Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Hiroki Suezawa
a4d7b3628b
Add G110(Potential DoS vulnerability via decompression bomb)
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Cosmin Cojocar
a1969e208c
Handle all errors in the formatter tests ( #431 )
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-16 09:05:38 +01:00
Hiroki Suezawa
9cb83e10af
Add a rule which detects when there is potential integer overflow ( #422 )
...
* Add G109(Potential Integer OverFlow Detection)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* add CWE to G109(Potential Integer Overflow)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* Modify G109 to use gosec.Context
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00
Hiroki Suezawa
79fbf3af8d
Add golint format to output format ( #428 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
Julian Thome
53be8dd864
Add CWE rule mappings ( #405 )
...
* added mappings
* added cwe to template
* link in function to template
* moved mappings and added test cases
* wording
* cleanup
2019-10-31 09:22:38 +01:00
Grant Murphy
4b59c94808
Prevent null pointer exception in Sonarqube ( #334 )
...
* fix(formatters) null value causes npe in sonarqube
the json encoding of uninitialized arrays is null. this causes a npe in
sonarqube tool. we should return an empty array rather than a null value
here.
relates to: #333
2019-07-09 13:36:09 +10:00
Cosmin Cojocar
020479a832
Support multiple root paths when generating the Sonarqube report
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:35:11 +02:00
Cosmin Cojocar
46e55b908d
Fix the file path in the Sonarqube report
...
Add some test to validate the Sonarqube formatter.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:10:51 +02:00
Cosmin Cojocar
950e84c3fa
Handle errors to fix lint warnings
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
kencrawford
eaba99df37
fix comment.
2019-03-21 07:30:14 +10:00
kencrawford
4cd14f9068
remove panic
2019-03-21 07:30:14 +10:00
kencrawford
66e7c8d8f8
Extract to a constant
2019-03-21 07:30:14 +10:00
kencrawford
1b28d323d8
fix sonarIssues struct
2019-03-21 07:30:14 +10:00
kencrawford
989eb3ff88
Update Hound errors
2019-03-21 07:30:14 +10:00
kencrawford
ddfe54d0a0
Add sonarqube output
2019-03-21 07:30:14 +10:00
Martin Vrachev
62b5195dd9
Report for Golang errors ( #284 )
...
* Report for Golang errors
Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.
The real problem here is that the user will never know about the issue if he generates the output in a file.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
NeverOddOrEven
027dc2b8a7
This fixes the html template when using '-fmt=html'
...
- resolves HTML escaping issues within the template
- resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats
2018-10-03 13:31:59 -05:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org ( #214 )
2018-07-19 17:40:28 +10:00
Geoff Baskwill
b643ac26a4
Add rule ID to text output ( #198 )
2018-04-16 15:44:54 +10:00
cosmincojocar
1d9f816ca5
Add support for YAML output format ( #177 )
...
* Add YAML output format
* Update README
2018-03-05 22:20:24 +10:00
Delon Wong Her Laang
33fff9514f
Excape html string for junit output.
2018-02-01 12:30:47 +08:00
Delon Wong Her Laang
862295cb7d
Return err instead of panic.
2018-01-30 09:54:30 +08:00
Wong Her Laang
143df04ede
Fixed typo.
2018-01-27 22:23:07 +08:00
Wong Her Laang
5b91afec36
Unexport junit xml structs and some further refactoring.
2018-01-27 14:45:04 +08:00
Wong Her Laang
fdc78c0c47
Changed failure text from json to plaintext.
2018-01-27 12:43:08 +08:00
Wong Her Laang
4059facfb9
Pretty print xml result for better viewing.
2018-01-27 12:25:54 +08:00
Wong Her Laang
1346bd37ca
Edited README and help text.
2018-01-27 12:19:38 +08:00
Wong Her Laang
2c1a0b8732
Refactored code.
2018-01-27 12:14:35 +08:00
Wong Her Laang
7539b3735f
Added xml header format.
2018-01-27 11:49:58 +08:00
Delon Wong Her Laang
b8cdc32174
Working version of xml result format.
2018-01-26 11:16:49 +08:00
Grant Murphy
af25ac1f6e
fix golint errors picked up by hound-ci
2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c
fix hound-ci errors
2017-12-13 17:39:00 +10:00
Adrian Lanzafame
9c959ca0a9
Issue.Line is already a string
2017-10-01 10:31:39 +10:00
Grant Murphy
cacf21f3c0
Restructure to focus on lib rather than cli
2017-04-26 08:08:46 -07:00
Grant Murphy
8df48f9769
Fix to reporting to use output formats
2017-04-25 17:57:12 -07:00
Grant Murphy
9e2abd500f
Merge pull request #66 from csstaub/cs/html-output
...
Add support for HTML output
2016-11-03 21:15:17 -07:00
Grant Murphy
74b6633ee0
Updated imports to new repository location.
2016-11-02 16:54:20 -07:00
Cedric Staub
911c69646d
Add support for HTML output
2016-10-21 13:18:56 -07:00
Cedric Staub
2ec102c7bf
Use encoding/csv for CSV output
...
The encoding/csv package will take care of quoting, double-quoting,
and other CSV quirks -- avoids having to fiddle with text templates.
2016-07-27 20:55:09 -07:00
Cedric Staub
271cff19f7
Use encoding/json for -fmt json output
2016-07-25 16:40:49 -07:00
Cedric Staub
c6e25a9b64
Make sure -fmt json produces valid output
2016-07-25 16:10:00 -07:00
Tim Kelsey
4f3d620d37
Initial public release
2016-07-20 15:56:32 +01:00