Commit graph

46 commits

Author SHA1 Message Date
renovate[bot]
a2719d3248
chore(deps): update all dependencies (#881)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-17 10:14:22 +02:00
renovate[bot]
bb4a1e3544
chore(deps): update all dependencies (#872)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-04 09:23:21 +02:00
renovate[bot]
e244c811ea
chore(deps): update all dependencies (#868)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-22 11:18:20 +02:00
renovate[bot]
180fc23b72 chore(deps): update all dependencies 2022-09-12 09:35:57 +02:00
renovate[bot]
ae58325bfe chore(deps): update all dependencies 2022-08-29 10:21:47 +02:00
Cosmin Cojocar
19fa856bad fix: make sure that nil Cwe pointer is handled when getting the CWE ID 2022-08-20 13:32:31 +02:00
Cosmin Cojocar
62fa4b4e9b test: remove white spaces from template 2022-08-20 13:08:50 +02:00
Cosmin Cojocar
074dc71087 fix: handle nil CWE pointer in text template 2022-08-20 13:08:50 +02:00
renovate[bot]
79a5b13bdb chore(deps): update dependency babel-standalone to v7 2022-08-15 09:17:13 +02:00
renovate[bot]
0212c83699
chore(deps): update dependency highlight.js to v11.6.0 (#830)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-18 16:20:54 +02:00
Vladimir Severov
9c19cb6501
Add check for usage of Rat.SetString in math/big with an overflow error (#819)
* Add check for usage of Rat.SetString in math/big with an overflow error

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7
has an overflow that can lead to Uncontrolled Memory Consumption.

It is the CVE-2022-23772.

* Use ContainsPkgCallExpr instead of manual parsing
2022-06-03 00:19:51 +02:00
renovate[bot]
12be14859b
chore(deps): update all dependencies (#812)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-09 12:02:57 +02:00
云微
34d144b3fa
Add new rule for Slowloris Attack 2022-04-30 12:38:50 +02:00
renovate[bot]
b69c3d48c8
chore(deps): update all dependencies (#805)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-11 20:12:37 +02:00
renovate[bot]
8af0af7611
chore(deps): update all dependencies (#789)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-14 14:10:28 +01:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/") 2022-03-06 10:58:47 +01:00
Cosmin Cojocar
26f10e0a7a
Extend the release action to sign the docker image and binary files with cosign (#781)
* Extend the release action to sign the docker image and binary files with cosign

* Fix lint warnings

* Fix the ling warnings

* Fix the lint warnings
2022-02-22 21:33:42 +01:00
Cosmin Cojocar
c0680bb6a3 Process the code snippet before adding it to the SARIF report
Preprocess the code snippet from the issue in order to extract only the line(s)
of code where the issue is located.  In addition remove the line numbers and whitespaces
before writing the code snippet into the SARIF report.
2022-02-09 16:19:40 +01:00
Cosmin Cojocar
09a2941ad4 Use the CWE name as a name in the SARIF report 2022-01-27 15:51:51 +01:00
renovate[bot]
58058af0c8
chore(deps): update dependency highlight.js to v11.4.0 (#758)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-10 10:56:36 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 (#753) 2022-01-03 18:11:35 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings 2021-12-09 11:53:36 +01:00
renovate[bot]
040327f7d7
chore(deps): update all dependencies (#734)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-07 15:49:48 +01:00
renovate[bot]
c95e9c21e7
chore(deps): update all dependencies (#731)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-22 14:04:48 +01:00
Marc Brugger
ff17c30a97
Use go embed for templates (#725) 2021-11-15 16:17:22 +01:00
Ville Skyttä
f1f0056a90
Spelling fixes (#717) 2021-11-09 21:02:24 +01:00
Matthieu MOREL
bfb0f422fe
chore(lint): enable errorlint and gci (#698) 2021-09-13 09:40:10 +02:00
Marc Brugger
fd5472caaf
remove tabs (#689) 2021-08-20 10:27:45 +02:00
Marc Brugger
b695b66e4d
add key to Highlight component (#686) 2021-08-19 14:54:12 +02:00
Marc Brugger
aee782bfe8
add summary to html report (#687) 2021-08-19 14:53:39 +02:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such 2021-08-18 13:00:38 +02:00
Marc Brugger
c0c122cdc7
Add rule ID and CWE reference to the html report 2021-08-04 17:39:03 +02:00
Matthieu MOREL
731d0d51ce
Results must always be present in the SARIF report (#650)
* Don't omit empty results

* Add tests
2021-06-17 14:21:42 +02:00
Matthieu MOREL
e72b1e5f25
Use of vars instead of func 2021-06-13 13:30:16 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build 2021-05-31 10:44:12 +02:00
Matthieu MOREL
9fc8e20889
Add favicon for HTML template (#628)
* Add favicon for template

* Update template.go
2021-05-26 09:51:10 +02:00
Matthieu MOREL
91dae7fdce
Update the design of HTML report 2021-05-25 10:10:42 +02:00
Matthieu MOREL
e72f54ed40
Fix HTML template and display the gosec version 2021-05-21 11:14:43 +02:00
Marc Brugger
c3f25b8ab3
fix html report tag styling (#623) 2021-05-21 08:13:20 +02:00
Marc Brugger
433a67483a
show nosec in html report summary (#621) 2021-05-20 11:34:52 +02:00
Matthieu MOREL
d040f0725f
Handle gosec version in SARIF report 2021-05-20 10:16:42 +02:00
Matthieu MOREL
3a9a6ad8b3
Sarif provide Snippet with Issue.Code
* Provide Snippet with Issue.Code

* Fix documentation
2021-05-13 16:02:28 +02:00
Matthieu MOREL
103c429df5
Enable golangcli and improve testing for formatters 2021-05-10 10:08:04 +02:00
Matthieu MOREL
4df7f1c3e9
Fix typos, Go Report link and Gofmt 2021-05-07 18:04:01 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Matthieu MOREL
ddfa25381f
Define a report package with core and per format sub-packages 2021-05-06 09:31:51 +02:00