1
0
mirror of https://github.com/securego/gosec.git synced 2025-01-07 23:01:50 +02:00
Commit Graph

515 Commits

Author SHA1 Message Date
Martin Vrachev
e7b3ae9c54 Clarify and add new unit tests for rule G107 (#376)
The existing unit tests for G107 didn't have any comments why
a certain code is problematic.
Other than that we need more unit tests for rule G107 for the
different scenarios.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-09-17 12:22:43 +02:00
renovate[bot]
f90efff866 Update golang.org/x/tools commit hash to 2dc213d (#375) 2019-09-17 12:22:00 +02:00
renovate[bot]
90e975912b Update golang.org/x/net commit hash to c858923 (#373) 2019-09-17 12:20:44 +02:00
Martin Vrachev
709ed1ba65 Change rule G204 to be less restrictive (#339)
Currently, rule G204 warns you about every single use of the
functions syscall.Exec, os.exec.CommandContext and os.Exec.Command.
This can create false positives and it's not accurate because you can
use those functions with perfectly secure arguments like hardcoded
strings for example.

With this change, G204 will warn you in 3 cases when passing arguments
to a function which starts a new process the arguments:
1) are variables initialized by calling another function
2) are functions
3) are command-line arguments or environmental variables

Closes: https://github.com/securego/gosec/issues/338

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-09-16 16:15:06 +02:00
renovate[bot]
98749b7357 Update golang.org/x/net commit hash to 24e19bd (#372) 2019-09-16 10:25:16 +02:00
renovate[bot]
d8f6c4f7f7 Update golang.org/x/sys commit hash to c3b328c (#371) 2019-09-16 10:23:55 +02:00
renovate[bot]
32041942e8 Update golang.org/x/tools commit hash to 92af9d6 (#370) 2019-09-16 10:23:43 +02:00
Renovate Bot
140048b2a2 Update golang.org/x/sys commit hash to 7ad0cfa 2019-09-12 12:07:52 +00:00
renovate[bot]
a65402bc5a Update golang.org/x/tools commit hash to 6bfd74c (#365) 2019-09-12 14:07:35 +02:00
Isaev Denis
b9c4c66295 Expose analyzer API (#366)
Make it possible to use gosec from e.g. golangci-lint
without modification of gosec.
2019-09-12 14:06:59 +02:00
Grant Murphy
29fddff3b4 turn on automerge for rennovate bot 2019-09-11 21:29:05 +10:00
renovate[bot]
bee7b5aa0d Update golang.org/x/crypto commit hash to 227b76d (#363) 2019-09-11 09:51:50 +02:00
renovate[bot]
069c31f980 Update golang.org/x/tools commit hash to 16c5e0f (#362) 2019-09-11 09:51:26 +02:00
renovate[bot]
3e65f8ff9d Update golang.org/x/sys commit hash to bbd1755 (#361) 2019-09-11 09:51:06 +02:00
renovate[bot]
f5d5e20b3e Update golang.org/x/tools commit hash to dd2b5c8 (#360) 2019-09-10 09:18:49 +02:00
Cosmin Cojocar
a1c9c76277 Remove the unused code to increase the test coverage
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:59:05 +10:00
Cosmin Cojocar
338b50debb Remove rule G105 which detects the use of math/big#Int.Exp
The big#Int.Exp used to be vulnerable in older versions of Go, but in the
meantime has been fixed (https://github.com/golang/go/issues/15184).

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:59:05 +10:00
Cosmin Cojocar
43e3664713 Build the tls config generator only with Go versions compatible with Go 1.12
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
81b6dc8872 Regenerate the TLS configuration based on latest Mozilla's recommended ciphers
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
76ce9f0147 Update to config struct to unmarshal the mozilla server-side TLS conf version 5
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
Cosmin Cojocar
e050355b4b Update the TLS config generator to handle TLS version 1.3
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:57:18 +10:00
renovate[bot]
c0510fc45b Update golang.org/x/tools commit hash to 0673112 (#359) 2019-09-10 11:55:33 +10:00
renovate[bot]
a57a033983 Update golang.org/x/sys commit hash to f460065 (#356) 2019-09-09 14:17:36 +02:00
renovate[bot]
80637510f4 Update golang.org/x/crypto commit hash to 094676d (#355) 2019-09-09 22:03:23 +10:00
Cosmin Cojocar
7851918c4f Add support to exclude arbitrary folders from scanning (#353)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 22:01:36 +10:00
renovate[bot]
1c35be8eca Add renovate.json (#354) 2019-09-09 21:32:22 +10:00
Cosmin Cojocar
fde1f82f34 Update the tag format in the release steps (#348)
Go modules requires that the tag starts with a `v`.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:11:32 +10:00
Cosmin Cojocar
992f173356 Update README file with a note on dependencies (#351)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:11:12 +10:00
Cosmin Cojocar
e442cf30a8 Add Go 1.13 to the tested version in the travis build file (#350)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:10:58 +10:00
Cosmin Cojocar
4ecbe32d83 Update go modules to latest compatible version and removed unused dependencies (#349)
* Tidy up the go modules to remove unused modules

