Skip to content

Releases: securego/gosec

v2.21.4

26 Sep 11:58
d4617f5
Compare
Choose a tag to compare

Changelog

  • d4617f5 chore(deps): update module google.golang.org/api to v0.198.0 (#1233)
  • 1d23143 Prevent panic: unexpected constant value: (#1232)
  • 6741874 Fix running single analyzer which isn't a rule bug (#1231)
  • a836898 Update gosec version to v2.21.3 in github action (#1227)

v2.21.3

18 Sep 11:49
be8bd6e
Compare
Choose a tag to compare

Changelog

v2.21.2

09 Sep 13:43
abfe8cf
Compare
Choose a tag to compare

Changelog

v2.21.1

04 Sep 15:01
0ce4453
Compare
Choose a tag to compare

Changelog

  • 0ce4453 Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)
  • ea26e84 Update gosec in github action to v2.21.0 (#1208)

v2.21.0

04 Sep 14:27
b278b40
Compare
Choose a tag to compare

Changelog

  • b278b40 Update cosign version to v2.4.0 in release github workflow (#1207)
  • eaedce9 Improvement the int conversion overflow logic to handle bound checks (#1194)
  • ea5b276 fix: G602 support for nested conditionals with bounds check (#1201)
  • 11d6903 Update go.mod to sue go 1.22.0 toolchain
  • 655527d chore(deps): update all dependencies
  • 0898560 Make variable name more clear
  • ac67231 Make variable names more explicity and reduce duplications
  • e0414c4 Fix formatting
  • c7003fc Refactor to reduce some fuctions and variable names
  • 2401936 Pass the value argument directly since is an interface
  • f5d3128 Added suggested changes
  • a14ca4a Added another test case in order to increase code coverage
  • a6dd589 Removed function parameter which is always the same
  • b4c7469 Formatting problems(CI was not passing)
  • 7f8f654 Updated analyzer to use new way of initialization
  • a26215c Migrated the rule to the analyzers folder
  • 3f6e1e7 Refractored code a little bit
  • 0eb8143 Added new rule G407(hardcoded IV/nonce)
  • 4ae73c8 Fix conversion overflow false positive when using ParseUint
  • c52dc0e Add a build step to measure the scan perfomance
  • bcec04e Fix conversion overflow false positives when they are checked or pre-determined
  • 71e397b Update go.mod
  • aec45b0 chore(deps): update all dependencies
  • ab3f6c1 Fix false positive in conversion overflow check from uint8/int8 type
  • a39ec5a Disable staticcheck SA1019 rule
  • a1b2ab8 Update the golangci linters
  • 8467f01 Add more test to cover more use cases for G115 rule
  • 81cda2f Allow excluding analyzers globally (#1180)
  • 18135b4 Update to Go 1.23.0 (#1183)
  • 91c708a chore(deps): update all dependencies (#1182)
  • 92bac42 Read the AI API key also from an environment variable (#1181)
  • 56f943b Add support to generate auto fixes using LLM (AI) (#1177)
  • f33fd4b chore(deps): update all dependencies
  • 55a47f3 chore(deps): update all dependencies
  • a5d9ef6 chore(deps): update all dependencies
  • 6842444 chore(deps): update dependency babel-standalone to v7.24.10
  • 08b94f9 Resolve underlying type to detect overflows in type aliases
  • 4487a0c chore(deps): update dependency babel-standalone to v7.24.8
  • 0076267 Fix multifile ignores
  • 2f1b81b Add -enable-audit cli flag
  • 87fcb9b Update to go 1.22.5 and 1.21.12
  • 466992f chore(deps): update all dependencies
  • 9a4a741 Added more rules
  • 6382394 Fixed coverage workflow
  • 5666ea3 Fixed CI workflow
  • fc0957f Minor changes
  • 58e4fcc Split the G401 rule into two separate ones
  • 2e71f37 Updated G401 corresponding CWE
  • 3edc633 chore(deps): update docker/build-push-action action to v6
  • 2ae137a Update to go versions to 1.21.11 and 1.22.4
  • 30a8a9c chore(deps): update all dependencies
  • ac75d44 Fix nosec when applied to a block
  • ed3f51e Add more types to templates rule
  • c3209fc Map the G115 rule to an CWE ID
  • 45fbb27 chore(deps): update all dependencies
  • 43bef71 Update README with G115 rule description
  • 555fe44 Remove deprecated megacheck linter from golangci
  • 81b076f Format imports
  • f775eb1 Update .gitignore
  • 4bf5667 Add a new rule to detect integer overflow on integer types conversion
  • 5f0084e feat: add env var to override the Go version detection
  • 75dd9d6 Use the proper logic when disabling the go module version
  • 1e1fc91 Update the README with some details related to Go version used by the rules
  • 9a03665 Add an environment varialbe which disables the parsing of Go version from module file
  • b633c4c chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
  • 40f29c8 Update docker image in action to v2.20.0

