diff --git a/.golangci.yml b/.golangci.yml
index f83d2d6af6..c11694cc14 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -23,6 +23,7 @@ linters:
- nolintlint
- revive
- staticcheck
+ - testifylint
- typecheck
- unconvert
- unparam
@@ -40,6 +41,9 @@ linters-settings:
- all
- '-SA1019'
+ testifylint:
+ enable-all: true
+
revive:
rules:
- name: dot-imports
diff --git a/README.md b/README.md
index 33b42c1f02..5e68182cb7 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ You may obtain a copy of the License [here](http://www.apache.org/licenses/LICEN
[](https://github.com/securego/gosec/releases)
[](https://hub.docker.com/r/securego/gosec/tags)
[](http://securego.slack.com)
+[](https://github.com/nikolaydubina/go-recipes)
## Install
@@ -211,30 +212,9 @@ A number of global settings can be provided in a configuration file as follows:
$ gosec -conf config.json .
```
-Also some rules accept configuration. For instance on rule `G104`, it is possible to define packages along with a list
-of functions which will be skipped when auditing the not checked errors:
+#### Rule Configuration
-```JSON
-{
- "G104": {
- "ioutil": ["WriteFile"]
- }
-}
-```
-
-You can also configure the hard-coded credentials rule `G101` with additional patterns, or adjust the entropy threshold:
-
-```JSON
-{
- "G101": {
- "pattern": "(?i)passwd|pass|password|pwd|secret|private_key|token",
- "ignore_entropy": false,
- "entropy_threshold": "80.0",
- "per_char_threshold": "3.0",
- "truncate": "32"
- }
-}
-```
+Some rules accept configuration flags as well; these flags are documented in [RULES.md](https://github.com/securego/gosec/blob/master/RULES.md).
#### Go version
@@ -308,7 +288,7 @@ func main() {
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -355,7 +335,7 @@ comment.
### Build tags
-gosec is able to pass your [Go build tags](https://golang.org/pkg/go/build/) to the analyzer.
+gosec is able to pass your [Go build tags](https://pkg.go.dev/go/build/) to the analyzer.
They can be provided as a comma separated list as follows:
```bash
diff --git a/RULES.md b/RULES.md
new file mode 100644
index 0000000000..94cfd76a84
--- /dev/null
+++ b/RULES.md
@@ -0,0 +1,61 @@
+# Rule Documentation
+
+## Rules accepting parameters
+
+As [README.md](https://github.com/securego/gosec/blob/master/README.md) mentions, some rules can be configured by adding parameters to the gosec JSON config. Per rule configs are encoded as top level objects in the gosec config, with the rule ID (`Gxxx`) as the key.
+
+Currently, the following rules accept parameters. This list is manually maintained; if you notice an omission please add it!
+
+### G101
+
+The hard-coded credentials rule `G101` can be configured with additional patterns, and the entropy threshold can be adjusted:
+
+```JSON
+{
+ "G101": {
+ "pattern": "(?i)passwd|pass|password|pwd|secret|private_key|token",
+ "ignore_entropy": false,
+ "entropy_threshold": "80.0",
+ "per_char_threshold": "3.0",
+ "truncate": "32"
+ }
+}
+```
+
+### G104
+
+The unchecked error value rule `G104` can be configured with additional functions that should be permitted to be called without checking errors.
+
+```JSON
+{
+ "G104": {
+ "ioutil": ["WriteFile"]
+ }
+}
+```
+
+### G111
+
+The HTTP Directory serving rule `G111` can be configured with a different regex for detecting potentially overly permissive servers. Note that this *replaces* the default pattern of `http\.Dir\("\/"\)|http\.Dir\('\/'\)`.
+
+```JSON
+{
+ "G111": {
+ "pattern": "http\\.Dir\\(\"\\\/\"\\)|http\\.Dir\\('\\\/'\\)"
+ }
+}
+
+```
+
+### G301, G302, G306, G307
+
+The various file and directory permission checking rules can be configured with a different maximum allowable file permission.
