Commit graph

36 commits

Author SHA1 Message Date
Vladimir Severov
9c19cb6501
Add check for usage of Rat.SetString in math/big with an overflow error (#819)
* Add check for usage of Rat.SetString in math/big with an overflow error

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7
has an overflow that can lead to Uncontrolled Memory Consumption.

It is the CVE-2022-23772.

* Use ContainsPkgCallExpr instead of manual parsing
2022-06-03 00:19:51 +02:00
renovate[bot]
12be14859b
chore(deps): update all dependencies (#812)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-09 12:02:57 +02:00
云微
34d144b3fa
Add new rule for Slowloris Attack 2022-04-30 12:38:50 +02:00
renovate[bot]
b69c3d48c8
chore(deps): update all dependencies (#805)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-11 20:12:37 +02:00
renovate[bot]
8af0af7611
chore(deps): update all dependencies (#789)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-14 14:10:28 +01:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/") 2022-03-06 10:58:47 +01:00
Cosmin Cojocar
26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign (#781)
* Extend the release action to sign the docker image and binary files with cosign

* Fix lint warnings

* Fix the ling warnings

* Fix the lint warnings
2022-02-22 21:33:42 +01:00
Cosmin Cojocar
c0680bb6a3 Process the code snippet before adding it to the SARIF report
Preprocess the code snippet from the issue in order to extract only the line(s)
of code where the issue is located.  In addition remove the line numbers and whitespaces
before writing the code snippet into the SARIF report.
2022-02-09 16:19:40 +01:00
Cosmin Cojocar
09a2941ad4 Use the CWE name as a name in the SARIF report 2022-01-27 15:51:51 +01:00
renovate[bot]
58058af0c8
chore(deps): update dependency highlight.js to v11.4.0 (#758)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-10 10:56:36 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 (#753) 2022-01-03 18:11:35 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings 2021-12-09 11:53:36 +01:00
renovate[bot]
040327f7d7
chore(deps): update all dependencies (#734)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-07 15:49:48 +01:00
renovate[bot]
c95e9c21e7
chore(deps): update all dependencies (#731)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-22 14:04:48 +01:00
Marc Brugger
ff17c30a97
Use go embed for templates (#725) 2021-11-15 16:17:22 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes (#717) 2021-11-09 21:02:24 +01:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci (#698) 2021-09-13 09:40:10 +02:00
Marc Brugger
fd5472caaf
remove tabs (#689) 2021-08-20 10:27:45 +02:00
Marc Brugger
b695b66e4d
add key to Highlight component (#686) 2021-08-19 14:54:12 +02:00
Marc Brugger
aee782bfe8
add summary to html report (#687) 2021-08-19 14:53:39 +02:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such 2021-08-18 13:00:38 +02:00
Marc Brugger
c0c122cdc7
Add rule ID and CWE reference to the html report 2021-08-04 17:39:03 +02:00
Matthieu MOREL
731d0d51ce
Results must always be present in the SARIF report (#650)
* Don't omit empty results

* Add tests
2021-06-17 14:21:42 +02:00
Matthieu MOREL
e72b1e5f25
Use of vars instead of func 2021-06-13 13:30:16 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build 2021-05-31 10:44:12 +02:00
Matthieu MOREL
9fc8e20889
Add favicon for HTML template (#628)
* Add favicon for template

* Update template.go
2021-05-26 09:51:10 +02:00
Matthieu MOREL
91dae7fdce
Update the design of HTML report 2021-05-25 10:10:42 +02:00
Matthieu MOREL
e72f54ed40
Fix HTML template and display the gosec version 2021-05-21 11:14:43 +02:00
Marc Brugger
c3f25b8ab3
fix html report tag styling (#623) 2021-05-21 08:13:20 +02:00
Marc Brugger
433a67483a
show nosec in html report summary (#621) 2021-05-20 11:34:52 +02:00
Matthieu MOREL
d040f0725f
Handle gosec version in SARIF report 2021-05-20 10:16:42 +02:00
Matthieu MOREL
3a9a6ad8b3
Sarif provide Snippet with Issue.Code
* Provide Snippet with Issue.Code

* Fix documentation
2021-05-13 16:02:28 +02:00
Matthieu MOREL
103c429df5
Enable golangcli and improve testing for formatters 2021-05-10 10:08:04 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt 2021-05-07 18:04:01 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages 2021-05-06 09:31:51 +02:00