Vladimir Severov
9c19cb6501
Add check for usage of Rat.SetString in math/big with an overflow error ( #819 )
...
* Add check for usage of Rat.SetString in math/big with an overflow error
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7
has an overflow that can lead to Uncontrolled Memory Consumption.
It is the CVE-2022-23772.
* Use ContainsPkgCallExpr instead of manual parsing
2022-06-03 00:19:51 +02:00
云微
34d144b3fa
Add new rule for Slowloris Attack
2022-04-30 12:38:50 +02:00
Gautam Mehta
0791d31471
Fix typo in ReadMe ( #802 )
2022-04-05 07:15:22 +02:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/")
2022-03-06 10:58:47 +01:00
Cosmin Cojocar
26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign ( #781 )
...
* Extend the release action to sign the docker image and binary files with cosign
* Fix lint warnings
* Fix the ling warnings
* Fix the lint warnings
2022-02-22 21:33:42 +01:00
de-jcup
db8d98b571
Updated sponsor link in README.md
...
- Because of rebranding (Daimler AG has become
Mercedes-Benz Group AG) the github organization has
been renamed as well.
- Updated sponsorship link in README.md to new github organization
2022-02-07 10:34:42 +01:00
Cosmin Cojocar
e0f354aa0d
Add the sponsors section in the README file ( #740 )
2021-12-15 20:10:40 +01:00
Ville Skyttä
d23ab2d997
Remove space between //
and #nosec
in examples and internal use
...
Comments intended for machines to read do not have the space by
convention.
2021-12-15 19:31:14 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings
2021-12-09 11:53:36 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes ( #717 )
2021-11-09 21:02:24 +01:00
xq840622
1297bedbc7
Update README.md ( #707 )
...
"io/ioutil" package name is "ioutil"
2021-10-14 09:54:09 +02:00
nobishii
991dd94f3a
Update local installation instruction ( #703 )
...
Update local installation instruction for Go1.16+.
2021-10-05 19:33:55 +02:00
Rodrigo Broggi
9f30bb6602
Typo correction ( #681 )
...
Correcting the command flag from 'tag' to 'tags'
2021-08-16 11:29:35 +02:00
Marc Brugger
62db81342e
Allow excluding generated files
2021-08-04 17:33:20 +02:00
Matthieu MOREL
af27673a87
Update README.md
2021-05-28 09:19:31 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved
2021-05-10 10:44:55 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt
2021-05-07 18:04:01 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness
2021-05-07 16:54:34 +02:00
Matthieu MOREL
cc83d4c922
Generate the SARIF types, handle taxonomies and separate responsibilities
2021-05-05 18:54:32 +02:00
Jeff Widman
0695fa026e
Add -u
to local install instructions ( #595 )
...
`-u` will ensure that users are updated the latest released version.
This way bugs are less likely to be reported that are already fixed.
2021-04-16 09:50:10 +02:00
Cosmin Cojocar
dcbcc4dd2a
Use a more generic path for sonarqube import path ( #573 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-11 14:19:46 +01:00
Cosmin Cojocar
2777e5065e
Update README with a note which describes how to import a SonarQube report ( #572 )
2021-02-11 12:10:44 +01:00
Mark Wolfe
d9d75834b6
update README with instructions on how to integrate with GitHub codescanning
2021-01-22 11:31:07 +01:00
Miki Tebeka
6bd6e4ba2c
Use $(go env GOPATH) that works even when GOPATH is not set
2020-10-01 04:17:43 +10:00
Lucas Charles
aef335a98e
Fix typo in README.md
...
s/trucate/truncate for G101 configuration
2020-10-01 04:17:00 +10:00
Cosmin Cojocar
868556b846
Update README with the correct path to tlsconfig command
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
Cosmin Cojocar
166e4f5f45
Update README file with some more details required to run successfully a scan with the docker image
...
The current working directory needs to be specified in the docker run option in order for gosec
to download the dependencies defined in the go module file.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-01 08:57:52 +02:00
Cosmin Cojocar
a3895d5c55
Fix typo in README file
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:02 +02:00
Jamie Cuthill
17c955519e
Incorrect local installation instructions for v2
2020-08-21 11:23:36 +02:00
ggkitsas
b60ddc21ba
feat: adds support for path.Join and for tar archives in G305
2020-08-03 09:17:45 +02:00
evalphobia
03f12f3f5d
Change naming rule from blacklist to blocklist
2020-06-29 13:45:44 +02:00
Cosmin Cojocar
6a130d55b3
Update the link pointing to issues to CWE mapping to use the master version ( #483 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-28 14:40:15 +02:00
Cosmin Cojocar
1b915ddad7
Set up a gosec's users list
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-12 08:51:13 +02:00
Caccavale
ee3146e637
Rule which detects aliasing of values in RangeStmt
2020-04-24 07:46:25 -07:00
Cosmin Cojocar
8662624e28
Update the build badge to ge the status from GitHub workflow
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-20 03:20:30 -07:00
Cosmin Cojocar
a2a40de847
Update the README with an example to configure the hard-coded credentials rule
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-15 07:21:19 -07:00
Cosmin Cojocar
51e4317f09
Automate the release process using a GitHub workflow
...
The release will trigger when a new tag is pushed.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 00:41:56 -07:00
Cosmin Cojocar
3b6c3f13f1
Update README with some instruction how to run gosec as a GitHub action
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-08 00:39:01 -07:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
Sam Caccavale
a305f10eb9
Fileperms ( #442 )
2020-02-28 12:48:18 +01:00
Hiroki Suezawa
a4d7b3628b
Add G110(Potential DoS vulnerability via decompression bomb)
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Hiroki Suezawa
9cb83e10af
Add a rule which detects when there is potential integer overflow ( #422 )
...
* Add G109(Potential Integer OverFlow Detection)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* add CWE to G109(Potential Integer Overflow)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* Modify G109 to use gosec.Context
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00
Hiroki Suezawa
79fbf3af8d
Add golint format to output format ( #428 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
Cosmin Cojocar
99170e0d76
Update the README with some details about the CWE mapping ( #407 )
...
* Fix some typos in the README file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
* Update the README with some details about the CWE mapping
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-10-31 11:56:17 +01:00
Cosmin Cojocar
832d7bb398
Update README with CII Best Practicies badge
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-27 08:53:58 +10:00
Cosmin Cojocar
d8f249a079
Update README with rule G108
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-24 09:32:09 +10:00
Cosmin Cojocar
338b50debb
Remove rule G105 which detects the use of math/big#Int.Exp
...
The big#Int.Exp used to be vulnerable in older versions of Go, but in the
meantime has been fixed (https://github.com/golang/go/issues/15184 ).
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:59:05 +10:00
Cosmin Cojocar
7851918c4f
Add support to exclude arbitrary folders from scanning ( #353 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 22:01:36 +10:00
Cosmin Cojocar
fde1f82f34
Update the tag format in the release steps ( #348 )
...
Go modules requires that the tag starts with a `v`.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:11:32 +10:00
Cosmin Cojocar
992f173356
Update README file with a note on dependencies ( #351 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:11:12 +10:00