+
+```JSON
+{
+ "G301":"0o600",
+ "G302":"0o600",
+ "G306":"0o750",
+ "G307":"0o750"
+}
+```
diff --git a/action.yml b/action.yml
index a505455018..7aa2ea0dab 100644
--- a/action.yml
+++ b/action.yml
@@ -10,7 +10,7 @@ inputs:
runs:
using: 'docker'
- image: 'docker://securego/gosec:2.21.4'
+ image: 'docker://securego/gosec:2.22.0'
args:
- ${{ inputs.args }}
diff --git a/analyzer.go b/analyzer.go
index bfa7e19406..186cc3c258 100644
--- a/analyzer.go
+++ b/analyzer.go
@@ -16,6 +16,7 @@
package gosec
import (
+ "errors"
"fmt"
"go/ast"
"go/build"
@@ -543,8 +544,8 @@ func (gosec *Analyzer) ParseErrors(pkg *packages.Package) error {
// AppendError appends an error to the file errors
func (gosec *Analyzer) AppendError(file string, err error) {
// Do not report the error for empty packages (e.g. files excluded from build with a tag)
- r := regexp.MustCompile(`no buildable Go source files in`)
- if r.MatchString(err.Error()) {
+ var noGoErr *build.NoGoError
+ if errors.As(err, &noGoErr) {
return
}
errors := make([]Error, 0)
@@ -558,66 +559,71 @@ func (gosec *Analyzer) AppendError(file string, err error) {
// ignore a node (and sub-tree) if it is tagged with a nosec tag comment
func (gosec *Analyzer) ignore(n ast.Node) map[string]issue.SuppressionInfo {
- if groups, ok := gosec.context.Comments[n]; ok && !gosec.ignoreNosec {
+ if gosec.ignoreNosec {
+ return nil
+ }
+ groups, ok := gosec.context.Comments[n]
+ if !ok {
+ return nil
+ }
- // Checks if an alternative for #nosec is set and, if not, uses the default.
- noSecDefaultTag, err := gosec.config.GetGlobal(Nosec)
- if err != nil {
- noSecDefaultTag = NoSecTag(string(Nosec))
- } else {
- noSecDefaultTag = NoSecTag(noSecDefaultTag)
- }
- noSecAlternativeTag, err := gosec.config.GetGlobal(NoSecAlternative)
- if err != nil {
- noSecAlternativeTag = noSecDefaultTag
- } else {
- noSecAlternativeTag = NoSecTag(noSecAlternativeTag)
- }
+ // Checks if an alternative for #nosec is set and, if not, uses the default.
+ noSecDefaultTag, err := gosec.config.GetGlobal(Nosec)
+ if err != nil {
+ noSecDefaultTag = NoSecTag(string(Nosec))
+ } else {
+ noSecDefaultTag = NoSecTag(noSecDefaultTag)
+ }
+ noSecAlternativeTag, err := gosec.config.GetGlobal(NoSecAlternative)
+ if err != nil {
+ noSecAlternativeTag = noSecDefaultTag
+ } else {
+ noSecAlternativeTag = NoSecTag(noSecAlternativeTag)
+ }
- for _, group := range groups {
- comment := strings.TrimSpace(group.Text())
- foundDefaultTag := strings.HasPrefix(comment, noSecDefaultTag) || regexp.MustCompile("\n *"+noSecDefaultTag).MatchString(comment)
- foundAlternativeTag := strings.HasPrefix(comment, noSecAlternativeTag) || regexp.MustCompile("\n *"+noSecAlternativeTag).MatchString(comment)
+ for _, group := range groups {
+ comment := strings.TrimSpace(group.Text())
+ foundDefaultTag := strings.HasPrefix(comment, noSecDefaultTag) || regexp.MustCompile("\n *"+noSecDefaultTag).MatchString(comment)
+ foundAlternativeTag := strings.HasPrefix(comment, noSecAlternativeTag) || regexp.MustCompile("\n *"+noSecAlternativeTag).MatchString(comment)
- if foundDefaultTag || foundAlternativeTag {
- gosec.stats.NumNosec++
+ if foundDefaultTag || foundAlternativeTag {
+ gosec.stats.NumNosec++
- // Discard what's in front of the nosec tag.
