Yiwei Ding
b45f95f6ad
Add support for suppressing the findings
2021-12-09 11:53:36 +01:00
Lars
6a41fb9e61
Fix https://github.com/securego/gosec/issues/714 ( #733 )
2021-11-24 16:34:42 +01:00
Cosmin Cojocar
e57efa8482
Fix a panic in suproc rule when the declaration of the variable is not available in the AST ( #728 )
2021-11-16 21:41:26 +01:00
Cosmin Cojocar
55c6ceaaa6
Fix crash when parsing the TLS min version value ( #724 )
2021-11-09 21:59:53 +01:00
Ville Skyttä
40fa36d1de
G303: catch with os.WriteFile, add os.Create test case ( #718 )
...
* Add G303 os.Create test case
* Catch G303 with os.WriteFile too
2021-11-09 21:13:45 +01:00
Eng Zer Jun
7fd4aef9dc
feat: add os.ReadFile to G304 ( #706 )
...
In Go 1.16 or higher, the `io/ioutil` has been deprecated and the
`ioutil.ReadFile` function now calls `os.ReadFile`.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-10-14 09:53:26 +02:00
Yuval Kashtan
1933cba5b5
Add os.Unsetenv to NoErrorCheck whitelist ( #702 )
...
it always return nil err
2021-10-05 19:30:34 +02:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci ( #698 )
2021-09-13 09:40:10 +02:00
Cosmin Cojocar
d3309fb4f5
Add a more generic message for rule g204 ( #688 )
2021-08-19 15:18:20 +02:00
Cosmin Cojocar
f285d612b5
Fix formatting issues with gofumpt ( #685 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-08-18 13:16:21 +02:00
Nanik
5a131be2ec
fix: add more rules for G204 ( #677 )
...
* fix: add more rules for G204
* fix: add extra test and comment
2021-08-16 11:31:51 +02:00
Marc Brugger
62db81342e
Allow excluding generated files
2021-08-04 17:33:20 +02:00
Lars
d4dc2d2df5
Improve the G307 rule
...
* Add G307 sample code.
The sample should reflect a defered close that leads to data loss.
Due to IDE auto-complete people tend at least log errors, but not
really care about handling.
* Add more G307 sample code. Propose a way to implement
* Remove unused code. Add example that should not return an error but does
* Remove test for synced closed file for now.
Will add this later
Co-authored-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2021-07-31 23:03:09 +02:00
Nanik
9535c9e3e1
fix: add variable assignment checking as part of MinVersion ( #669 )
...
* fix: add variable assignment checking as part of MinVersion
* fix: add more code to allow assignment with const
* fix: rework the code and add more test cases for MinVersion
* fix: format linting issue using gofumpt
2021-07-27 22:03:59 +02:00
Nanik
2a4064d45d
feat: adding new keyword for hardcoded credentials ( #666 )
2021-07-19 11:23:39 +02:00
Josh Kaufman
514f65f3c3
Add G204 rule for sys/execabs ( #660 )
...
* Add G204 rule for sys/execabs
* syntax error in testutils/sources.go
2021-07-01 17:43:25 +02:00
エガオノキミヘ
3c230ac0f7
errors.go: add Hash.Write() to the white list. ( #648 )
2021-06-13 13:30:49 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build
2021-05-31 10:44:12 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt
2021-05-07 18:04:01 +02:00
Chris Bandy
27a5ffb5c8
Quiet warnings about integer truncation ( #586 )
...
Both MinVersion and MaxVersion of crypto/tls.Config are uint16, so the
int16 fields of rules.insecureConfigTLS are too small. GetInt()
interprets integer literals as fitting within 64-bits, so simplify
things by using int64.
2021-03-03 10:05:33 +01:00
Matouš Dzivjak
1fce46151c
fix: WriteParams rule to work also with golang 1.16 ( #577 )
...
In go 1.16 the `ioutil` package was deprecated and
the functions should be replaced by their equivalents
in either `io` or `os` packages. This means,
that `ioutil.WriteFile` should be replaced by
`os.WriteFile` instead. To account for this change
and to detect incorrect permissions also for `os.WriteFile`
I changed `filePermissions` rule slightly to allows
specifying multiple packages that can contain given
function and that we should check. This workaround
can be removed after a sufficient time has passed
and after it is decided that checking `os.WriteFile`
is enough.
