go/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2025-11-23 22:15:04 +02:00
Code Issues Releases Activity
1,201 Commits 11 Branches 52 Tags
34db3de0ee2c7ee2db87ce232132db29775ca50c
Commit Graph

1201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cosmin Cojocar
34db3de0ee Remove unused target from the makefile 
Change-Id: Ic663c249a5529114d386e59f522386f132e13879
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
f5a3b7ab78 Use the ginkgo command install by the dependencies 
Change-Id: Ia8a28cd79a61fc8a95ac9a7700ad1a436874da6f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
761fcbc36c Keep the go module at 1.24 version for compatibility reasons 
Change-Id: I4a572ee651896232fe4b5d51b9ee9b4896ee0f50
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Cosmin Cojocar
2238079261 Remove manual test deps 
It is not required anymore to install the test dependencies seprately.
They are now managed by the go module file.

Change-Id: I67bb8ca4619e36477a62b24692b795e16c89397b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-10-02 10:35:04 +00:00
Sebastian Rühl
bb08aa3188 fix: text must be supplied when markdown is used 
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790720

Fixes https://github.com/securego/gosec/issues/1393
 2025-10-01 08:08:21 +00:00
Sebastian Rühl
23597d2569 fix: improve error message of CheckAnalyzers 2025-09-29 15:45:53 +00:00
Sebastian Rühl
8d7e9d598b fix: log panic on SSA 2025-09-29 15:45:53 +00:00
renovate[bot]
0d8255e75e chore(deps): update all dependencies 2025-09-29 07:58:47 +00:00
Cosmin Cojocar
f9c52aac4b Update gosec to version v.22.9 in the github action 
Change-Id: Ib3a1fa4255b4fdff577cc97492bf4696553a4a43
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-09-22 09:18:06 +00:00
Cosmin Cojocar
15d5c61e86 Update cosign to v2.6.0 and go in the CI to latest version 
Change-Id: I1754871a875f82fa1177793e74a41cc88ef4059f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.9 		2025-09-22 08:42:03 +00:00
Matteo Calabrò
7b8713e2c9 fix(autofix): unnecessary conversion 2025-09-22 08:24:39 +00:00
Matteo Calabrò
64ebfc0106 feat(autofix): update gemini sdk and add anthropic claude 
* upgrade gemini sdk to google.golang.org/genai v1.25.0
* support newer gemini models
* add anthropic claude
 2025-09-22 08:24:39 +00:00
Eshani Parulekar
506407e7df feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24 2025-09-16 14:37:06 +00:00
renovate[bot]
3ead143f0a chore(deps): update all dependencies 2025-09-15 07:25:27 +00:00
Eshani Parulekar
e81fba3c3a refactor(G304): remove unused trackJoin helper; no functional change 2025-09-12 13:52:23 +00:00
Eshani Parulekar
ab078db7b0 style: gofmt rules/readfile.go 2025-09-12 13:52:23 +00:00
Eshani Parulekar
e6218c83ec test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed) 2025-09-12 13:52:23 +00:00
Eshani Parulekar
79f835d9c7 rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed 2025-09-12 13:52:23 +00:00
Eshani Parulekar
40ac53017b rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed 2025-09-12 13:27:02 +00:00
renovate[bot]
4be6b11bbc chore(deps): update all dependencies 2025-09-08 11:06:08 +00:00
renovate[bot]
5af1117217 chore(deps): update all dependencies 2025-08-25 08:18:38 +00:00
renovate[bot]
287b46c018 chore(deps): update all dependencies 2025-08-18 07:59:10 +00:00
Cosmin Cojocar
cee0aeae8a Update gosec version to v2.22.8 in the Github action 
Change-Id: Ifc3c472f6c6aa08bda00ab57298fd7d383ab8325
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-08-14 13:16:42 +00:00
Cosmin Cojocar
c9453023c4 Add support for go version 1.25.0 
Change-Id: Ia694411be7e861177970485cc6185af5a6944686
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.8 		2025-08-14 12:38:12 +00:00
