gosec

mirror of https://github.com/securego/gosec.git synced 2024-11-06 12:05:52 +00:00

Author	SHA1	Message	Date
Dmitry Golushko	44f484fdc7	Additional types for bad defer check (#897 ) * Additional types for bad defer check * Ignore new check in tlsconfig.go	2022-11-30 09:38:46 +01:00
Cosmin Cojocar	0ba05e160a	chore: fix lint warnings Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-08-08 10:56:19 +02:00
Ludovic Fernandez	4e68fb5b15	fix: parsing of the Go version (#844 ) * fix: parsing of the Go version * fix: convert pseudo directive to comment	2022-08-08 09:28:41 +02:00
Cosmin Cojocar	845483e0b1	Fix lint warning Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-07-28 11:10:00 +02:00
Cosmin Cojocar	45bf9a6095	Check the suppressed issues when generating the exit code Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>	2022-07-28 11:10:00 +02:00
Tim Costa	9a25f4ed2d	fix: filepaths with git anywhere in them being erroneously excluded (#828 ) Co-authored-by: Tim Costa <timcosta@amazon.com>	2022-07-06 06:46:49 +02:00
Cosmin Cojocar	607d607b51	Enable Go 1.18 in the ci and release workflows * Enable Go 1.18 in the ci and release workflows * Fix lint warning * Add golangci as a make target	2022-03-21 16:53:22 +01:00
Per Arn	ea5d31f7f5	Add a recursive flag -r to skip specifying ./... path * added recursive flag to skip specifying ./... path * refactored to remove code duplication	2022-03-07 10:31:22 +01:00
kruskal	7d539ed494	feat: add concurrency option to parallelize package loading (#778 ) * feat: add concurrency option to parallelize package loading * refactor: move wg.add inside the for loop * fix: gracefully stop the workers on error * test: add test for concurrent scan	2022-02-16 18:23:37 +01:00
Cosmin Cojocar	7be6d4efb5	Add os.Create to the readfile rule (#761 )	2022-01-12 19:33:17 +01:00
kaiili	9d66b0d346	Fix false negatives for SQL injection in multi-line queries	2022-01-05 12:05:53 +01:00
Cosmin Cojocar	ad5d74d5a1	Update to ginkgo v2 (#753 )	2022-01-03 18:11:35 +01:00
kaiili	3038a30e3c	Add in the config file settings for exclude and include options Co-authored-by: kaiili <kaii@openingsource.org>	2021-12-20 23:43:50 +01:00
Ville Skyttä	d23ab2d997	Remove space between `//` and `#nosec` in examples and internal use Comments intended for machines to read do not have the space by convention.	2021-12-15 19:31:14 +01:00
Yiwei Ding	b45f95f6ad	Add support for suppressing the findings	2021-12-09 11:53:36 +01:00
Ville Skyttä	f1f0056a90	Spelling fixes (#717 )	2021-11-09 21:02:24 +01:00
Ryan Leung	79c8b79263	use a better naming for the variable (#715 ) Signed-off-by: Ryan Leung <rleungx@gmail.com>	2021-10-19 11:54:51 +02:00
Matthieu MOREL	bfb0f422fe	chore(lint): enable errorlint and gci (#698 )	2021-09-13 09:40:10 +02:00
Nanik	efbefc6930	fix: create a separate type for flag that has validation (#692 )	2021-09-02 14:44:20 +02:00
Cosmin Cojocar	f285d612b5	Fix formatting issues with gofumpt (#685 ) Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2021-08-18 13:16:21 +02:00
Marc Brugger	ba23b5e49a	Add possibility to list waived (nosec) marked issues but not count them as such	2021-08-18 13:00:38 +02:00
Marc Brugger	62db81342e	Allow excluding generated files	2021-08-04 17:33:20 +02:00
Matthieu MOREL	3ff0a2cc36	Fixes #644 (#645 )	2021-06-13 13:28:53 +02:00
Matthieu MOREL	1256f16f33	Fix lint and fail on error in the ci build	2021-05-31 10:44:12 +02:00
Matthieu MOREL	d040f0725f	Handle gosec version in SARIF report	2021-05-20 10:16:42 +02:00
Matthieu MOREL	d8cfcd6e76	Allow the user to enable/disable colorisation of the text report in the stdout	2021-05-10 14:18:39 +02:00
Shreyas Subhedar	a8b633f124	Adding stdout and verbose flags and refactor how the report is saved	2021-05-10 10:44:55 +02:00
Matthieu MOREL	c4f5932ab7	Refactor : Replace Cwe with cwe.Weakness	2021-05-07 16:54:34 +02:00
Matthieu MOREL	ddfa25381f	Define a report package with core and per format sub-packages	2021-05-06 09:31:51 +02:00
mrtc0	0d4f1cb2cb	Support SARIF output (#539 ) * SARIF support * add sarif option to help text	2020-11-02 09:13:53 +01:00