- if foundDefaultTag {
- comment = strings.SplitN(comment, noSecDefaultTag, 2)[1]
- } else {
- comment = strings.SplitN(comment, noSecAlternativeTag, 2)[1]
- }
+ // Discard what's in front of the nosec tag.
+ if foundDefaultTag {
+ comment = strings.SplitN(comment, noSecDefaultTag, 2)[1]
+ } else {
+ comment = strings.SplitN(comment, noSecAlternativeTag, 2)[1]
+ }
- // Extract the directive and the justification.
- justification := ""
- commentParts := regexp.MustCompile(`-{2,}`).Split(comment, 2)
- directive := commentParts[0]
- if len(commentParts) > 1 {
- justification = strings.TrimSpace(strings.TrimRight(commentParts[1], "\n"))
- }
+ // Extract the directive and the justification.
+ justification := ""
+ commentParts := regexp.MustCompile(`-{2,}`).Split(comment, 2)
+ directive := commentParts[0]
+ if len(commentParts) > 1 {
+ justification = strings.TrimSpace(strings.TrimRight(commentParts[1], "\n"))
+ }
- // Pull out the specific rules that are listed to be ignored.
- re := regexp.MustCompile(`(G\d{3})`)
- matches := re.FindAllStringSubmatch(directive, -1)
+ // Pull out the specific rules that are listed to be ignored.
+ re := regexp.MustCompile(`(G\d{3})`)
+ matches := re.FindAllStringSubmatch(directive, -1)
- suppression := issue.SuppressionInfo{
- Kind: "inSource",
- Justification: justification,
- }
+ suppression := issue.SuppressionInfo{
+ Kind: "inSource",
+ Justification: justification,
+ }
- // Find the rule IDs to ignore.
- ignores := make(map[string]issue.SuppressionInfo)
- for _, v := range matches {
- ignores[v[1]] = suppression
- }
+ // Find the rule IDs to ignore.
+ ignores := make(map[string]issue.SuppressionInfo)
+ for _, v := range matches {
+ ignores[v[1]] = suppression
+ }
- // If no specific rules were given, ignore everything.
- if len(matches) == 0 {
- ignores[aliasOfAllRules] = suppression
- }
- return ignores
+ // If no specific rules were given, ignore everything.
+ if len(matches) == 0 {
+ ignores[aliasOfAllRules] = suppression
}
+ return ignores
}
}
return nil
diff --git a/analyzer_test.go b/analyzer_test.go
index 153bc27525..00c7cc4e7d 100644
--- a/analyzer_test.go
+++ b/analyzer_test.go
@@ -16,6 +16,7 @@ package gosec_test
import (
"errors"
+ "go/build"
"log"
"regexp"
"strings"
@@ -1311,7 +1312,10 @@ var _ = Describe("Analyzer", func() {
Context("when appending errors", func() {
It("should skip error for non-buildable packages", func() {
- analyzer.AppendError("test", errors.New(`loading file from package "pkg/test": no buildable Go source files in pkg/test`))
+ err := &build.NoGoError{
+ Dir: "pkg/test",
+ }
+ analyzer.AppendError("test", err)
_, _, errors := analyzer.Report()
Expect(errors).To(BeEmpty())
})
diff --git a/autofix/ai_test.go b/autofix/ai_test.go
index beb715a6ac..4fac6bf7b0 100644
--- a/autofix/ai_test.go
+++ b/autofix/ai_test.go
@@ -7,6 +7,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
+ "github.com/stretchr/testify/require"
"github.com/securego/gosec/v2/issue"
)
@@ -44,17 +45,16 @@ func TestGenerateSolutionByGemini_Success(t *testing.T) {
mockClient := new(MockGenAIClient)
mockModel := new(MockGenAIGenerativeModel)
- mockClient.On("GenerativeModel", GeminiModel).Return(mockModel)
- mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("Autofix for issue 1", nil)
+ mockClient.On("GenerativeModel", GeminiModel).Return(mockModel).Once()
+ mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("Autofix for issue 1", nil).Once()
// Act
