go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-07-05 00:29:02 +02:00
Code Issues Releases Activity
1,164 Commits 9 Branches 47 Tags
update_action_gosec
Commit Graph

1164 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
renovate[bot]
187adabe34 chore(deps): update all dependencies 2023-12-18 10:42:31 +01:00
renovate[bot]
e1f27ba8fc chore(deps): update actions/setup-go action to v5 2023-12-11 10:12:41 +01:00
Cosmin Cojocar
2aad3f02a5 Fix lint warnings by properly formatting the files 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-12-08 14:46:36 +01:00
Adam Kaplan
0e2a61899a chore: Refactor Sample Code to Separate Files 
Split the code in `source.go` to individual sample files, one per rule.
This will help contributors submit samples for new rules, or
improvements to existing rules. The cgo sample was all that was left
after refactoring, which resulted in its own sample file.

Sample code was also formatted to have some level of consistency.
Each sample go "file" attempts to keep the formatting of `gofmt`, and
each code sample is in its own section in the sample file.

Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
 2023-12-08 14:46:36 +01:00
Cosmin Cojocar
bc03d1c1bc Update go version to 1.21.5 and 1.20.12 (#1084) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-12-08 14:19:34 +01:00
renovate[bot]
79a6b475f0 chore(deps): update all dependencies (#1080) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-04 10:06:03 +01:00
Cosmin Cojocar
eb256a7d70 Ignore the issues from generated files when using the analysis framework (#1079) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-11-30 17:42:44 +01:00
Chaminda Divitotawela
43b7cbf661 Update README with upload-sarif v2 (#1078) 
GitHub action upload-sarif v1 is deprecated and action fails if used. Updated README with v2 so workflow can be copy and use without modiciations

Fixes #1077
 2023-11-28 09:09:22 +01:00
renovate[bot]
fece49805b chore(deps): update dependency babel-standalone to v7.23.4 2023-11-27 09:30:11 +01:00
Pooja Shah
24c614bf16 Added ppc64le support 2023-11-16 10:07:21 +01:00
renovate[bot]
c736581f85 chore(deps): update all dependencies 2023-11-13 09:45:27 +01:00
Cosmin Cojocar
3188e3fb8e Ensure ignores are handled properly for multi-line issues 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-11-10 10:48:04 +01:00
Cosmin Cojocar
6d56592f09 Update Go to version 1.21.4 and 1.20.11 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-11-10 10:38:54 +01:00
renovate[bot]
870103b709 chore(deps): update module golang.org/x/text to v0.14.0 2023-11-06 09:43:30 +01:00
renovate[bot]
b50e4936af chore(deps): update all dependencies 2023-10-30 10:16:50 +01:00
Cosmin Cojocar
2f9965bfbd Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-25 10:15:42 +02:00
Eng Zer Jun
fa1b74d4fc Avoid allocations with (*regexp.Regexp).MatchString 
We should use `(*regexp.Regexp).MatchString` instead of
`(*regexp.Regexp).Match([]byte(...))` when matching string to avoid
unnecessary `[]byte` conversions and reduce allocations.

Example benchmark:

var defaultTagRegex = regexp.MustCompile("\n *#nosec")

func BenchmarkMatch(b *testing.B) {
	for i := 0; i < b.N; i++ {
		if match := defaultTagRegex.Match([]byte("\n #nosec")); !match {
			b.Fail()
		}
	}
}

func BenchmarkMatchString(b *testing.B) {
	for i := 0; i < b.N; i++ {
		if match := defaultTagRegex.MatchString("\n #nosec"); !match {
			b.Fail()
		}
	}
}

goos: linux
goarch: amd64
pkg: github.com/securego/gosec/v2
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkMatch-16          	 5367033	       210.6 ns/op	       8 B/op	       1 allocs/op
BenchmarkMatchString-16    	 9321561	       126.3 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/securego/gosec/v2	3.606s

