actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 11:35:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
928 commits 2 branches 41 tags 20 MiB
Commit graph

928 commits

This branch
This branch
All branches
Author SHA1 Message Date
Cosmin Cojocar
ec31a3a691 Fix typo 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-12 10:15:03 +02:00
Cosmin Cojocar
a11eb28e2f Handle new function when getting the call info in case is overriden 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-12 10:15:03 +02:00
dependabot[bot]
5b7867d125
Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 09:10:25 +02:00
Cosmin Cojocar
dd08f99f53
Update to Go 1.21.3 and 1.20.10 (#1035) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-11 10:18:12 +02:00
Cosmin Cojocar
616520f44f
Update the list of unsafe functions detected by the unsafe rule (#1033) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-10 09:47:36 +02:00
Cosmin Cojocar
3952187ea7
Update the action to use gosec version v2.18.0 (#1029) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-09 10:37:52 +02:00
Cosmin Cojocar
2b62dd1d8a
Use a step ID in github release action to get the digest of the image (#1028) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-09 10:35:36 +02:00
Cosmin Cojocar
53fc0c3c83
Update to go version 1.21.2 and 1.20.9 (#1027) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-09 09:35:41 +02:00
renovate[bot]
7f7c47fefe
chore(deps): update all dependencies (#1026) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-09 09:22:00 +02:00
Oleksandr Redko
d864a91884
Enable gochecknoinits; fix lint issues; use consts for some vars (#1022) 2023-10-05 13:00:22 +02:00
Oleksandr Redko
09cf6efb3e
Fix typos in struct fields, comments, and docs (#1023) 2023-10-05 12:59:17 +02:00
renovate[bot]
665e87b287 chore(deps): update all dependencies 2023-10-05 12:58:26 +02:00
Cosmin Cojocar
4def3a4eb0 Fix lint warning 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-25 13:24:34 +02:00
Cosmin Cojocar
0d332a1027 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666 
It seems that the os.Create will create by default a file with 0666 permissions.

This should be detected when the configured permissions are less than 0666. By default will not detect this case
unless the more restrictive mode is configured.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-25 13:24:34 +02:00
Cosmin Cojocar
293d887525 Fix lint warnings 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-20 10:19:51 +02:00
Cosmin Cojocar
ac482cb87c Update ginkgo to latest version 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-20 10:19:51 +02:00
Cosmin Cojocar
e02e2f6d5b Redesign and reimplement the slice out of bounds check using SSA code representation 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-20 10:19:51 +02:00
Audun Bjørnerud Mo
e1278f9572 docs: add reMarkable to users list 2023-09-19 15:55:25 +02:00
renovate[bot]
f6a64969a3 chore(deps): update all dependencies 2023-09-18 08:40:10 +02:00
Cosmin Cojocar
aebe20cfba Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-11 11:26:07 +02:00
Cosmin Cojocar
7a98537c9a Update to latest go version 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-11 11:26:07 +02:00
renovate[bot]
b192f06cca
chore(deps): update all dependencies (#1011) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-11 10:53:32 +02:00
Cosmin Cojocar
6c93653a29
Fix hardcoded_credentials rule to only match on more specific patterns (#1009) 
* Fix hardcoded_credentials rule to only match on more specific patterns

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>

* Fix lint warnings

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>

* Fix double escape in regexps

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>

---------

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-05 18:00:02 +02:00
renovate[bot]
325eb19a54
chore(deps): update all dependencies (#1008) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-04 09:12:42 +02:00
Cosmin Cojocar
beef1250a4
Exclude maps from slince bounce check rule (#1006) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-08-23 17:17:14 +02:00
Alexander Yastrebov
21d13c9a9b
Ignore struct pointers in G601 (#1003) 
Updates https://github.com/securego/gosec/issues/966

