actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 12:05:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
587 commits 2 branches 41 tags 20 MiB
Commit graph

51 commits

Author SHA1 Message Date
xpivarc
0ce48a584f
Reproducible junit report (#529) 
* Fix junit format ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Make ordering stable

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Test ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>
 2020-09-29 19:17:38 +02:00
Cosmin Cojocar
6bcd89aa6b Mark all lines of a multi-line finding 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
4d4e5949c6 Add some comments 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
d1467ac998 Extend the code snippet included in the issue and refactored how the code snippet is printed 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-07-07 10:00:15 +02:00
Cosmin Cojocar
c4417de46d Use the latest color package to get the color working with tmux 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-14 02:21:37 -07:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format (#460) 
* feature(issue): Add function to return file path and line number

* docs(formatter/CreateReport): Update formats accepted

* feature(formatter): Add color output for text format

Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color

* feature(formatter): Highlight issues based on severity

Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white

* feature(main): Add color flag

It's only valid for text format

* refactor(formatter): Passing color flag forward
 2020-04-14 09:50:02 +02:00
Cosmin Cojocar
c6e10af40f Handle properly the gosec module version v2 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-06 09:06:23 -07:00
Hiroki Suezawa
a4d7b3628b Add G110(Potential DoS vulnerability via decompression bomb) 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-20 10:37:56 +01:00
Cosmin Cojocar
a1969e208c
Handle all errors in the formatter tests (#431) 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-01-16 09:05:38 +01:00
Hiroki Suezawa
9cb83e10af Add a rule which detects when there is potential integer overflow (#422) 
* Add G109(Potential Integer OverFlow Detection)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* add CWE to G109(Potential Integer Overflow)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* Modify G109 to use gosec.Context

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-06 09:55:52 +01:00
Hiroki Suezawa
79fbf3af8d Add golint format to output format (#428) 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-03 10:56:21 +01:00
Julian Thome
53be8dd864 Add CWE rule mappings (#405) 
* added mappings

* added cwe to template

* link in function to template

* moved mappings and added test cases

* wording

* cleanup
 2019-10-31 09:22:38 +01:00
Grant Murphy
4b59c94808
Prevent null pointer exception in Sonarqube (#334) 
* fix(formatters) null value causes npe in sonarqube

the json encoding of uninitialized arrays is null. this causes a npe in
sonarqube tool. we should return an empty array rather than a null value
here.

relates to: #333
 2019-07-09 13:36:09 +10:00
Cosmin Cojocar
020479a832 Support multiple root paths when generating the Sonarqube report 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-06-24 14:35:11 +02:00
Cosmin Cojocar
46e55b908d Fix the file path in the Sonarqube report 
Add some test to validate the Sonarqube formatter.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-06-24 14:10:51 +02:00
Cosmin Cojocar
950e84c3fa Handle errors to fix lint warnings 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-04-27 08:20:18 +02:00
kencrawford
eaba99df37 fix comment. 2019-03-21 07:30:14 +10:00
kencrawford
4cd14f9068 remove panic 2019-03-21 07:30:14 +10:00
kencrawford
66e7c8d8f8 Extract to a constant 2019-03-21 07:30:14 +10:00
kencrawford
1b28d323d8 fix sonarIssues struct 2019-03-21 07:30:14 +10:00
kencrawford
989eb3ff88 Update Hound errors 2019-03-21 07:30:14 +10:00
kencrawford
ddfe54d0a0 Add sonarqube output 2019-03-21 07:30:14 +10:00
Martin Vrachev
62b5195dd9 Report for Golang errors (#284) 
* Report for Golang errors

Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.

The real problem here is that the user will never know about the issue if he generates the output in a file.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
 2019-02-27 08:24:06 +10:00
Oleksandr Redko
3116b07de4 Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
NeverOddOrEven
027dc2b8a7 This fixes the html template when using '-fmt=html' 
- resolves HTML escaping issues within the template
 - resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats
 2018-10-03 13:31:59 -05:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org (#214) 2018-07-19 17:40:28 +10:00
Geoff Baskwill
b643ac26a4 Add rule ID to text output (#198) 2018-04-16 15:44:54 +10:00
cosmincojocar
1d9f816ca5 Add support for YAML output format (#177) 
* Add YAML output format

* Update README
 2018-03-05 22:20:24 +10:00
Delon Wong Her Laang
33fff9514f Excape html string for junit output. 2018-02-01 12:30:47 +08:00
Delon Wong Her Laang
862295cb7d Return err instead of panic. 2018-01-30 09:54:30 +08:00
Wong Her Laang
143df04ede Fixed typo. 2018-01-27 22:23:07 +08:00
Wong Her Laang
5b91afec36 Unexport junit xml structs and some further refactoring. 2018-01-27 14:45:04 +08:00
Wong Her Laang
fdc78c0c47 Changed failure text from json to plaintext. 2018-01-27 12:43:08 +08:00
Wong Her Laang
4059facfb9 Pretty print xml result for better viewing. 2018-01-27 12:25:54 +08:00
Wong Her Laang
1346bd37ca Edited README and help text. 2018-01-27 12:19:38 +08:00
Wong Her Laang
2c1a0b8732 Refactored code. 2018-01-27 12:14:35 +08:00
Wong Her Laang
7539b3735f Added xml header format. 2018-01-27 11:49:58 +08:00
Delon Wong Her Laang
b8cdc32174 Working version of xml result format. 2018-01-26 11:16:49 +08:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c fix hound-ci errors 2017-12-13 17:39:00 +10:00
Adrian Lanzafame
9c959ca0a9 Issue.Line is already a string 2017-10-01 10:31:39 +10:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Grant Murphy
8df48f9769 Fix to reporting to use output formats 2017-04-25 17:57:12 -07:00
Grant Murphy
9e2abd500f Merge pull request #66 from csstaub/cs/html-output 
Add support for HTML output
 2016-11-03 21:15:17 -07:00
Grant Murphy
74b6633ee0 Updated imports to new repository location. 2016-11-02 16:54:20 -07:00
Cedric Staub
911c69646d Add support for HTML output 2016-10-21 13:18:56 -07:00
Cedric Staub
2ec102c7bf Use encoding/csv for CSV output 
The encoding/csv package will take care of quoting, double-quoting,
and other CSV quirks -- avoids having to fiddle with text templates.
 2016-07-27 20:55:09 -07:00
Cedric Staub
271cff19f7
Use encoding/json for -fmt json output 2016-07-25 16:40:49 -07:00
Cedric Staub
c6e25a9b64
Make sure -fmt json produces valid output 2016-07-25 16:10:00 -07:00