xpivarc	0ce48a584f	Reproducible junit report (#529 ) * Fix junit format ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Make ordering stable Signed-off-by: L. Pivarc <lpivarc@redhat.com> * Test ordering Signed-off-by: L. Pivarc <lpivarc@redhat.com>	2020-09-29 19:17:38 +02:00
Cosmin Cojocar	13519fda59	Update the tls configuration generate to handle also the NSS alternative names Regenerate the configuration of TLS rule. Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>	2020-09-03 10:54:08 +02:00
Cosmin Cojocar	3784ffea4e	Fix panic when reading the version from debug info in Go 1.13 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 15:27:53 +02:00
Cosmin Cojocar	ad1cb7e47e	Make sure some version information is set when no version was injected into the binary Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-06-25 09:20:55 +02:00
Hiroaki Sano	af699f6a62	Exclude .git directory from scan (#485 )	2020-06-09 15:16:27 +02:00
Cosmin Cojocar	c58f3563d3	Set the default color on only for text format Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 09:33:44 -07:00
Cosmin Cojocar	1a113d6da9	Turn the color always on when the text format is set Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-14 02:21:37 -07:00
Marco Antônio Singer	656691b387	feature(formatter/text): Add color option on text format (#460 ) * feature(issue): Add function to return file path and line number * docs(formatter/CreateReport): Update formats accepted * feature(formatter): Add color output for text format Basic color support for text format. For now, only the "Summary" title and "Issues" section has color * feature(formatter): Highlight issues based on severity Given an issue, the file path is painted based on its severity. We're using the following rules: high is red, medium is yellow and low is simple black & white * feature(main): Add color flag It's only valid for text format * refactor(formatter): Passing color flag forward	2020-04-14 09:50:02 +02:00
Cosmin Cojocar	c6e10af40f	Handle properly the gosec module version v2 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2020-04-06 09:06:23 -07:00
Sam Caccavale	7525fe4bb7	Rule for defering methods which return errors (#441 )	2020-03-01 21:45:37 +01:00
Sam Caccavale	a305f10eb9	Fileperms (#442 )	2020-02-28 12:48:18 +01:00
Lars Lehtonen	00363edac5	remove support for go 1.11 (#444 )	2020-02-28 12:47:01 +01:00
Hiroki Suezawa	79fbf3af8d	Add golint format to output format (#428 ) Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>	2020-01-03 10:56:21 +01:00
Lars Lehtonen	df484bfa9e	cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412 ) * cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14 * cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11	2019-11-19 11:41:25 +01:00
Cosmin Cojocar	43e3664713	Build the tls config generator only with Go versions compatible with Go 1.12 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-10 11:57:18 +10:00
Cosmin Cojocar	76ce9f0147	Update to config struct to unmarshal the mozilla server-side TLS conf version 5 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-10 11:57:18 +10:00
Cosmin Cojocar	e050355b4b	Update the TLS config generator to handle TLS version 1.3 Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-10 11:57:18 +10:00
Cosmin Cojocar	7851918c4f	Add support to exclude arbitrary folders from scanning (#353 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 22:01:36 +10:00
Daniel Carlier	8932f702ce	Add flag to handle '#nosec' alternative (#346 ) * Add logic to check for a #nosec alternative * Add NoSecAlternative as a new global variable * Add nosec-tag flag	2019-09-04 10:20:43 +02:00
Juan Antonio Osorio Robles	39f7e7b9e0	Display filtered number of issues instead of total in stats This takes into account the filtered number of issues instead of the total number. This number is more relevant to developers, as the intention was to not take certain issues into account anyway.	2019-07-04 10:13:09 +10:00

1 2 3

101 commits