1
0
mirror of https://github.com/securego/gosec.git synced 2025-01-14 02:23:09 +02:00
Commit Graph

985 Commits

Author SHA1 Message Date
Cosmin Cojocar
48aa72e1ef Format the imports using the gci tool
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-03-08 12:15:42 +01:00
nobishino
b6df69cd07 Fixup: delete unused variable 2024-03-08 12:15:42 +01:00
nobishino
ccb0a08221 Fix test: update test to comply with the spec of generated sources
https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source says:

> This line must appear before the first non-comment, non-blank text in the file.

Original test cases fail with the previous commit because test source does not comply with this spec.
So, probably we should update test case to comply with the spec.
(This is a breaking change, though)
2024-03-08 12:15:42 +01:00
nobishino
3a0ea5176b Refactor: use standard function to check if a file is generated
As of Go1.21, we can use https://pkg.go.dev/go/ast#IsGenerated to check if a file is generated.
Probably we want to use this instead of own implementation.
2024-03-08 12:15:42 +01:00
Hiroki Yorimitsu
11c32522c5 Fix lint warnings 2024-03-07 16:33:18 +01:00
Hiroki Yorimitsu
be378e682f Add support for math/rand/v2 added in Go 1.22 2024-03-07 16:33:18 +01:00
Cosmin Cojocar
36878a9423 Skip the G601 tests for Go version 1.22
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-03-07 12:23:46 +01:00
Cosmin Cojocar
903c75b05e Update go version to 1.22.1 and 1.21.8
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-03-07 12:23:46 +01:00
Janusz Marcinkiewicz
f25ccd9fb5 Ignore 'implicit memory aliasing' rule for Go 1.22+
Signed-off-by: Janusz Marcinkiewicz <januszm@nvidia.com>
2024-03-04 10:24:32 +01:00
renovate[bot]
582e91af06 chore(deps): update all dependencies 2024-03-04 10:10:31 +01:00
renovate[bot]
198a40ca23 chore(deps): update module golang.org/x/tools to v0.18.0 2024-02-19 09:41:51 +01:00
Quentin Laplanche
c824a5d308 fix(hardcoded): remove duplicated Stripe API Key 2024-02-13 10:02:03 +01:00
Cosmin Cojocar
d13d7dac9b Update gosec version to v2.19.0 in the Github action
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-02-12 10:31:37 +01:00
Cosmin Cojocar
26e57d6b34 Update CI to go version 1.22
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-02-12 10:08:56 +01:00
renovate[bot]
e60b8d88e0 chore(deps): update all dependencies 2024-02-12 09:36:56 +01:00
renovate[bot]
1285eb7300 chore(deps): update all dependencies 2024-02-05 09:59:32 +01:00
renovate[bot]
cf4ab3ea7c chore(deps): update all dependencies 2024-01-29 09:48:13 +01:00
renovate[bot]
277553c23d chore(deps): update all dependencies 2024-01-22 09:42:14 +01:00
renovate[bot]
57ec76b97b chore(deps): update all dependencies 2024-01-15 09:52:33 +01:00
renovate[bot]
8fa46c1e3e chore(deps): update dependency babel-standalone to v7.23.7 2024-01-03 09:54:15 +01:00
renovate[bot]
53aa3f7883 chore(deps): update module golang.org/x/crypto to v0.17.0 [security] 2023-12-19 09:36:09 +01:00
renovate[bot]
187adabe34 chore(deps): update all dependencies 2023-12-18 10:42:31 +01:00
renovate[bot]
e1f27ba8fc chore(deps): update actions/setup-go action to v5 2023-12-11 10:12:41 +01:00
Cosmin Cojocar
2aad3f02a5 Fix lint warnings by properly formatting the files
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-12-08 14:46:36 +01:00
Adam Kaplan
0e2a61899a chore: Refactor Sample Code to Separate Files
Split the code in `source.go` to individual sample files, one per rule.
This will help contributors submit samples for new rules, or
improvements to existing rules. The cgo sample was all that was left
after refactoring, which resulted in its own sample file.

Sample code was also formatted to have some level of consistency.
Each sample go "file" attempts to keep the formatting of `gofmt`, and
each code sample is in its own section in the sample file.