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
 2023-08-18 17:05:17 +02:00
Kevin Pita
85005c43d9
Update gosec image version to 2.17.0 in the Github action (#1002) 2023-08-18 10:07:28 +02:00
Cosmin Cojocar
6a2c5e16a1
Update cosign to version v2.1.1 (#1000) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-08-17 09:53:01 +02:00
Cosmin Cojocar
a89e9d5a7a
Enable go 1.21.0 in the CI build (#998) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-08-14 09:59:18 +02:00
renovate[bot]
4b458c4f59
chore(deps): update all dependencies (#997) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-08-14 09:36:16 +02:00
Cosmin Cojocar
7d51bfe004
Update to go version 1.20.7 and 1.19.12 (#993) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-08-07 10:05:55 +02:00
renovate[bot]
fc2f66bbbb
chore(deps): update all dependencies (#992) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-08-07 09:54:19 +02:00
renovate[bot]
2cf2f96697
chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-31 10:23:04 +02:00
Audun
bf7feda2b9
fix: correctly identify infixed concats as potential SQL injections (#987) 2023-07-25 17:13:07 +02:00
renovate[bot]
2292ed5e91
chore(deps): update all dependencies (#989) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-24 10:01:22 +02:00
Cosmin Cojocar
fc570b6f1a
Add a new flag terse to show only the results and summary (#986) 
The new flag '-terse' will only show the results and summary ignoring any logs occured during a scan.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-07-18 16:21:22 +02:00
Cosmin Cojocar
36f69332a4
Switch to a maintained fork of zxcvbn module (#984) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-07-17 12:47:26 +02:00
Cosmin Cojocar
ed7b33420e
Fix dependencies after bot update (#983) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-07-17 10:25:11 +02:00
renovate[bot]
e76ad70182
chore(deps): update all dependencies (#982) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-17 10:13:40 +02:00
Cosmin Cojocar
3a6fd99e54
Update to Go version 1.19.11 and 1.20.6 (#981) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-07-13 09:53:11 +02:00
Cosmin Cojocar
ea39309b36
Fix and tidy the dependencies (#977) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-07-10 10:52:16 +02:00
renovate[bot]
ef8f560d84
chore(deps): update all dependencies (#976) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-10 10:37:30 +02:00
Cosmin Cojocar
17b7d31f41
Update README file with new rule (#975) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-06-21 10:07:27 +02:00
Morgen Malinoski
a018cf0fbb
Feature: G602 Slice Bound Checking (#973) 
* Added slice bounds testing for slice expressions.

* Added checking slice index.

* Added test for reassigning slice.

* Store capacities on reslicing.

* Scope change clears map. Func name used to track slices.

* Map CallExpr to check bounds when passing to functions.

* Fixed linter errors.

* Updated rulelist with CWE mapping.

* Added comment for NewSliceBoundCheck.

* Addressed nil cap runtime error.

* Replaced usage of nil in call arg map with dummy callexprs.

* Updated comments, wrapped error return, addressed other review concerns.
 2023-06-21 09:56:36 +02:00
renovate[bot]
82364a710c
chore(deps): update all dependencies (#974) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-19 09:15:01 +02:00
Morgen Malinoski
abeab1092d
Feature: G101 match variable values and names (#971) 
* G101 now checks LHS of ValueAssignments for patternValue.

* Added matching string literals in equality check.

* Added patternValue matching for ValueSpec.

* Ran gci to fix linter error.

* Added tests and updated regex to be more inclusive.

* Addressed short-circuit eval for isHighEntropy and non-standard ok variable.

* Resolved unhandled error and added more tests.

* Flattened code to make it more readable.

* Added better comments.

* Added new regex for Google API Key, GitHub PAT, and GoogleOAuth.

* Gofmt'ed the test cases.
 2023-06-15 10:18:03 +02:00
Cosmin Cojocar
b824c10eb4 Update build script to go version 1.20.5 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-06-07 08:53:25 +02:00
renovate[bot]
022584d770 chore(deps): update all dependencies 2023-06-05 09:29:32 +02:00
futuretea
bd58600acf Recognize struct field in G601 
Signed-off-by: futuretea <1913508671@qq.com>
 2023-06-02 17:17:10 +02:00
Cosmin Cojocar
1457921142 Remove the depguard from the list of enabled linters 
It seems that it flags some imports which are part of the project.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-06-02 16:14:14 +02:00