Releases: securego/gosec
Releases · securego/gosec
v2.21.2
v2.21.1
v2.21.0
Changelog
- b278b40 Update cosign version to v2.4.0 in release github workflow (#1207)
- eaedce9 Improvement the int conversion overflow logic to handle bound checks (#1194)
- ea5b276 fix: G602 support for nested conditionals with bounds check (#1201)
- 11d6903 Update go.mod to sue go 1.22.0 toolchain
- 655527d chore(deps): update all dependencies
- 0898560 Make variable name more clear
- ac67231 Make variable names more explicity and reduce duplications
- e0414c4 Fix formatting
- c7003fc Refactor to reduce some fuctions and variable names
- 2401936 Pass the value argument directly since is an interface
- f5d3128 Added suggested changes
- a14ca4a Added another test case in order to increase code coverage
- a6dd589 Removed function parameter which is always the same
- b4c7469 Formatting problems(CI was not passing)
- 7f8f654 Updated analyzer to use new way of initialization
- a26215c Migrated the rule to the analyzers folder
- 3f6e1e7 Refractored code a little bit
- 0eb8143 Added new rule G407(hardcoded IV/nonce)
- 4ae73c8 Fix conversion overflow false positive when using ParseUint
- c52dc0e Add a build step to measure the scan perfomance
- bcec04e Fix conversion overflow false positives when they are checked or pre-determined
- 71e397b Update go.mod
- aec45b0 chore(deps): update all dependencies
- ab3f6c1 Fix false positive in conversion overflow check from uint8/int8 type
- a39ec5a Disable staticcheck SA1019 rule
- a1b2ab8 Update the golangci linters
- 8467f01 Add more test to cover more use cases for G115 rule
- 81cda2f Allow excluding analyzers globally (#1180)
- 18135b4 Update to Go 1.23.0 (#1183)
- 91c708a chore(deps): update all dependencies (#1182)
- 92bac42 Read the AI API key also from an environment variable (#1181)
- 56f943b Add support to generate auto fixes using LLM (AI) (#1177)
- f33fd4b chore(deps): update all dependencies
- 55a47f3 chore(deps): update all dependencies
- a5d9ef6 chore(deps): update all dependencies
- 6842444 chore(deps): update dependency babel-standalone to v7.24.10
- 08b94f9 Resolve underlying type to detect overflows in type aliases
- 4487a0c chore(deps): update dependency babel-standalone to v7.24.8
- 0076267 Fix multifile ignores
- 2f1b81b Add -enable-audit cli flag
- 87fcb9b Update to go 1.22.5 and 1.21.12
- 466992f chore(deps): update all dependencies
- 9a4a741 Added more rules
- 6382394 Fixed coverage workflow
- 5666ea3 Fixed CI workflow
- fc0957f Minor changes
- 58e4fcc Split the G401 rule into two separate ones
- 2e71f37 Updated G401 corresponding CWE
- 3edc633 chore(deps): update docker/build-push-action action to v6
- 2ae137a Update to go versions to 1.21.11 and 1.22.4
- 30a8a9c chore(deps): update all dependencies
- ac75d44 Fix nosec when applied to a block
- ed3f51e Add more types to templates rule
- c3209fc Map the G115 rule to an CWE ID
- 45fbb27 chore(deps): update all dependencies
- 43bef71 Update README with G115 rule description
- 555fe44 Remove deprecated megacheck linter from golangci
- 81b076f Format imports
- f775eb1 Update .gitignore
- 4bf5667 Add a new rule to detect integer overflow on integer types conversion
- 5f0084e feat: add env var to override the Go version detection
- 75dd9d6 Use the proper logic when disabling the go module version
- 1e1fc91 Update the README with some details related to Go version used by the rules
- 9a03665 Add an environment varialbe which disables the parsing of Go version from module file
- b633c4c chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
- 40f29c8 Update docker image in action to v2.20.0
v2.20.0
Changelog
- 6fbd381 Catch os.ModePerm permissions in os.WriteFile
- dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
- 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
- d34f8b7 chore(deps): update all dependencies
- 8658b8e Update Go to version 2.22.3 in CI and release
- d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
- cf29d54 chore(deps): update all dependencies
- 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
- 3b23ec8 Update to go 1.22.2
- 31009c3 chore(deps): update all dependencies
- daf6f67 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
