gosec

go/gosec

mirror of https://github.com/securego/gosec.git synced 2025-07-13 01:00:25 +02:00

Author	SHA1	Message	Date
renovate[bot]	a57a033983	Update golang.org/x/sys commit hash to f460065 (#356 )	2019-09-09 14:17:36 +02:00
renovate[bot]	80637510f4	Update golang.org/x/crypto commit hash to 094676d (#355 )	2019-09-09 22:03:23 +10:00
Cosmin Cojocar	7851918c4f	Add support to exclude arbitrary folders from scanning (#353 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 22:01:36 +10:00
renovate[bot]	1c35be8eca	Add renovate.json (#354 )	2019-09-09 21:32:22 +10:00
Cosmin Cojocar	fde1f82f34	Update the tag format in the release steps (#348 ) Go modules requires that the tag starts with a `v`. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 21:11:32 +10:00
Cosmin Cojocar	992f173356	Update README file with a note on dependencies (#351 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 21:11:12 +10:00
Cosmin Cojocar	e442cf30a8	Add Go 1.13 to the tested version in the travis build file (#350 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 21:10:58 +10:00
Cosmin Cojocar	4ecbe32d83	Update go modules to latest compatible version and removed unused dependencies (#349 ) * Tidy up the go modules to remove unused modules Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Update go modules to latest compatible version Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-09-09 21:10:41 +10:00
Daniel Carlier	8932f702ce	Add flag to handle '#nosec' alternative (#346 ) * Add logic to check for a #nosec alternative * Add NoSecAlternative as a new global variable * Add nosec-tag flag	2019-09-04 10:20:43 +02:00
Grant Murphy	4b59c94808	Prevent null pointer exception in Sonarqube (#334 ) * fix(formatters) null value causes npe in sonarqube the json encoding of uninitialized arrays is null. this causes a npe in sonarqube tool. we should return an empty array rather than a null value here. relates to: #333	2019-07-09 13:36:09 +10:00
Juan Antonio Osorio Robles	39f7e7b9e0	Display filtered number of issues instead of total in stats This takes into account the filtered number of issues instead of the total number. This number is more relevant to developers, as the intention was to not take certain issues into account anyway.	2019-07-04 10:13:09 +10:00
Cosmin Cojocar	e28a56a8ad	Merge pull request #330 from ccojocar/fix-whitelist-G104 Fix the whitelist on G104 rule and add some documentation which describe how to configure the whitelist	2019-06-26 09:14:15 +02:00
Cosmin Cojocar	63b44b6681	Add some more tests to make codecov happy Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-25 11:56:26 +02:00
Cosmin Cojocar	141235719b	Add some documentation for G104 whitelist configuration Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-25 11:26:28 +02:00
Cosmin Cojocar	f3445245a2	Fix the whitelist on G104 rule and add a test Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-25 11:15:11 +02:00
Cosmin Cojocar	78a49491a8	Load rules on each code sample in order to reconfigure them Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-25 11:14:27 +02:00
Cosmin Cojocar	ed9934fa48	Refactor the rules tests to be able to configure the analyzer config per test sample Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-25 10:29:19 +02:00
Cosmin Cojocar	36a82ea85e	Merge pull request #328 from ccojocar/fix-sonarqute-report Fix the file path in the Sonarqube report and also add support for multiple root folders	2019-06-25 08:55:21 +02:00
Cosmin Cojocar	020479a832	Support multiple root paths when generating the Sonarqube report Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-24 14:35:11 +02:00
Cosmin Cojocar	46e55b908d	Fix the file path in the Sonarqube report Add some test to validate the Sonarqube formatter. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-06-24 14:10:51 +02:00
Ben Bytheway	04dc713f22	One approach for fixing the false positive identified in #325 .	2019-06-13 08:22:48 +10:00
Martin Vrachev	196edd34b6	Add checksum clarification in README Currently, if you download the gosec binary using the commands suggested in the README and you decide to check the checksum of the binary, you just downloaded then your checksum check will fail. As a result, the user can think that your binary is corrupted. The reason for that failure is that the checksums are for the tar.gz files provided in the release notes. This should be documented to avoid future unclarities. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>	2019-06-07 22:33:15 +10:00
Cosmin Cojocar	0ebfa2f8b7	Rework analyzer unit test to pass the go tip version (#318 ) Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-17 15:35:46 +02:00
Sandor Szücs	9d9098fa97	print version string (#317 ) Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>	2019-05-17 11:33:02 +02:00
Cosmin Cojocar	ee80733faf	Add a flag to filter issues by confidence (#316 ) Refactor also how the issues are filtered by severity. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-10 10:15:09 +02:00
Cosmin Cojocar	29cec138dc	Fix formatting in README, remove prerequisite and reworked the Makefile tests goals (#313 ) * Fix formating in README Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Split the various test goals in the Makefile Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Remove the prerequisites from README since they are automatically installed Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Remove unnecessary install steps from Travis CI build Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Make sure golint is installed before running the lint command Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> * Make sure ginkgo command is installed before running the tests Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch> 2.0.0	2019-05-02 09:19:18 +02:00
Cosmin Cojocar	b68ac76dbc	Fix formatting Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	3e69a8c8a2	Append the package load errors to analyser's errors Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	aac9b00845	Refactor properly the package error parsing and cover all test cases Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	625718d294	Refactor the test for Go build errors Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	3af4ae9ddb	Fix some lint warnings Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	bac6f0fb8f	Add tests for an empty package without any test file Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	76b2c12044	Add a test to cover the processing of empty packages Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	b04c1ce0a7	Fix error parsing from package Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	92b3644625	Fix error parsing when the loaded package is empty Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-05-01 08:52:23 +02:00
Cosmin Cojocar	48e39323f3	Remove tests case from import tracker Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 19:34:57 +02:00
Cosmin Cojocar	25b5a1a1ce	Add tests to cover the import tracker from file Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 19:34:57 +02:00
Cosmin Cojocar	5ef2beeaa6	Track only the import from the file which is checked Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 19:34:57 +02:00
Cosmin Cojocar	f1ea7f6ee3	Add tests for analyser test pacakge check Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:55:24 +02:00
Cosmin Cojocar	6e5135f6eb	Update README with some instructions to enable the tests and vendor folder scanning Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:55:24 +02:00
Cosmin Cojocar	b49c9532a8	Add a flag which allows to scan also the tests files Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:55:24 +02:00
Cosmin Cojocar	f1d49a6945	Remove unused code Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:54:59 +02:00
Cosmin Cojocar	ed2e0aa927	Update local install command in README file Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-29 06:54:40 +02:00
Cosmin Cojocar	4dfaf0a997	Refactor the analyzer to process one package at the time This avoids loading all packages in memory before running the checks. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-28 09:06:52 +02:00
Cosmin Cojocar	adcfe94257	Fix test for helpers Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00
Cosmin Cojocar	5ae52660ae	Add some tests that covers the helper function which list the package paths Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00
Cosmin Cojocar	e419eb8f4e	Exclude correctly the vendor folder from the scanned packages Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00
Cosmin Cojocar	85eb8a52ab	Scan the go packages path recursively starting from a root folder This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00
Cosmin Cojocar	85221996b6	Improve logging in the analyser Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00
Cosmin Cojocar	ea16ff1f9e	Remove GOPATH check to allow running gosec outside of GOPATH Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>	2019-04-27 14:02:43 -07:00

... 13 14 15 16 17 ...

1143 Commits