Fixes: https://github.com/securego/gosec/issues/576
2021-02-22 09:22:04 +01:00
Cosmin Cojocar
897c203e62
Reset the state of TLS rule after each version check ( #570 )
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2021-02-11 10:52:16 +01:00
Chris Bandy
e100f6b862
Assert that sample code compiles
2021-01-04 09:28:00 +01:00
Jeff Widman
9fe0b2e21a
Fix typo ( #547 )
2020-12-11 09:34:38 +01:00
Cosmin Cojocar
13519fda59
Update the tls configuration generate to handle also the NSS alternative names
...
Regenerate the configuration of TLS rule.
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
Cosmin Cojocar
f13b8bc639
Add also filepath.Rel as a sanitization method for input argument in the G304 rule
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-19 09:40:07 +02:00
Cosmin Cojocar
047729a84f
Fix the rule G304 to handle the case when the input is cleaned as a variable assignment
...
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-19 09:40:07 +02:00
ggkitsas
b60ddc21ba
feat: adds support for path.Join and for tar archives in G305
2020-08-03 09:17:45 +02:00
Cosmin Cojocar
110b62b05f
Add io.CopyBuffer function to rule G110
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-29 14:25:45 +02:00
Cosmin Cojocar
ade81d3873
Rename file for consistency
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-29 13:52:47 +02:00
evalphobia
03f12f3f5d
Change naming rule from blacklist to blocklist
2020-06-29 13:45:44 +02:00
Cosmin Cojocar
55d368f2e5
Improve the TLS version checking
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:21:14 +02:00
Cosmin Cojocar
1d2c951f2c
Extend the rule G304 with os.OpenFile and add a test to cover it
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-17 13:14:08 +02:00
Cosmin Cojocar
6bbf8f9cbc
Extend the insecure random rule with more insecure random functions
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-15 15:12:02 +02:00
Cosmin Cojocar
30e93bf865
Improve the SQL strings concat rules to handle multiple string concatenation
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Cosmin Cojocar
68bce94323
Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context
...
In addition makes pattern matching used by the rules cases insensitive.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Grant Murphy
8630c43b66
Add null pointer check in G601
...
fixes : #475
2020-05-21 05:51:45 +02:00
Vitaly Velikodny
668512fc5c
Update bad_defer.go
...
Fix a mistake in the message:
> G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
type and method changed
2020-05-06 16:23:04 +02:00
Caccavale
ee3146e637
Rule which detects aliasing of values in RangeStmt
2020-04-24 07:46:25 -07:00
Cosmin Cojocar
fb44007c6e
Enhance the hardcoded credentials rule to check the equality and non-equality of strings
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-20 03:08:39 -07:00
Cosmin Cojocar
802292c54f
Fix the configuration parsing for hardcoded credentials
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-15 07:21:19 -07:00
Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Cosmin Cojocar
cf2590442c
Fix the subproc rule to handle correctly the CommandContext check
...
In this case, we need to skip the first argument because it is the context.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Cosmin Cojocar
f97f86103c
Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls
...
Also add the corresponding tests for this.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
Sam Caccavale
a305f10eb9
Fileperms ( #442 )
2020-02-28 12:48:18 +01:00
Cosmin Cojocar
3e069e7756
Fix the errors rule whitelist to work on types methods
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-29 09:41:46 +01:00
Hiroki Suezawa
459e2d3e91
Modify rule for integer overflow to have more acurate results ( #434 )
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-21 10:13:11 +01:00
Hiroki Suezawa
a4d7b3628b
Add G110(Potential DoS vulnerability via decompression bomb)
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Hiroki Suezawa
9cb83e10af
Add a rule which detects when there is potential integer overflow ( #422 )
...
* Add G109(Potential Integer OverFlow Detection)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* add CWE to G109(Potential Integer Overflow)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* Modify G109 to use gosec.Context
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00