v2.20.0

14 May 13:42
Compare
Choose a tag to compare

Changelog

  • 6fbd381 Catch os.ModePerm permissions in os.WriteFile
  • dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
  • 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
  • d34f8b7 chore(deps): update all dependencies
  • 8658b8e Update Go to version 2.22.3 in CI and release
  • d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
  • cf29d54 chore(deps): update all dependencies
  • 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
  • 3b23ec8 Update to go 1.22.2
  • 31009c3 chore(deps): update all dependencies
  • daf6f67 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
  • e27f442 chore(deps): update all dependencies
  • 5513615 fix(helpers/goversion): get from go.mod
  • 43b8b75 chore: fix function name
  • accd7a1 chore(deps): update all dependencies
  • 48aa72e Format the imports using the gci tool
  • b6df69c Fixup: delete unused variable
  • ccb0a08 Fix test: update test to comply with the spec of generated sources
  • 3a0ea51 Refactor: use standard function to check if a file is generated
  • 11c3252 Fix lint warnings
  • be378e6 Add support for math/rand/v2 added in Go 1.22
  • 36878a9 Skip the G601 tests for Go version 1.22
  • 903c75b Update go version to 1.22.1 and 1.21.8
  • f25ccd9 Ignore 'implicit memory aliasing' rule for Go 1.22+
  • 582e91a chore(deps): update all dependencies
  • 198a40c chore(deps): update module golang.org/x/tools to v0.18.0
  • c824a5d fix(hardcoded): remove duplicated Stripe API Key
  • d13d7da Update gosec version to v2.19.0 in the Github action

v2.19.0

12 Feb 09:17
Compare
Choose a tag to compare

Changelog

  • 26e57d6 Update CI to go version 1.22
  • e60b8d8 chore(deps): update all dependencies
  • 1285eb7 chore(deps): update all dependencies
  • cf4ab3e chore(deps): update all dependencies
  • 277553c chore(deps): update all dependencies
  • 57ec76b chore(deps): update all dependencies
  • 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
  • 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
  • 187adab chore(deps): update all dependencies
  • e1f27ba chore(deps): update actions/setup-go action to v5
  • 2aad3f0 Fix lint warnings by properly formatting the files
  • 0e2a618 chore: Refactor Sample Code to Separate Files
  • bc03d1c Update go version to 1.21.5 and 1.20.12 (#1084)
  • 79a6b47 chore(deps): update all dependencies (#1080)
  • eb256a7 Ignore the issues from generated files when using the analysis framework (#1079)
  • 43b7cbf Update README with upload-sarif v2 (#1078)
  • fece498 chore(deps): update dependency babel-standalone to v7.23.4
  • 24c614b Added ppc64le support
  • c736581 chore(deps): update all dependencies
  • 3188e3f Ensure ignores are handled properly for multi-line issues
  • 6d56592 Update Go to version 1.21.4 and 1.20.11
  • 870103b chore(deps): update module golang.org/x/text to v0.14.0
  • b50e493 chore(deps): update all dependencies
  • 2f9965b Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
  • fa1b74d Avoid allocations with (*regexp.Regexp).MatchString
  • 64bbe90 Fix some typos
  • d9071e3 Update local installation instructions by removing the details for Go 1.16
  • 5d837bc Update gosec version to 2.18.2 in the action

v2.18.2

23 Oct 08:06
Compare
Choose a tag to compare

Changelog

  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • 8e0cf8c Update gosec to version 2.18.1 in the action
  • 6b12a71 Update cosign version to v2.2.0

v2.18.1

13 Oct 12:16
Compare
Choose a tag to compare

Changelog

  • 0ec6cd9 Refactor how ignored issues are tracked
  • f338a98 Restrict the maximum depth when tracking the slice bounds
  • 7e2d8d3 Handle empty ssa results
  • 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
  • ec31a3a Fix typo
  • a11eb28 Handle new function when getting the call info in case is overriden
  • 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
  • dd08f99 Update to Go 1.21.3 and 1.20.10 (#1035)
  • 616520f Update the list of unsafe functions detected by the unsafe rule (#1033)
  • 3952187 Update the action to use gosec version v2.18.0 (#1029)
  • 2b62dd1 Use a step ID in github release action to get the digest of the image (#1028)

v2.18.0

09 Oct 08:04
53fc0c3
Compare
Choose a tag to compare

Changelog

  • 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#1027)
  • 7f7c47f chore(deps): update all dependencies (#1026)
  • d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
  • 09cf6ef Fix typos in struct fields, comments, and docs (#1023)
  • 665e87b chore(deps): update all dependencies
  • 4def3a4 Fix lint warning
  • 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  • 293d887 Fix lint warnings
  • ac482cb Update ginkgo to latest version
  • e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
  • e1278f9 docs: add reMarkable to users list
  • f6a6496 chore(deps): update all dependencies
  • aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  • 7a98537 Update to latest go version
  • b192f06 chore(deps): update all dependencies (#1011)
  • 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
  • 325eb19 chore(deps): update all dependencies (#1008)
  • beef125 Exclude maps from slince bounce check rule (#1006)
  • 21d13c9 Ignore struct pointers in G601 (#1003)
  • 85005c4 Update gosec image version to 2.17.0 in the Github action (#1002)
  • 6a2c5e1 Update cosign to version v2.1.1 (#1000)