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Update go modules to latest compatible version

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-09 21:10:41 +10:00
Daniel Carlier
8932f702ce Add flag to handle '#nosec' alternative (#346)
* Add logic to check for a #nosec alternative

* Add NoSecAlternative as a new global variable

* Add nosec-tag flag
2019-09-04 10:20:43 +02:00
Grant Murphy
4b59c94808
Prevent null pointer exception in Sonarqube (#334)
* fix(formatters) null value causes npe in sonarqube

the json encoding of uninitialized arrays is null. this causes a npe in
sonarqube tool. we should return an empty array rather than a null value
here.

relates to: #333
2019-07-09 13:36:09 +10:00
Juan Antonio Osorio Robles
39f7e7b9e0 Display filtered number of issues instead of total in stats
This takes into account the filtered number of issues instead of
the total number. This number is more relevant to developers, as
the intention was to not take certain issues into account anyway.
2019-07-04 10:13:09 +10:00
Cosmin Cojocar
e28a56a8ad
Merge pull request #330 from ccojocar/fix-whitelist-G104
Fix the whitelist on G104 rule and add some documentation which describe how to configure the whitelist
2019-06-26 09:14:15 +02:00
Cosmin Cojocar
63b44b6681 Add some more tests to make codecov happy
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 11:56:26 +02:00
Cosmin Cojocar
141235719b Add some documentation for G104 whitelist configuration
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 11:26:28 +02:00
Cosmin Cojocar
f3445245a2 Fix the whitelist on G104 rule and add a test
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 11:15:11 +02:00
Cosmin Cojocar
78a49491a8 Load rules on each code sample in order to reconfigure them
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 11:14:27 +02:00
Cosmin Cojocar
ed9934fa48 Refactor the rules tests to be able to configure the analyzer config per test sample
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-25 10:29:19 +02:00
Cosmin Cojocar
36a82ea85e
Merge pull request #328 from ccojocar/fix-sonarqute-report
Fix the file path in the Sonarqube report and also add support for multiple root folders
2019-06-25 08:55:21 +02:00
Cosmin Cojocar
020479a832 Support multiple root paths when generating the Sonarqube report
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:35:11 +02:00
Cosmin Cojocar
46e55b908d Fix the file path in the Sonarqube report
Add some test to validate the Sonarqube formatter.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-06-24 14:10:51 +02:00
Ben Bytheway
04dc713f22 One approach for fixing the false positive identified in #325. 2019-06-13 08:22:48 +10:00
Martin Vrachev
196edd34b6 Add checksum clarification in README
Currently, if you download the gosec binary using the commands
suggested in the README and you decide to check the checksum
of the binary, you just downloaded then your checksum check will fail.
As a result, the user can think that your binary is corrupted.

The reason for that failure is that the checksums are for the
tar.gz files provided in the release notes.
This should be documented to avoid future unclarities.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-06-07 22:33:15 +10:00
Cosmin Cojocar
0ebfa2f8b7
Rework analyzer unit test to pass the go tip version (#318)
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-17 15:35:46 +02:00
Sandor Szücs
9d9098fa97 print version string (#317)
Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
2019-05-17 11:33:02 +02:00
Cosmin Cojocar
ee80733faf
Add a flag to filter issues by confidence (#316)
Refactor also how the issues are filtered by severity.

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-10 10:15:09 +02:00
Cosmin Cojocar
29cec138dc
Fix formatting in README, remove prerequisite and reworked the Makefile tests goals (#313)
* Fix formating in README

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Split the various test goals in the Makefile

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Remove the prerequisites from README since they are automatically installed

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Remove unnecessary install steps from Travis CI build

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Make sure golint is installed before running the lint command

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>

* Make sure ginkgo command is installed before running the tests

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-02 09:19:18 +02:00
Cosmin Cojocar
b68ac76dbc Fix formatting
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Cosmin Cojocar
3e69a8c8a2 Append the package load errors to analyser's errors
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00