Cosmin Cojocar
ef7adab98c Update go version in CI to 1.24.6 and 1.23.12 
Change-Id: I940b6382282fa2609736a62491c22b3e9319f430
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-08-11 13:42:46 +00:00
renovate[bot]
e201bb86c2 chore(deps): update all dependencies 2025-08-11 08:54:42 +00:00
renovate[bot]
ba592afef6 chore(deps): update all dependencies 2025-07-28 09:33:21 +00:00
Cosmin Cojocar
2ef6017991 Update github action to release v2.22.7 
Change-Id: I827d332eb4ad80fbddbabccc4d501d2968449aab
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-07-21 15:54:30 +00:00
Cosmin Cojocar
32975f4bab Fix crash in hardcoded_nonce analyzer 
Change-Id: If5ed3709d6e1ddced1be555477dd0f5451aab901
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.7 		2025-07-21 15:19:49 +00:00
Cosmin Cojocar
6ea6b35e61 Update go action to use release v2.22.6 
Change-Id: I9081035b07d8b254034468af77d65d48c7c06ecb
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-07-21 10:49:17 +00:00
Cosmin Cojocar
bc3f2145b5 Update go version to 1.24.5 and 1.23.11 in the CI 
Change-Id: I56c3576fbda7cc2633dac335c29b2494985978e9
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.6 		2025-07-21 09:38:01 +00:00
renovate[bot]
925741b7ef chore(deps): update module google.golang.org/api to v0.242.0 2025-07-21 08:06:50 +00:00
renovate[bot]
59ae7e9e27 chore(deps): update all dependencies 2025-07-14 08:59:55 +00:00
renovate[bot]
e7abd9e348 chore(deps): update all dependencies 2025-07-07 10:04:42 +02:00
renovate[bot]
35e7bc1a94 chore(deps): update all dependencies 2025-06-30 10:33:36 +02:00
renovate[bot]
2d1ed95a0b chore(deps): update all dependencies 2025-06-23 11:35:00 +02:00
Oleksandr Redko
4a8cb4609f Do not allow dashes in file names 2025-06-16 14:34:38 +02:00
Cosmin Cojocar
bcc8afbe30 Update gosec to version 2.22.5 in Github action 
Change-Id: Ide774b7157678f54e17bd7decad22d0712ff1b40
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-06-16 12:57:45 +02:00
Cosmin Cojocar
d2d3ae66bd Switch back go.mod to minimum 1.23.0 
Change-Id: Ic3f843d866a21a6595e1dc9c97416f2a22172299
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.5 		2025-06-16 11:50:02 +02:00
Cosmin Cojocar
1e7ed06b15 Update dependencies 
Change-Id: Ifccf358fa941a51f6b9e817311dc4a49ee9afb6f
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-06-16 11:50:02 +02:00
Cosmin Cojocar
1bef91a07f Update go version 1.24.4 and 1.23.10 in CI 
Change-Id: I3d7d82da3385d231873a8901132a8a025beb01fc
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
 2025-06-16 11:21:59 +02:00
renovate[bot]
621702f13a chore(deps): update all dependencies 2025-06-10 10:39:08 +02:00
Ilia Mirkin
017d1d655c G201/G202: add checks for injection into sql.Conn methods 
We check sql.DB and sql.Tx, but sql.Conn appears to have been missed. It
carries the same issues as DB/Tx in terms of injection.
 2025-06-03 16:22:56 +02:00
renovate[bot]
67f63d4781 chore(deps): update module google.golang.org/api to v0.235.0 2025-06-02 10:04:14 +02:00
renovate[bot]
b4eabb1b18 chore(deps): update module google.golang.org/api to v0.234.0 2025-05-26 16:03:16 +03:00
renovate[bot]
52a80ff4bd chore(deps): update module google.golang.org/api to v0.233.0 2025-05-20 10:08:10 +02:00
renovate[bot]
e2a95069d9 chore(deps): update module google.golang.org/api to v0.232.0 2025-05-12 09:48:04 +02:00
Cosmin Cojocar
6decf96c3d Update to go version 1.24.3 and 1.23.9 
Change-Id: I51a700de77a580647088f6ac40a725bac5c4e233
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
v2.22.4 		2025-05-08 11:19:37 +02:00
codeshaine
d522338364 update: updated the build command to include version metadata 2025-05-08 11:00:06 +02:00
renovate[bot]
270b5ce868 chore(deps): update all dependencies 2025-05-06 09:44:05 +02:00