4656817593
chore(deps): update module github.com/onsi/gomega to v1.28.1
2023-10-23 09:37:22 +02:00
5567ac4cfe
Run the gosec with data race detector active during tests
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 15:13:27 +02:00
a2397580b6
Fix data race in the analyzer
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 15:13:27 +02:00
c06903addd
Fix test that checks the overriden nosec directive
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 14:33:51 +02:00
bde26196d0
Clean global state in flgs tests
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 14:33:51 +02:00
e108c56933
Format the file
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 12:02:48 +02:00
e298388908
Update README with details which describe the current behaviour of #nosec
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 12:02:48 +02:00
d8a6d358dc
Ensure the ignores are parsed before analysing the package
...
In addition this handles the ignores for multi-line issues
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-18 12:02:48 +02:00
7846db034c
chore(deps): update all dependencies
2023-10-16 09:29:43 +02:00
8e0cf8c5ce
Update gosec to version 2.18.1 in the action
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-13 15:19:58 +02:00
6b12a71071
Update cosign version to v2.2.0
2023-10-13 15:19:58 +02:00
0ec6cd95d7
Refactor how ignored issues are tracked
...
Track ignored issues using file location instead of a AST node. There are issues linked to a different AST node than the original node used to start the scan.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-13 14:11:08 +02:00
f338a98bf3
Restrict the maximum depth when tracking the slice bounds
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-13 10:03:27 +02:00
7e2d8d35f4
Handle empty ssa results
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-13 10:03:27 +02:00
074353a2ab
Handle gracefully any panic that occurs when building the SSA representation of a package
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-12 10:37:29 +02:00
ec31a3a691
Fix typo
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-12 10:15:03 +02:00
a11eb28e2f
Handle new function when getting the call info in case is overriden
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-12 10:15:03 +02:00
5b7867d125
Bump golang.org/x/net from 0.16.0 to 0.17.0 ( #1037 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 09:10:25 +02:00
dd08f99f53
Update to Go 1.21.3 and 1.20.10 ( #1035 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-11 10:18:12 +02:00
616520f44f
Update the list of unsafe functions detected by the unsafe rule ( #1033 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-10 09:47:36 +02:00
3952187ea7
Update the action to use gosec version v2.18.0 ( #1029 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-09 10:37:52 +02:00
2b62dd1d8a
Use a step ID in github release action to get the digest of the image ( #1028 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-09 10:35:36 +02:00
53fc0c3c83
Update to go version 1.21.2 and 1.20.9 ( #1027 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-10-09 09:35:41 +02:00
7f7c47fefe
chore(deps): update all dependencies ( #1026 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-10-09 09:22:00 +02:00
d864a91884
Enable gochecknoinits; fix lint issues; use consts for some vars ( #1022 )
2023-10-05 13:00:22 +02:00
09cf6efb3e
Fix typos in struct fields, comments, and docs ( #1023 )
2023-10-05 12:59:17 +02:00
665e87b287
chore(deps): update all dependencies
2023-10-05 12:58:26 +02:00
4def3a4eb0
Fix lint warning
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-25 13:24:34 +02:00
0d332a1027
Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
...
It seems that the os.Create will create by default a file with 0666 permissions.
This should be detected when the configured permissions are less than 0666. By default will not detect this case
unless the more restrictive mode is configured.
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-25 13:24:34 +02:00
293d887525
Fix lint warnings
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-20 10:19:51 +02:00
ac482cb87c
Update ginkgo to latest version
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-20 10:19:51 +02:00
e02e2f6d5b
Redesign and reimplement the slice out of bounds check using SSA code representation
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-20 10:19:51 +02:00
e1278f9572
docs: add reMarkable to users list
2023-09-19 15:55:25 +02:00
f6a64969a3
chore(deps): update all dependencies
2023-09-18 08:40:10 +02:00
aebe20cfba
Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-11 11:26:07 +02:00
7a98537c9a
Update to latest go version
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-11 11:26:07 +02:00
b192f06cca
chore(deps): update all dependencies ( #1011 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-09-11 10:53:32 +02:00
6c93653a29
Fix hardcoded_credentials rule to only match on more specific patterns ( #1009 )
...
* Fix hardcoded_credentials rule to only match on more specific patterns
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
* Fix lint warnings
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
* Fix double escape in regexps
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
---------
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-09-05 18:00:02 +02:00
325eb19a54
chore(deps): update all dependencies ( #1008 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-09-04 09:12:42 +02:00
beef1250a4
Exclude maps from slince bounce check rule ( #1006 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-08-23 17:17:14 +02:00
21d13c9a9b
Ignore struct pointers in G601 ( #1003 )
...
Updates https://github.com/securego/gosec/issues/966
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com >
2023-08-18 17:05:17 +02:00
85005c43d9
Update gosec image version to 2.17.0 in the Github action ( #1002 )
2023-08-18 10:07:28 +02:00
6a2c5e16a1
Update cosign to version v2.1.1 ( #1000 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-08-17 09:53:01 +02:00
a89e9d5a7a
Enable go 1.21.0 in the CI build ( #998 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-08-14 09:59:18 +02:00
4b458c4f59
chore(deps): update all dependencies ( #997 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-14 09:36:16 +02:00
7d51bfe004
Update to go version 1.20.7 and 1.19.12 ( #993 )
...
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com >
2023-08-07 10:05:55 +02:00
fc2f66bbbb
chore(deps): update all dependencies ( #992 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-07 09:54:19 +02:00
2cf2f96697
chore(deps): update module github.com/onsi/gomega to v1.27.10 ( #991 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-31 10:23:04 +02:00
bf7feda2b9
fix: correctly identify infixed concats as potential SQL injections ( #987 )
2023-07-25 17:13:07 +02:00
2292ed5e91
chore(deps): update all dependencies ( #989 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-24 10:01:22 +02:00