Signed-off-by: Adam Kaplan <adam@adambkaplan.com>
2023-12-08 14:46:36 +01:00
Cosmin Cojocar
bc03d1c1bc
Update go version to 1.21.5 and 1.20.12 (#1084)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-12-08 14:19:34 +01:00
renovate[bot]
79a6b475f0
chore(deps): update all dependencies (#1080)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-04 10:06:03 +01:00
Cosmin Cojocar
eb256a7d70
Ignore the issues from generated files when using the analysis framework (#1079)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-30 17:42:44 +01:00
Chaminda Divitotawela
43b7cbf661
Update README with upload-sarif v2 (#1078)
GitHub action upload-sarif v1 is deprecated and action fails if used. Updated README with v2 so workflow can be copy and use without modiciations

Fixes #1077
2023-11-28 09:09:22 +01:00
renovate[bot]
fece49805b chore(deps): update dependency babel-standalone to v7.23.4 2023-11-27 09:30:11 +01:00
Pooja Shah
24c614bf16 Added ppc64le support 2023-11-16 10:07:21 +01:00
renovate[bot]
c736581f85 chore(deps): update all dependencies 2023-11-13 09:45:27 +01:00
Cosmin Cojocar
3188e3fb8e Ensure ignores are handled properly for multi-line issues
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-10 10:48:04 +01:00
Cosmin Cojocar
6d56592f09 Update Go to version 1.21.4 and 1.20.11
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-10 10:38:54 +01:00
renovate[bot]
870103b709 chore(deps): update module golang.org/x/text to v0.14.0 2023-11-06 09:43:30 +01:00
renovate[bot]
b50e4936af chore(deps): update all dependencies 2023-10-30 10:16:50 +01:00
Cosmin Cojocar
2f9965bfbd Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-25 10:15:42 +02:00
Eng Zer Jun
fa1b74d4fc Avoid allocations with (*regexp.Regexp).MatchString
We should use `(*regexp.Regexp).MatchString` instead of
`(*regexp.Regexp).Match([]byte(...))` when matching string to avoid
unnecessary `[]byte` conversions and reduce allocations.

Example benchmark:

var defaultTagRegex = regexp.MustCompile("\n *#nosec")

func BenchmarkMatch(b *testing.B) {
	for i := 0; i < b.N; i++ {
		if match := defaultTagRegex.Match([]byte("\n #nosec")); !match {
			b.Fail()
		}
	}
}

func BenchmarkMatchString(b *testing.B) {
	for i := 0; i < b.N; i++ {
		if match := defaultTagRegex.MatchString("\n #nosec"); !match {
			b.Fail()
		}
	}
}

goos: linux
goarch: amd64
pkg: github.com/securego/gosec/v2
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkMatch-16          	 5367033	       210.6 ns/op	       8 B/op	       1 allocs/op
BenchmarkMatchString-16    	 9321561	       126.3 ns/op	       0 B/op	       0 allocs/op
PASS
ok  	github.com/securego/gosec/v2	3.606s

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-25 09:56:02 +02:00
Cosmin Cojocar
64bbe90144 Fix some typos
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:32:21 +02:00
Cosmin Cojocar
d9071e359b Update local installation instructions by removing the details for Go 1.16
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:28:11 +02:00
Cosmin Cojocar
5d837bcaab Update gosec version to 2.18.2 in the action
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:22:59 +02:00
Cosmin Cojocar
55d7949601 Disable dot-imports in revive linter
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-23 10:00:13 +02:00
renovate[bot]
4656817593 chore(deps): update module github.com/onsi/gomega to v1.28.1 2023-10-23 09:37:22 +02:00
Cosmin Cojocar
5567ac4cfe Run the gosec with data race detector active during tests
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 15:13:27 +02:00
Cosmin Cojocar
a2397580b6 Fix data race in the analyzer
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 15:13:27 +02:00
Cosmin Cojocar
c06903addd Fix test that checks the overriden nosec directive
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 14:33:51 +02:00
Cosmin Cojocar
bde26196d0 Clean global state in flgs tests
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 14:33:51 +02:00
Cosmin Cojocar
e108c56933 Format the file
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
e298388908 Update README with details which describe the current behaviour of #nosec
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00
Cosmin Cojocar
d8a6d358dc Ensure the ignores are parsed before analysing the package
In addition this handles the ignores for multi-line issues

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-18 12:02:48 +02:00