1
0
mirror of https://github.com/securego/gosec.git synced 2025-07-09 00:45:40 +02:00
Commit Graph

1143 Commits

Author SHA1 Message Date
e4d0e9f5be Update all dependencies (#553)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-04 08:03:52 +01:00
9fe0b2e21a Fix typo (#547) 2020-12-11 09:34:38 +01:00
d8fa95aad8 Update all dependencies (#544)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-12-01 09:29:25 +01:00
984c1d39a0 fix typo in ContainsPkgCallExpr comment (#545) 2020-12-01 09:28:38 +01:00
208b73eec4 Update all dependencies (#538)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-11-02 09:15:56 +01:00
0d4f1cb2cb Support SARIF output (#539)
* SARIF support

* add sarif option to help text
2020-11-02 09:13:53 +01:00
a4746e18e3 Update all dependencies (#533)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
v2.5.0
2020-10-07 20:32:18 +02:00
6bd6e4ba2c Use $(go env GOPATH) that works even when GOPATH is not set 2020-10-01 04:17:43 +10:00
aef335a98e Fix typo in README.md
s/trucate/truncate for G101 configuration
2020-10-01 04:17:00 +10:00
0ce48a584f Reproducible junit report (#529)
* Fix junit format ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Make ordering stable

Signed-off-by: L. Pivarc <lpivarc@redhat.com>

* Test ordering

Signed-off-by: L. Pivarc <lpivarc@redhat.com>
2020-09-29 19:17:38 +02:00
868556b846 Update README with the correct path to tlsconfig command
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
13519fda59 Update the tls configuration generate to handle also the NSS alternative names
Regenerate the configuration of TLS rule.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-03 10:54:08 +02:00
e351067255 Update all dependencies 2020-09-01 08:58:31 +02:00
166e4f5f45 Update README file with some more details required to run successfully a scan with the docker image
The current working directory needs to be specified in the docker run option in order for gosec
to download the dependencies defined in the go module file.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-01 08:57:52 +02:00
f5cc32a320 Update the Go version to 1.15 in the Makefile
This is only used when building locally the docker image.

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-09-01 08:57:52 +02:00
ea0fa28b7f Update the Github go action version to 1.6.0
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
feea8bb243 Fix the action tag
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
6688a97661 Fix the github action for Go 1.15
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
7234349e33 Add Go 1.15 to the supported version and phase out the Go 1.12
Also updated the release automation to release gosec with use Go 1.15

Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:23 +02:00
a3895d5c55 Fix typo in README file
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-31 10:27:02 +02:00
17c955519e Incorrect local installation instructions for v2 2020-08-21 11:23:36 +02:00
f13b8bc639 Add also filepath.Rel as a sanitization method for input argument in the G304 rule
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-19 09:40:07 +02:00
047729a84f Fix the rule G304 to handle the case when the input is cleaned as a variable assignment
Signed-off-by: Cosmin Cojocar <ccojocar@cloudbees.com>
2020-08-19 09:40:07 +02:00
b60ddc21ba feat: adds support for path.Join and for tar archives in G305 2020-08-03 09:17:45 +02:00
673a139e55 Update all dependencies 2020-08-03 09:07:46 +02:00
110b62b05f Add io.CopyBuffer function to rule G110
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-29 14:25:45 +02:00
6bcd89aa6b Mark all lines of a multi-line finding
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
v2.4.0
2020-07-07 10:00:15 +02:00
4d4e5949c6 Add some comments
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-07 10:00:15 +02:00
d1467ac998 Extend the code snippet included in the issue and refactored how the code snippet is printed
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-07 10:00:15 +02:00
37d1af0af3 Expand the arguments to a list of strings when they are provided as a single string
The GitHub action provide the arguments as a single string to the docker container,
so we need to expand them in order for gosec to properly interpret them.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-06 19:38:49 +02:00
59cbe0071f Update all dependencies 2020-07-01 09:13:45 +02:00
ade81d3873 Rename file for consistency
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-29 13:52:47 +02:00
03f12f3f5d Change naming rule from blacklist to blocklist 2020-06-29 13:45:44 +02:00
3784ffea4e Fix panic when reading the version from debug info in Go 1.13
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 15:27:53 +02:00
55d368f2e5 Improve the TLS version checking
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:21:14 +02:00
ad1cb7e47e Make sure some version information is set when no version was injected into the binary
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-25 09:20:55 +02:00
1d2c951f2c Extend the rule G304 with os.OpenFile and add a test to cover it
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-17 13:14:08 +02:00
0c1a71b8a1 Add more tests samples to increase coverage
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-15 15:12:02 +02:00
fe07fcf276 Fix unit test when checking a mix of good and bad random functions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-15 15:12:02 +02:00
6bbf8f9cbc Extend the insecure random rule with more insecure random functions
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-06-15 15:12:02 +02:00
af699f6a62 Exclude .git directory from scan (#485) 2020-06-09 15:16:27 +02:00
6202b38a44 Update all dependencies (#484)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-02 09:31:29 +02:00
6a130d55b3 Update the link pointing to issues to CWE mapping to use the master version (#483)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-28 14:40:15 +02:00
826db1cfec Fix the build tags propagation
The build tags are now propagated into the build context when analysing a package.
2020-05-27 12:42:19 +02:00
7da9248ce6 Change the issue test to verify that a multi-line finding contains a line range
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
7aedcc56ab Remove print line from tests
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
30e93bf865 Improve the SQL strings concat rules to handle multiple string concatenation
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
68bce94323 Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context
In addition makes pattern matching used by the rules cases insensitive.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-27 10:16:56 +02:00
32be4a5cc6 Make sure all rules are mapped to CWE numbers
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-26 08:59:14 +02:00
8630c43b66 Add null pointer check in G601
fixes: #475
2020-05-21 05:51:45 +02:00