actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
820 commits 2 branches 41 tags 20 MiB
Commit graph

107 commits

Author SHA1 Message Date
Cosmin Cojocar
f9a8bf0152
Update slack badge and link (#905) 2022-12-12 12:20:22 +01:00
Ville Skyttä
0c8e63ed86
Detect use of net/http functions that have no support for setting timeouts (#842) 
https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
https://blog.cloudflare.com/exposing-go-on-the-internet/

Closes https://github.com/securego/gosec/issues/833
 2022-08-02 17:16:44 +02:00
Vladimir Severov
9c19cb6501
Add check for usage of Rat.SetString in math/big with an overflow error (#819) 
* Add check for usage of Rat.SetString in math/big with an overflow error

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7
has an overflow that can lead to Uncontrolled Memory Consumption.

It is the CVE-2022-23772.

* Use ContainsPkgCallExpr instead of manual parsing
 2022-06-03 00:19:51 +02:00
云微
34d144b3fa
Add new rule for Slowloris Attack 2022-04-30 12:38:50 +02:00
Gautam Mehta
0791d31471
Fix typo in ReadMe (#802) 2022-04-05 07:15:22 +02:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/") 2022-03-06 10:58:47 +01:00
Cosmin Cojocar
26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign (#781) 
* Extend the release action to sign the docker image and binary files with cosign

* Fix lint warnings

* Fix the ling warnings

* Fix the lint warnings
 2022-02-22 21:33:42 +01:00
de-jcup
db8d98b571 Updated sponsor link in README.md 
- Because of rebranding (Daimler AG has become
  Mercedes-Benz Group AG) the github organization has
  been renamed as well.
- Updated sponsorship link in README.md to new github organization
 2022-02-07 10:34:42 +01:00
Cosmin Cojocar
e0f354aa0d
Add the sponsors section in the README file (#740) 2021-12-15 20:10:40 +01:00
Ville Skyttä
d23ab2d997
Remove space between // and #nosec in examples and internal use 
Comments intended for machines to read do not have the space by
convention.
 2021-12-15 19:31:14 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings 2021-12-09 11:53:36 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes (#717) 2021-11-09 21:02:24 +01:00
xq840622
1297bedbc7
Update README.md (#707) 
"io/ioutil" package name is "ioutil"
 2021-10-14 09:54:09 +02:00
nobishii
991dd94f3a
Update local installation instruction (#703) 
Update local installation instruction for Go1.16+.
 2021-10-05 19:33:55 +02:00
Rodrigo Broggi
9f30bb6602
Typo correction (#681) 
Correcting the command flag from 'tag' to 'tags'
 2021-08-16 11:29:35 +02:00
Marc Brugger
62db81342e
Allow excluding generated files 2021-08-04 17:33:20 +02:00
Matthieu MOREL
af27673a87
Update README.md 2021-05-28 09:19:31 +02:00
Shreyas Subhedar
a8b633f124
Adding stdout and verbose flags and refactor how the report is saved 2021-05-10 10:44:55 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt 2021-05-07 18:04:01 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Matthieu MOREL
cc83d4c922
Generate the SARIF types, handle taxonomies and separate responsibilities 2021-05-05 18:54:32 +02:00
Jeff Widman
0695fa026e
Add -u to local install instructions (#595) 
`-u` will ensure that users are updated the latest released version.

This way bugs are less likely to be reported that are already fixed.
 2021-04-16 09:50:10 +02:00
Cosmin Cojocar
dcbcc4dd2a
Use a more generic path for sonarqube import path (#573) 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2021-02-11 14:19:46 +01:00
Cosmin Cojocar
2777e5065e
Update README with a note which describes how to import a SonarQube report (#572) 2021-02-11 12:10:44 +01:00
Mark Wolfe
d9d75834b6 update README with instructions on how to integrate with GitHub codescanning 2021-01-22 11:31:07 +01:00
Miki Tebeka
6bd6e4ba2c Use $(go env GOPATH) that works even when GOPATH is not set 2020-10-01 04:17:43 +10:00
Lucas Charles
aef335a98e Fix typo in README.md 
s/trucate/truncate for G101 configuration
 2020-10-01 04:17:00 +10:00
Cosmin Cojocar
868556b846 Update README with the correct path to tlsconfig command 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-03 10:54:08 +02:00
Cosmin Cojocar
166e4f5f45 Update README file with some more details required to run successfully a scan with the docker image 
The current working directory needs to be specified in the docker run option in order for gosec
to download the dependencies defined in the go module file.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-09-01 08:57:52 +02:00
Cosmin Cojocar
a3895d5c55 Fix typo in README file 
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
 2020-08-31 10:27:02 +02:00
Jamie Cuthill
17c955519e Incorrect local installation instructions for v2 2020-08-21 11:23:36 +02:00
ggkitsas
b60ddc21ba feat: adds support for path.Join and for tar archives in G305 2020-08-03 09:17:45 +02:00
evalphobia
03f12f3f5d Change naming rule from blacklist to blocklist 2020-06-29 13:45:44 +02:00
Cosmin Cojocar
6a130d55b3
Update the link pointing to issues to CWE mapping to use the master version (#483) 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-28 14:40:15 +02:00
Cosmin Cojocar
1b915ddad7 Set up a gosec's users list 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-05-12 08:51:13 +02:00
Caccavale
ee3146e637 Rule which detects aliasing of values in RangeStmt 2020-04-24 07:46:25 -07:00
Cosmin Cojocar
8662624e28 Update the build badge to ge the status from GitHub workflow 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-20 03:20:30 -07:00
Cosmin Cojocar
a2a40de847 Update the README with an example to configure the hard-coded credentials rule 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-15 07:21:19 -07:00
Cosmin Cojocar
51e4317f09 Automate the release process using a GitHub workflow 
The release will trigger when a new tag is pushed.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-14 00:41:56 -07:00
Cosmin Cojocar
3b6c3f13f1 Update README with some instruction how to run gosec as a GitHub action 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2020-04-08 00:39:01 -07:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors (#441) 2020-03-01 21:45:37 +01:00
Sam Caccavale
a305f10eb9
Fileperms (#442) 2020-02-28 12:48:18 +01:00
Hiroki Suezawa
a4d7b3628b Add G110(Potential DoS vulnerability via decompression bomb) 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-20 10:37:56 +01:00
Hiroki Suezawa
9cb83e10af Add a rule which detects when there is potential integer overflow (#422) 
* Add G109(Potential Integer OverFlow Detection)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* add CWE to G109(Potential Integer Overflow)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* Modify G109 to use gosec.Context

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-06 09:55:52 +01:00
Hiroki Suezawa
79fbf3af8d Add golint format to output format (#428) 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
 2020-01-03 10:56:21 +01:00
Cosmin Cojocar
99170e0d76
Update the README with some details about the CWE mapping (#407) 
* Fix some typos in the README file

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Update the README with some details about the CWE mapping

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-10-31 11:56:17 +01:00
Cosmin Cojocar
832d7bb398 Update README with CII Best Practicies badge 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-09-27 08:53:58 +10:00
Cosmin Cojocar
d8f249a079 Update README with rule G108 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-09-24 09:32:09 +10:00
Cosmin Cojocar
338b50debb Remove rule G105 which detects the use of math/big#Int.Exp 
The big#Int.Exp used to be vulnerable in older versions of Go, but in the
meantime has been fixed (https://github.com/golang/go/issues/15184).

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-09-10 11:59:05 +10:00
Cosmin Cojocar
7851918c4f Add support to exclude arbitrary folders from scanning (#353) 
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
 2019-09-09 22:01:36 +10:00