Cosmin Cojocar
f1d49a6945
Remove unused code
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:54:59 +02:00
Cosmin Cojocar
ed2e0aa927
Update local install command in README file
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:54:40 +02:00
Cosmin Cojocar
4dfaf0a997
Refactor the analyzer to process one package at the time
...
This avoids loading all packages in memory before running the checks.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-28 09:06:52 +02:00
Cosmin Cojocar
adcfe94257
Fix test for helpers
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
5ae52660ae
Add some tests that covers the helper function which list the package paths
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
e419eb8f4e
Exclude correctly the vendor folder from the scanned packages
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85eb8a52ab
Scan the go packages path recursively starting from a root folder
...
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85221996b6
Improve logging in the analyser
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
ea16ff1f9e
Remove GOPATH check to allow running gosec outside of GOPATH
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
6c174a61d4
Update README file
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:40 +02:00
Cosmin Cojocar
7935fd85b9
Rework the Dockerfile for Go modules
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:40 +02:00
Cosmin Cojocar
806908a805
Remove the dep tool installation from travis CI
...
Use the just built gosec to scan the source code.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Cosmin Cojocar
950e84c3fa
Handle errors to fix lint warnings
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Cosmin Cojocar
ee73b9e94b
Remove dep and Use only Go modules to manage dependencies
...
Update the depenendencies to latest versions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Naoya Yoshizawa
85d180848d
Go modules support for 1.12 ( #297 )
...
* support go module
* fix implement and uncommented out tests
* includes test package
* remove test environment go1.10 or older
2019-04-25 09:25:32 +02:00
kencrawford
eaba99df37
fix comment.
2019-03-21 07:30:14 +10:00
kencrawford
4cd14f9068
remove panic
2019-03-21 07:30:14 +10:00
kencrawford
66e7c8d8f8
Extract to a constant
2019-03-21 07:30:14 +10:00
kencrawford
1b28d323d8
fix sonarIssues struct
2019-03-21 07:30:14 +10:00
kencrawford
8eab50eb17
update README.md to add support of sonarqube.
2019-03-21 07:30:14 +10:00
kencrawford
989eb3ff88
Update Hound errors
2019-03-21 07:30:14 +10:00
kencrawford
ddfe54d0a0
Add sonarqube output
2019-03-21 07:30:14 +10:00
JulesDT
c5e6c4aedd
fix no-fail flag logic
2019-03-19 08:11:02 +10:00
Cosmin Cojocar
2bd007e968
Update README
2019-03-06 17:18:50 +10:00
Cosmin Cojocar
8b27d1c091
Update go version to 1.11.5 in the docker file
2019-03-06 17:18:50 +10:00
Liam Galvin
9cd538fcf2
Fix README typo
2019-03-06 08:14:35 +10:00
Martin Vrachev
62b5195dd9
Report for Golang errors ( #284 )
...
* Report for Golang errors
Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.
The real problem here is that the user will never know about the issue if he generates the output in a file.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
Martin Vrachev
9cdfec40ca
Change test
...
I thought that an example where the user inputs a URL is more realistic.
Because if your operating system is already hacked then you are already screwed.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-13 11:47:59 +01:00
Cosmin Cojocar
8048b15efa
Add more badges in the README file
2019-02-13 11:46:36 +01:00
Joaquin L. Pereyra
e2752bc191
revert to default GOPATH if necessary ( #279 )
...
* revert to default GOPATH if necessary
2019-02-07 09:34:52 +10:00
JulesDT
04ce7baf6c
add a no-fail flag
2019-01-28 09:38:18 +01:00
Joaquin L. Pereyra
a966ff760c
Fix -conf example in README.md
...
1. Example config json included a trailing comma, even though as we obviously know this is how things should be, JSON does not agree and the parser fails miserably
2. Flag was incorrectly stated as -config in the README, the correct flag is -conf
3. Example command did not work as did not include final dot to examine the current pkg.
2019-01-22 15:33:45 +01:00
Cosmin Cojocar
b6626154df
Fix typo
2019-01-18 11:09:41 +01:00
Cosmin Cojocar
5d33e6ebe1
Update the README with some details about the configuration file
...
fixes #269
2019-01-18 11:09:41 +01:00
Cosmin Cojocar
f87af5fa72
Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration ( #274 )
...
* Define more explicit the global options in the configuration
* Detect in audit mode the unhandled errors even thought they are explicitly ignored
2019-01-14 21:37:40 +10:00
Cosmin Cojocar
14ed63d558
Do not flag the unhandled errors which are explicitly ignored
...
fixes #270
2019-01-14 10:06:30 +01:00
Cosmin Cojocar
12400f9a1c
Update README with the code coverage batch
2018-12-11 18:15:58 +01:00
Cosmin Cojocar
72e95e88ac
Geneate and upload the test coverage report to codecove.io
2018-12-11 17:08:31 +01:00
Cosmin Cojocar
24e3094d2a
Extend the bind rule to handle the case when the net.Listen address in provided from a const
2018-12-04 09:22:06 +01:00
Cosmin Cojocar
9b32fcac16
Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call
2018-12-04 09:22:06 +01:00
Cosmin Cojocar
f14f17fb1d
Add a helper function which extracts the string parameters values of a call expression
2018-12-04 09:22:06 +01:00
Cosmin Cojocar
2695567487
Build the code sample for string builder only fron Go 1.10 onwards
2018-11-11 09:57:28 +01:00
Cosmin Cojocar
ae82798b9c
Fix the WriteSring test by handling the error
2018-11-11 09:57:28 +01:00
Edoardo Tenani
adb42220da
whitelist strings.Builder method in rule G104
2018-11-11 09:57:28 +01:00
Edoardo Tenani
9b966a447e
add test case for strings.Builder G104 whitelist inclusion
2018-11-11 09:57:28 +01:00
Yuki Ito
41809946d4
Make G201 ignore CallExpr with no args ( #262 )
2018-11-05 09:28:47 +01:00
Yuki Ito
443f84fd4d
Fix golint link ( #263 )
2018-11-05 09:13:26 +01:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
Cosmin Cojocar
e0a150bfa3
Merge pull request #254 from kishaningithub/253
...
Add install.sh script and update readme
2018-10-05 13:12:28 +02:00
Kishan B
97bc137c5b
Add CI Installation steps and correct markdown lint errors
2018-10-05 15:27:14 +05:30