Commit graph

1080 commits

Author SHA1 Message Date
Alex Gartner
08b94f9392 Resolve underlying type to detect overflows in type aliases 2024-07-20 10:06:43 +02:00
renovate[bot]
4487a0c5a2 chore(deps): update dependency babel-standalone to v7.24.8 2024-07-15 09:13:59 +02:00
Alex Gartner
007626773c Fix multifile ignores 2024-07-15 09:00:36 +02:00
Alex Gartner
2f1b81b889 Add -enable-audit cli flag 2024-07-13 11:25:25 +02:00
Cosmin Cojocar
87fcb9b95b Update to go 1.22.5 and 1.21.12
Change-Id: I3334016ed2714ce4aed959d7f19a33e220c000e4
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-07-08 16:00:12 +02:00
renovate[bot]
466992feca chore(deps): update all dependencies 2024-07-08 15:49:41 +02:00
Dimitar Banchev
9a4a741e6b Added more rules
* Rule G406 responsible for the usage of deprecated MD4 and RIPEMD160 added.
* Rules G506, G507 responsible for tracking the usage of the already mentioned libraries added.
* Slight changes in the Makefile(`make clean` wasn't removing all expected files)
* Added license to `analyzer_test.go`
2024-06-25 13:18:27 +02:00
Dimitar Banchev
6382394ce8 Fixed coverage workflow
* Renamed file(removed space)
* Changed the expected issues ( 1 -> 2)
2024-06-24 15:25:54 +02:00
Dimitar Banchev
5666ea35ba Fixed CI workflow
The CI workflow wasn't able to complete succesfully.

* Formatted the call_list_test.go file
2024-06-24 15:25:54 +02:00
Dimitar Banchev
fc0957f6a3 Minor changes
* Renamed the file responsible for rule G401
* Removed copyright of HP from the new rule
2024-06-24 15:25:54 +02:00
Dimitar Banchev
58e4fccc13 Split the G401 rule into two separate ones
Now the G401 rule is split into hashing and encryption algorithms.

G401 is responsible for checking the usage of MD5 and SHA1, with corresponding CWE of 328.
And G405(New rule) is responsible for checking the usege of DES and RC4, with corresponding CWE of 327.
2024-06-24 15:25:54 +02:00
Dimitar Banchev
2e71f37efd Updated G401 corresponding CWE
The corresponding CWE from G401 rule was changed from CWE-326 -> CWE-328.
In my opinion, this CWE suits better the rule.
2024-06-24 15:25:54 +02:00
renovate[bot]
3edc633c24 chore(deps): update docker/build-push-action action to v6 2024-06-24 15:24:22 +02:00
Cosmin Cojocar
2ae137abcf Update to go versions to 1.21.11 and 1.22.4
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-06-11 21:47:56 +02:00
renovate[bot]
30a8a9c8c3 chore(deps): update all dependencies 2024-06-11 21:31:12 +02:00
Cosmin Cojocar
ac75d44f56 Fix nosec when applied to a block
Handle properly nosec directive when applied to a block or as a single
line on a multi-line issue.

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-28 12:54:05 +02:00
Cosmin Cojocar
ed3f51e663 Add more types to templates rule
Add additional types such as CSS, JSStr and Srcset to the template rule.
These types are marked as a security risk in the godoc
https://pkg.go.dev/html/template.

Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-28 10:39:33 +02:00
Cosmin Cojocar
c3209fcaac Map the G115 rule to an CWE ID
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 15:12:55 +02:00
renovate[bot]
45fbb27d87 chore(deps): update all dependencies 2024-05-27 13:03:14 +02:00
Cosmin Cojocar
43bef719b4 Update README with G115 rule description
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
555fe448dd Remove deprecated megacheck linter from golangci
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
81b076f53d Format imports
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
f775eb19c5 Update .gitignore
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Cosmin Cojocar
4bf5667f66 Add a new rule to detect integer overflow on integer types conversion
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-27 13:03:01 +02:00
Fernandez Ludovic
5f0084eb01 feat: add env var to override the Go version detection 2024-05-25 11:00:44 +02:00
Cosmin Cojocar
75dd9d61ff Use the proper logic when disabling the go module version
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:31:43 +02:00
Cosmin Cojocar
1e1fc91d15 Update the README with some details related to Go version used by the rules
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:24:44 +02:00
Cosmin Cojocar
9a036658b7 Add an environment varialbe which disables the parsing of Go version from module file
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-22 10:24:44 +02:00
renovate[bot]
b633c4c0ec chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 2024-05-20 10:36:33 +02:00
Cosmin Cojocar
40f29c8d4a Update docker image in action to v2.20.0
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:57:16 +02:00
Cosmin Cojocar
6fbd381238 Catch os.ModePerm permissions in os.WriteFile
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:33:23 +02:00
Cosmin Cojocar
dc5e5a99d0 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-14 15:33:23 +02:00
Cosmin Cojocar
417a44c73b Add filepath.EvalSymlinks to clean functions in rule G304
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-13 17:19:29 +02:00
renovate[bot]
d34f8b77d5 chore(deps): update all dependencies 2024-05-13 14:19:10 +02:00
Cosmin Cojocar
8658b8eab6 Update Go to version 2.22.3 in CI and release
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-12 11:40:57 +02:00
renovate[bot]
d3b2359ae2 chore(deps): update module golang.org/x/text to v0.15.0 2024-05-06 12:35:14 +02:00
renovate[bot]
cf29d543e2 chore(deps): update all dependencies 2024-05-02 10:27:10 +02:00
renovate[bot]
09d62bd630 chore(deps): update module github.com/onsi/gomega to v1.33.0 2024-04-22 09:11:31 +02:00
Cosmin Cojocar
3b23ec8f09 Update to go 1.22.2
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-04-08 11:51:51 +02:00
renovate[bot]
31009c3db8 chore(deps): update all dependencies 2024-04-08 11:41:11 +02:00
renovate[bot]
daf6f670f7 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 2024-04-02 09:51:47 +02:00
renovate[bot]
e27f442499 chore(deps): update all dependencies 2024-03-25 11:02:28 +01:00
Martin Desrumaux
551361539e fix(helpers/goversion): get from go.mod 2024-03-20 11:43:30 +01:00
avoidalone
43b8b75d88 chore: fix function name
Signed-off-by: avoidalone <wuguangdong@outlook.com>
2024-03-11 11:56:41 +01:00
renovate[bot]
accd7a1319 chore(deps): update all dependencies 2024-03-11 11:56:06 +01:00
Cosmin Cojocar
48aa72e1ef Format the imports using the gci tool
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-03-08 12:15:42 +01:00
nobishino
b6df69cd07 Fixup: delete unused variable 2024-03-08 12:15:42 +01:00
nobishino
ccb0a08221 Fix test: update test to comply with the spec of generated sources
https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source says:

> This line must appear before the first non-comment, non-blank text in the file.

Original test cases fail with the previous commit because test source does not comply with this spec.
So, probably we should update test case to comply with the spec.
(This is a breaking change, though)
2024-03-08 12:15:42 +01:00
nobishino
3a0ea5176b Refactor: use standard function to check if a file is generated
As of Go1.21, we can use https://pkg.go.dev/go/ast#IsGenerated to check if a file is generated.
Probably we want to use this instead of own implementation.
2024-03-08 12:15:42 +01:00
Hiroki Yorimitsu
11c32522c5 Fix lint warnings 2024-03-07 16:33:18 +01:00