1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-26 20:53:56 +02:00
gosec/analyzers
czechbol eaedce9a8b
Improvement the int conversion overflow logic to handle bound checks (#1194)
* add test cases

Signed-off-by: czechbol <adamludes@gmail.com>

* fix bounds check logic

Signed-off-by: czechbol <adamludes@gmail.com>

* tweak test cases

Signed-off-by: czechbol <adamludes@gmail.com>

* fix codestyle

Signed-off-by: czechbol <adamludes@gmail.com>

* improve bounds check logic

Signed-off-by: czechbol <adamludes@gmail.com>

* max recursion depth

Signed-off-by: czechbol <adamludes@gmail.com>

* add test case for len function

Signed-off-by: czechbol <adamludes@gmail.com>

* relax len function bounds checks

Co-authored-by: Ben Krieger <ben.krieger@intel.com>

* handle cases when convert instruction is after the if blocks

Signed-off-by: czechbol <adamludes@gmail.com>

* improve range check discovery, add tests

Signed-off-by: czechbol <adamludes@gmail.com>

* refactor for readability

Signed-off-by: czechbol <adamludes@gmail.com>

* add cap function test

Signed-off-by: czechbol <adamludes@gmail.com>

* calculate signed min without throwing overflow warnings

Signed-off-by: czechbol <adamludes@gmail.com>

* perform bounds checks int size calculations

Signed-off-by: czechbol <adamludes@gmail.com>

* basic equal operator logic

Signed-off-by: czechbol <adamludes@gmail.com>

* uintptr -> unsafe.Pointer test case

Signed-off-by: czechbol <adamludes@gmail.com>

* fix review comments

Signed-off-by: czechbol <adamludes@gmail.com>

* Rebase and fix go module

Change-Id: I8da6495eaaf25b1739389aa98492bd7df338085b
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

* fix false positive for negated value

Signed-off-by: czechbol <adamludes@gmail.com>

* fix range conditions

Signed-off-by: czechbol <adamludes@gmail.com>

* Ignore the golangci/gosec G115 warning

Change-Id: I0db56cb0a5f9ab6e815e2480ec0b66d7061b23d3
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>

---------

Signed-off-by: czechbol <adamludes@gmail.com>
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
Co-authored-by: Ben Krieger <ben.krieger@intel.com>
Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2024-09-04 16:09:54 +02:00
..
analyzers_set.go Allow excluding analyzers globally (#1180) 2024-08-20 10:43:40 +02:00
analyzers_test.go Updated analyzer to use new way of initialization 2024-08-30 19:35:07 +02:00
analyzerslist.go Updated analyzer to use new way of initialization 2024-08-30 19:35:07 +02:00
anaylzers_suite_test.go Allow excluding analyzers globally (#1180) 2024-08-20 10:43:40 +02:00
conversion_overflow_test.go Improvement the int conversion overflow logic to handle bound checks (#1194) 2024-09-04 16:09:54 +02:00
conversion_overflow.go Improvement the int conversion overflow logic to handle bound checks (#1194) 2024-09-04 16:09:54 +02:00
hardcodedNonce.go Make variable name more clear 2024-08-30 19:35:07 +02:00
slice_bounds.go fix: G602 support for nested conditionals with bounds check (#1201) 2024-09-04 11:07:42 +02:00
util.go Migrated the rule to the analyzers folder 2024-08-30 19:35:07 +02:00