Commit graph

654 commits

Author SHA1 Message Date
Cosmin Cojocar
6bbf8f9cbc Extend the insecure random rule with more insecure random functions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-15 15:12:02 +02:00
Hiroaki Sano
af699f6a62
Exclude .git directory from scan (#485) 2020-06-09 15:16:27 +02:00
renovate[bot]
6202b38a44
Update all dependencies (#484)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-02 09:31:29 +02:00
Cosmin Cojocar
6a130d55b3
Update the link pointing to issues to CWE mapping to use the master version (#483)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-28 14:40:15 +02:00
Lukas Aron
826db1cfec
Fix the build tags propagation
The build tags are now propagated into the build context when analysing a package.
2020-05-27 12:42:19 +02:00
Cosmin Cojocar
7da9248ce6 Change the issue test to verify that a multi-line finding contains a line range
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Cosmin Cojocar
7aedcc56ab Remove print line from tests
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Cosmin Cojocar
30e93bf865 Improve the SQL strings concat rules to handle multiple string concatenation
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Cosmin Cojocar
68bce94323 Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context
In addition makes pattern matching used by the rules cases insensitive.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
Cosmin Cojocar
32be4a5cc6 Make sure all rules are mapped to CWE numbers
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-26 08:59:14 +02:00
Grant Murphy
8630c43b66 Add null pointer check in G601
fixes: #475
2020-05-21 05:51:45 +02:00
Lukas Aron
1418b856ea ondisk -> onDisk 2020-05-19 11:34:34 +02:00
Lukas Aron
b2cfc5d638 USERS.md type in the title fixed. 2020-05-19 11:34:34 +02:00
Cosmin Cojocar
425b8f9531 Display a sponsor button in the repository
Enable the funding button in the project following https://help.github.com/en/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository
2020-05-14 09:33:18 +02:00
Cosmin Cojocar
0714a1e62a Update the users file with some more projects and companies
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-12 08:51:13 +02:00
Cosmin Cojocar
1b915ddad7 Set up a gosec's users list
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-12 08:51:13 +02:00
Vitaly Velikodny
668512fc5c Update bad_defer.go
Fix a mistake in the message:
> G307: Deferring unsafe method "*os.File" on type "Close" (gosec)

type and method changed
2020-05-06 16:23:04 +02:00
Caccavale
ee3146e637 Rule which detects aliasing of values in RangeStmt 2020-04-24 07:46:25 -07:00
Cosmin Cojocar
8662624e28 Update the build badge to ge the status from GitHub workflow
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-20 03:20:30 -07:00
Cosmin Cojocar
a5db4e1f04 Run mod tidy to clean up the dependencies
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-20 03:08:39 -07:00
Cosmin Cojocar
fb44007c6e Enhance the hardcoded credentials rule to check the equality and non-equality of strings
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-20 03:08:39 -07:00
Cosmin Cojocar
a2a40de847 Update the README with an example to configure the hard-coded credentials rule
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-15 07:21:19 -07:00
Cosmin Cojocar
802292c54f Fix the configuration parsing for hardcoded credentials
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-15 07:21:19 -07:00
Cosmin Cojocar
c58f3563d3 Set the default color on only for text format
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 09:33:44 -07:00
Cosmin Cojocar
1a113d6da9 Turn the color always on when the text format is set
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 02:21:37 -07:00
Cosmin Cojocar
c4417de46d Use the latest color package to get the color working with tmux
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 02:21:37 -07:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format (#460)
* feature(issue): Add function to return file path and line number

* docs(formatter/CreateReport): Update formats accepted

* feature(formatter): Add color output for text format

Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color

* feature(formatter): Highlight issues based on severity

Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white

* feature(main): Add color flag

It's only valid for text format

* refactor(formatter): Passing color flag forward
2020-04-14 09:50:02 +02:00
Cosmin Cojocar
51e4317f09 Automate the release process using a GitHub workflow
The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-14 00:41:56 -07:00
Cosmin Cojocar
341059e11a Update the GitHub action name to be more desriptive 2020-04-08 09:40:50 +02:00
Cosmin Cojocar
3b6c3f13f1 Update README with some instruction how to run gosec as a GitHub action
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-08 00:39:01 -07:00
Cosmin Cojocar
08202fee80 Add a GitHub action to run gosec
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-08 00:39:01 -07:00
Cosmin Cojocar
c6e10af40f Handle properly the gosec module version v2
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Renovate Bot
e946c8c399 Update all dependencies 2020-04-01 01:20:31 -07:00
Cosmin Cojocar
e030aa4f76 Remove the go 1.14 version from github action
It seems to fail when starting the action.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:20:59 +02:00
Cosmin Cojocar
ee176ff8fc Fix the job names in the Github workflow
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:16:53 +02:00
Cosmin Cojocar
cabccc75ef Add to GitHub workflow some jobs for go1.13 and go1.12
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:15:21 +02:00
Cosmin Cojocar
a111777041 Change the GitHub workflow to use only the latest Go version
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 13:06:29 +02:00
Cosmin Cojocar
722acb64cb Change the GitHub workflow to run the builds only on ubuntu-latest platform
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:59:02 +02:00
Cosmin Cojocar
5284f34b6f Change the GitHub workflow to use an action which install Go using a Go version from the matrix
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 12:52:42 +02:00
Cosmin Cojocar
8de5fb6eb2 Migrate the build to GitHub Actions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-30 03:32:24 -07:00
Cosmin Cojocar
7da9f46445 Fix the call list info to handle selector expressions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-16 09:44:57 +01:00
Cosmin Cojocar
cf2590442c Fix the subproc rule to handle correctly the CommandContext check
In this case, we need to skip the first argument because it is the context.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Cosmin Cojocar
f97f86103c Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls
Also add the corresponding tests for this.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-03-13 13:25:35 +01:00
Tomas Kral
c998389da2
re-generate install.sh with latest godownloader (#446) 2020-03-02 14:48:48 +01:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors (#441) 2020-03-01 21:45:37 +01:00
renovate[bot]
a2ac0bf32b
Update all dependencies (#445)
Co-authored-by: WhiteSource Renovate <renovatebot@gmail.com>
2020-03-01 21:44:28 +01:00
Sam Caccavale
a305f10eb9
Fileperms (#442) 2020-02-28 12:48:18 +01:00
Lars Lehtonen
00363edac5
remove support for go 1.11 (#444) 2020-02-28 12:47:01 +01:00
Renovate Bot
d13bb6d242 Update all dependencies 2020-02-03 10:45:20 +01:00
Cosmin Cojocar
17df5b3702 Fix typos
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-01-29 09:41:46 +01:00