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2023-10-25 09:56:02 +02:00
Cosmin Cojocar
64bbe90144 Fix some typos 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-23 10:32:21 +02:00
Cosmin Cojocar
d9071e359b Update local installation instructions by removing the details for Go 1.16 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-23 10:28:11 +02:00
Cosmin Cojocar
5d837bcaab Update gosec version to 2.18.2 in the action 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-23 10:22:59 +02:00
Cosmin Cojocar
55d7949601 Disable dot-imports in revive linter 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
v2.18.2 		2023-10-23 10:00:13 +02:00
renovate[bot]
4656817593 chore(deps): update module github.com/onsi/gomega to v1.28.1 2023-10-23 09:37:22 +02:00
Cosmin Cojocar
5567ac4cfe Run the gosec with data race detector active during tests 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 15:13:27 +02:00
Cosmin Cojocar
a2397580b6 Fix data race in the analyzer 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 15:13:27 +02:00
Cosmin Cojocar
c06903addd Fix test that checks the overriden nosec directive 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 14:33:51 +02:00
Cosmin Cojocar
bde26196d0 Clean global state in flgs tests 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 14:33:51 +02:00
Cosmin Cojocar
e108c56933 Format the file 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 12:02:48 +02:00
Cosmin Cojocar
e298388908 Update README with details which describe the current behaviour of #nosec 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 12:02:48 +02:00
Cosmin Cojocar
d8a6d358dc Ensure the ignores are parsed before analysing the package 
In addition this handles the ignores for multi-line issues

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-18 12:02:48 +02:00
renovate[bot]
7846db034c chore(deps): update all dependencies 2023-10-16 09:29:43 +02:00
Cosmin Cojocar
8e0cf8c5ce Update gosec to version 2.18.1 in the action 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-13 15:19:58 +02:00
Cosmin Cojocar
6b12a71071 Update cosign version to v2.2.0 2023-10-13 15:19:58 +02:00
Cosmin Cojocar
0ec6cd95d7 Refactor how ignored issues are tracked 
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
v2.18.1 		2023-10-13 14:11:08 +02:00
Cosmin Cojocar
f338a98bf3 Restrict the maximum depth when tracking the slice bounds 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-13 10:03:27 +02:00
Cosmin Cojocar
7e2d8d35f4 Handle empty ssa results 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-13 10:03:27 +02:00
Cosmin Cojocar
074353a2ab Handle gracefully any panic that occurs when building the SSA representation of a package 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-12 10:37:29 +02:00
Cosmin Cojocar
ec31a3a691 Fix typo 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-12 10:15:03 +02:00
Cosmin Cojocar
a11eb28e2f Handle new function when getting the call info in case is overriden 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-12 10:15:03 +02:00
dependabot[bot]
5b7867d125 Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-12 09:10:25 +02:00
Cosmin Cojocar
dd08f99f53 Update to Go 1.21.3 and 1.20.10 (#1035) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-11 10:18:12 +02:00
Cosmin Cojocar
616520f44f Update the list of unsafe functions detected by the unsafe rule (#1033) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-10 09:47:36 +02:00
Cosmin Cojocar
3952187ea7 Update the action to use gosec version v2.18.0 (#1029) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-09 10:37:52 +02:00
Cosmin Cojocar
2b62dd1d8a Use a step ID in github release action to get the digest of the image (#1028) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-10-09 10:35:36 +02:00
Cosmin Cojocar
53fc0c3c83 Update to go version 1.21.2 and 1.20.9 (#1027) 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
v2.18.0 		2023-10-09 09:35:41 +02:00
renovate[bot]
7f7c47fefe chore(deps): update all dependencies (#1026) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-09 09:22:00 +02:00
Oleksandr Redko
d864a91884 Enable gochecknoinits; fix lint issues; use consts for some vars (#1022) 2023-10-05 13:00:22 +02:00
Oleksandr Redko
09cf6efb3e Fix typos in struct fields, comments, and docs (#1023) 2023-10-05 12:59:17 +02:00
renovate[bot]
665e87b287 chore(deps): update all dependencies 2023-10-05 12:58:26 +02:00
Cosmin Cojocar
4def3a4eb0 Fix lint warning 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-25 13:24:34 +02:00
Cosmin Cojocar
0d332a1027 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666 
It seems that the os.Create will create by default a file with 0666 permissions.

This should be detected when the configured permissions are less than 0666. By default will not detect this case
unless the more restrictive mode is configured.

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
 2023-09-25 13:24:34 +02:00