- e27f442 chore(deps): update all dependencies
- 5513615 fix(helpers/goversion): get from go.mod
- 43b8b75 chore: fix function name
- accd7a1 chore(deps): update all dependencies
- 48aa72e Format the imports using the gci tool
- b6df69c Fixup: delete unused variable
- ccb0a08 Fix test: update test to comply with the spec of generated sources
- 3a0ea51 Refactor: use standard function to check if a file is generated
- 11c3252 Fix lint warnings
- be378e6 Add support for math/rand/v2 added in Go 1.22
- 36878a9 Skip the G601 tests for Go version 1.22
- 903c75b Update go version to 1.22.1 and 1.21.8
- f25ccd9 Ignore 'implicit memory aliasing' rule for Go 1.22+
- 582e91a chore(deps): update all dependencies
- 198a40c chore(deps): update module golang.org/x/tools to v0.18.0
- c824a5d fix(hardcoded): remove duplicated
Stripe API Key - d13d7da Update gosec version to v2.19.0 in the Github action
v2.19.0
Changelog
- 26e57d6 Update CI to go version 1.22
- e60b8d8 chore(deps): update all dependencies
- 1285eb7 chore(deps): update all dependencies
- cf4ab3e chore(deps): update all dependencies
- 277553c chore(deps): update all dependencies
- 57ec76b chore(deps): update all dependencies
- 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
- 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
- 187adab chore(deps): update all dependencies
- e1f27ba chore(deps): update actions/setup-go action to v5
- 2aad3f0 Fix lint warnings by properly formatting the files
- 0e2a618 chore: Refactor Sample Code to Separate Files
- bc03d1c Update go version to 1.21.5 and 1.20.12 (#1084)
- 79a6b47 chore(deps): update all dependencies (#1080)
- eb256a7 Ignore the issues from generated files when using the analysis framework (#1079)
- 43b7cbf Update README with upload-sarif v2 (#1078)
- fece498 chore(deps): update dependency babel-standalone to v7.23.4
- 24c614b Added ppc64le support
- c736581 chore(deps): update all dependencies
- 3188e3f Ensure ignores are handled properly for multi-line issues
- 6d56592 Update Go to version 1.21.4 and 1.20.11
- 870103b chore(deps): update module golang.org/x/text to v0.14.0
- b50e493 chore(deps): update all dependencies
- 2f9965b Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
- fa1b74d Avoid allocations with
(*regexp.Regexp).MatchString - 64bbe90 Fix some typos
- d9071e3 Update local installation instructions by removing the details for Go 1.16
- 5d837bc Update gosec version to 2.18.2 in the action
v2.18.2
Changelog
- 55d7949 Disable dot-imports in revive linter
- 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
- 5567ac4 Run the gosec with data race detector active during tests
- a239758 Fix data race in the analyzer
- c06903a Fix test that checks the overriden nosec directive
- bde2619 Clean global state in flgs tests
- e108c56 Format the file
- e298388 Update README with details which describe the current behaviour of #nosec
- d8a6d35 Ensure the ignores are parsed before analysing the package
- 7846db0 chore(deps): update all dependencies
- 8e0cf8c Update gosec to version 2.18.1 in the action
- 6b12a71 Update cosign version to v2.2.0
v2.18.1
Changelog
- 0ec6cd9 Refactor how ignored issues are tracked
- f338a98 Restrict the maximum depth when tracking the slice bounds
- 7e2d8d3 Handle empty ssa results
- 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
- ec31a3a Fix typo
- a11eb28 Handle new function when getting the call info in case is overriden
- 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
- dd08f99 Update to Go 1.21.3 and 1.20.10 (#1035)
- 616520f Update the list of unsafe functions detected by the unsafe rule (#1033)
- 3952187 Update the action to use gosec version v2.18.0 (#1029)
- 2b62dd1 Use a step ID in github release action to get the digest of the image (#1028)
v2.18.0
Changelog
- 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#1027)
- 7f7c47f chore(deps): update all dependencies (#1026)
- d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
- 09cf6ef Fix typos in struct fields, comments, and docs (#1023)
- 665e87b chore(deps): update all dependencies
- 4def3a4 Fix lint warning
- 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
- 293d887 Fix lint warnings
- ac482cb Update ginkgo to latest version
