1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-28 21:08:22 +02:00
Commit Graph

414 Commits

Author SHA1 Message Date
Cosmin Cojocar
625718d294 Refactor the test for Go build errors
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
3af4ae9ddb Fix some lint warnings
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
bac6f0fb8f Add tests for an empty package without any test file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
76b2c12044 Add a test to cover the processing of empty packages
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
b04c1ce0a7 Fix error parsing from package
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
92b3644625 Fix error parsing when the loaded package is empty
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
48e39323f3 Remove tests case from import tracker
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 19:34:57 +02:00
Cosmin Cojocar
25b5a1a1ce Add tests to cover the import tracker from file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 19:34:57 +02:00
Cosmin Cojocar
5ef2beeaa6 Track only the import from the file which is checked
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 19:34:57 +02:00
Cosmin Cojocar
f1ea7f6ee3 Add tests for analyser test pacakge check
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
6e5135f6eb Update README with some instructions to enable the tests and vendor folder scanning
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
b49c9532a8 Add a flag which allows to scan also the tests files
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:55:24 +02:00
Cosmin Cojocar
f1d49a6945 Remove unused code
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:54:59 +02:00
Cosmin Cojocar
ed2e0aa927 Update local install command in README file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-29 06:54:40 +02:00
Cosmin Cojocar
4dfaf0a997 Refactor the analyzer to process one package at the time
This avoids loading all packages in memory before running the checks.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-28 09:06:52 +02:00
Cosmin Cojocar
adcfe94257 Fix test for helpers
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
5ae52660ae Add some tests that covers the helper function which list the package paths
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
e419eb8f4e Exclude correctly the vendor folder from the scanned packages
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85eb8a52ab Scan the go packages path recursively starting from a root folder
This is replacing the gotool.ImportPaths which seems to have some troubles with Go modules.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
85221996b6 Improve logging in the analyser
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
ea16ff1f9e Remove GOPATH check to allow running gosec outside of GOPATH
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 14:02:43 -07:00
Cosmin Cojocar
6c174a61d4 Update README file
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:40 +02:00
Cosmin Cojocar
7935fd85b9 Rework the Dockerfile for Go modules
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:40 +02:00
Cosmin Cojocar
806908a805 Remove the dep tool installation from travis CI
Use the just built gosec to scan the source code.
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Cosmin Cojocar
950e84c3fa Handle errors to fix lint warnings
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Cosmin Cojocar
ee73b9e94b Remove dep and Use only Go modules to manage dependencies
Update the depenendencies to latest versions

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-04-27 08:20:18 +02:00
Naoya Yoshizawa
85d180848d Go modules support for 1.12 (#297)
* support go module

* fix implement and uncommented out tests

* includes test package

* remove test environment go1.10 or older
2019-04-25 09:25:32 +02:00
kencrawford
eaba99df37 fix comment. 2019-03-21 07:30:14 +10:00
kencrawford
4cd14f9068 remove panic 2019-03-21 07:30:14 +10:00
kencrawford
66e7c8d8f8 Extract to a constant 2019-03-21 07:30:14 +10:00
kencrawford
1b28d323d8 fix sonarIssues struct 2019-03-21 07:30:14 +10:00
kencrawford
8eab50eb17 update README.md to add support of sonarqube. 2019-03-21 07:30:14 +10:00
kencrawford
989eb3ff88 Update Hound errors 2019-03-21 07:30:14 +10:00
kencrawford
ddfe54d0a0 Add sonarqube output 2019-03-21 07:30:14 +10:00
JulesDT
c5e6c4aedd fix no-fail flag logic 2019-03-19 08:11:02 +10:00
Cosmin Cojocar
2bd007e968 Update README 2019-03-06 17:18:50 +10:00
Cosmin Cojocar
8b27d1c091 Update go version to 1.11.5 in the docker file 2019-03-06 17:18:50 +10:00
Liam Galvin
9cd538fcf2 Fix README typo 2019-03-06 08:14:35 +10:00
Martin Vrachev
62b5195dd9 Report for Golang errors (#284)
* Report for Golang errors

Right now if you use Gosec to scan invalid go file and if you report the result in a text, JSON, CSV or another file format you will always receive 0 issues.
The reason for that is that Gosec can't parse the AST of invalid go files and thus will not report anything.

The real problem here is that the user will never know about the issue if he generates the output in a file.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-27 08:24:06 +10:00
Martin Vrachev
9cdfec40ca Change test
I thought that an example where the user inputs a URL is more realistic.
Because if your operating system is already hacked then you are already screwed.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-02-13 11:47:59 +01:00
Cosmin Cojocar
8048b15efa Add more badges in the README file 2019-02-13 11:46:36 +01:00
Joaquin L. Pereyra
e2752bc191 revert to default GOPATH if necessary (#279)
* revert to default GOPATH if necessary
2019-02-07 09:34:52 +10:00
JulesDT
04ce7baf6c add a no-fail flag 2019-01-28 09:38:18 +01:00
Joaquin L. Pereyra
a966ff760c Fix -conf example in README.md
1. Example config json included a trailing comma, even though as we obviously know this is how things should be, JSON does not agree and the parser fails miserably
2. Flag was incorrectly stated as -config in the README, the correct flag is -conf
3. Example command did not work as did not include final dot to examine the current pkg.
2019-01-22 15:33:45 +01:00
Cosmin Cojocar
b6626154df Fix typo 2019-01-18 11:09:41 +01:00
Cosmin Cojocar
5d33e6ebe1 Update the README with some details about the configuration file
fixes #269
2019-01-18 11:09:41 +01:00
Cosmin Cojocar
f87af5fa72 Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274)
* Define more explicit the global options in the configuration

* Detect in audit mode the unhandled errors even thought they are explicitly ignored
2019-01-14 21:37:40 +10:00
Cosmin Cojocar
14ed63d558 Do not flag the unhandled errors which are explicitly ignored
fixes #270
2019-01-14 10:06:30 +01:00
Cosmin Cojocar
12400f9a1c Update README with the code coverage batch 2018-12-11 18:15:58 +01:00
Cosmin Cojocar
72e95e88ac Geneate and upload the test coverage report to codecove.io 2018-12-11 17:08:31 +01:00