHub workflow Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-20 03:20:30 -07:00
Cosmin Cojocar	a5db4e1f04	Run mod tidy to clean up the dependencies Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-20 03:08:39 -07:00
Cosmin Cojocar	fb44007c6e	Enhance the hardcoded credentials rule to check the equality and non-equality of strings Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-20 03:08:39 -07:00
Cosmin Cojocar	a2a40de847	Update the README with an example to configure the hard-coded credentials rule Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-15 07:21:19 -07:00
Cosmin Cojocar	802292c54f	Fix the configuration parsing for hardcoded credentials Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-15 07:21:19 -07:00
Cosmin Cojocar	c58f3563d3	Set the default color on only for text format Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 09:33:44 -07:00
Cosmin Cojocar	1a113d6da9	Turn the color always on when the text format is set Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 02:21:37 -07:00

... 2 3 4 5 6 ...

729 commits