- e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
- e1278f9 docs: add reMarkable to users list
- f6a6496 chore(deps): update all dependencies
- aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
- 7a98537 Update to latest go version
- b192f06 chore(deps): update all dependencies (#1011)
- 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
- 325eb19 chore(deps): update all dependencies (#1008)
- beef125 Exclude maps from slince bounce check rule (#1006)
- 21d13c9 Ignore struct pointers in G601 (#1003)
- 85005c4 Update gosec image version to 2.17.0 in the Github action (#1002)
- 6a2c5e1 Update cosign to version v2.1.1 (#1000)
v2.17.0
Changelog
- a89e9d5 Enable go 1.21.0 in the CI build (#998)
- 4b458c4 chore(deps): update all dependencies (#997)
- 7d51bfe Update to go version 1.20.7 and 1.19.12 (#993)
- fc2f66b chore(deps): update all dependencies (#992)
- 2cf2f96 chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
- bf7feda fix: correctly identify infixed concats as potential SQL injections (#987)
- 2292ed5 chore(deps): update all dependencies (#989)
- fc570b6 Add a new flag terse to show only the results and summary (#986)
- 36f6933 Switch to a maintained fork of zxcvbn module (#984)
- ed7b334 Fix dependencies after bot update (#983)
- e76ad70 chore(deps): update all dependencies (#982)
- 3a6fd99 Update to Go version 1.19.11 and 1.20.6 (#981)
- ea39309 Fix and tidy the dependencies (#977)
- ef8f560 chore(deps): update all dependencies (#976)
- 17b7d31 Update README file with new rule (#975)
- a018cf0 Feature: G602 Slice Bound Checking (#973)
- 82364a7 chore(deps): update all dependencies (#974)
- abeab10 Feature: G101 match variable values and names (#971)
- b824c10 Update build script to go version 1.20.5
- 022584d chore(deps): update all dependencies
- bd58600 Recognize struct field in G601
- 1457921 Remove the depguard from the list of enabled linters
- 1f68996 Fix typos in comments, vars and tests
- e148465 chore(deps): update all dependencies
- 9120883 Fix no-sec alternative tag (#962)
- 87cc45e Use image digest instead of tag when signing the released image with cosign (#960)
- 6df05bd Update gosec image version to 2.16.0 in the Github action (#959)
v2.16.0
Changelog
- c5ea1b7 Update cosign to latest version in release Github action (#958)
- 8632a8c chore(deps): update all dependencies (#956)
- ae3c2f7 Update go version in build and release scripts (#957)
- 970cc29 chore(deps): update all dependencies (#955)
- 47bfd4e Update Go version to 1.20.3 (#953)
- 440141a chore(deps): update all dependencies (#952)
- 7df7baa Fix for Dockerfile smell DL3059 (#951)
- 2ee3213 README: upgrade GitHub action in examples (#950)
- 68b5201 enable ginkgolinter linter (#948)
- 780ebd0 chore(deps): update all dependencies (#947)
- d6aeaad correct gci linter (#946)
- 73f0efc remove deprecated linters
- aef69b3 increase timeout to 5m
- 6bad723 chore(deps): update all dependencies
- 96bb741 Use the latest version
- 6a73248 Fix some linting warnings
- 83fc5e6 Fix lint warning
- 8e7cf4b Bump the go versions and golanci
- e7bfcd1 chore(deps): update all dependencies (#942)
- f823a7e Check nil pointer when variable is declared in a different file
- cdd3476 fix dead link to issue.go in README.md (#936)
- d5a9c73 Remove rule G307 which checks when an error is not handled when a file or socket connection is closed (#935)
- 27bf0e4 Fix rule index reference into sarif report (#934)
- e7b896f Bump golang.org/x/net from 0.6.0 to 0.7.0
- 4340efa Format file
- f850069 Use the gosec issue in the go analysers
- b1fd948 Fix file formatting
- 2071786 Update Go version in CI builds
- 1915717 Fix method name in the comment
- de2c6a3 Extract the issue in its own package
- 31e6327 Add support for Go analysis framework and SSA code representation
- e795d75 chore(deps): update all dependencies (#931)
- 8aa00db Remove the version form ci github action
- 392e53c Pin github action to latest release version 2.15.0
- ffe254e Revert the image tag in github action until a working solution is found
- a0eddfb Fix version interpolation in github action image
- d22a7b6 Add gosec version as an input parameter to GitHub action (#927)
- 2d6b0a5 Update release build script (#924)