err := generateSolutionByGemini(mockClient, issues)
// Assert
- assert.NoError(t, err)
- assert.Equal(t, "Autofix for issue 1", issues[0].Autofix)
- mockClient.AssertExpectations(t)
- mockModel.AssertExpectations(t)
+ require.NoError(t, err)
+ assert.Equal(t, []*issue.Issue{{What: "Example issue 1", Autofix: "Autofix for issue 1"}}, issues)
+ mock.AssertExpectationsForObjects(t, mockClient, mockModel)
}
func TestGenerateSolutionByGemini_NoCandidates(t *testing.T) {
@@ -65,17 +65,15 @@ func TestGenerateSolutionByGemini_NoCandidates(t *testing.T) {
mockClient := new(MockGenAIClient)
mockModel := new(MockGenAIGenerativeModel)
- mockClient.On("GenerativeModel", GeminiModel).Return(mockModel)
- mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("", nil)
+ mockClient.On("GenerativeModel", GeminiModel).Return(mockModel).Once()
+ mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("", nil).Once()
// Act
err := generateSolutionByGemini(mockClient, issues)
// Assert
- assert.Error(t, err)
- assert.Equal(t, "no autofix returned by gemini", err.Error())
- mockClient.AssertExpectations(t)
- mockModel.AssertExpectations(t)
+ require.EqualError(t, err, "no autofix returned by gemini")
+ mock.AssertExpectationsForObjects(t, mockClient, mockModel)
}
func TestGenerateSolutionByGemini_APIError(t *testing.T) {
@@ -86,17 +84,15 @@ func TestGenerateSolutionByGemini_APIError(t *testing.T) {
mockClient := new(MockGenAIClient)
mockModel := new(MockGenAIGenerativeModel)
- mockClient.On("GenerativeModel", GeminiModel).Return(mockModel)
- mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("", errors.New("API error"))
+ mockClient.On("GenerativeModel", GeminiModel).Return(mockModel).Once()
+ mockModel.On("GenerateContent", mock.Anything, mock.Anything).Return("", errors.New("API error")).Once()
// Act
err := generateSolutionByGemini(mockClient, issues)
// Assert
- assert.Error(t, err)
- assert.Equal(t, "generating autofix with gemini: API error", err.Error())
- mockClient.AssertExpectations(t)
- mockModel.AssertExpectations(t)
+ require.EqualError(t, err, "generating autofix with gemini: API error")
+ mock.AssertExpectationsForObjects(t, mockClient, mockModel)
}
func TestGenerateSolution_UnsupportedProvider(t *testing.T) {
@@ -109,6 +105,5 @@ func TestGenerateSolution_UnsupportedProvider(t *testing.T) {
err := GenerateSolution("unsupported-provider", "test-api-key", "", issues)
// Assert
- assert.Error(t, err)
- assert.Equal(t, "ai provider not supported", err.Error())
+ require.EqualError(t, err, "ai provider not supported")
}
diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
index 5a3121e0b6..211cff02b3 100644
--- a/cmd/gosec/main.go
+++ b/cmd/gosec/main.go
@@ -157,10 +157,10 @@ var (
flagAiApiProvider = flag.String("ai-api-provider", "", "AI API provider to generate auto fixes to issues.\nValid options are: gemini")
// key to implementing AI provider services
- flagAiApiKey = flag.String("ai-api-key", "", "key to access the AI API")
+ flagAiApiKey = flag.String("ai-api-key", "", "Key to access the AI API")
// endpoint to the AI provider
- flagAiEndpoint = flag.String("ai-endpoint", "", "endpoint AI API.\nThis is optional, the default API endpoint will be used when not provided.")
+ flagAiEndpoint = flag.String("ai-endpoint", "", "Endpoint AI API.\nThis is optional, the default API endpoint will be used when not provided.")
// exclude the folders from scan
flagDirsExclude arrayFlags
diff --git a/cmd/gosec/sort_issues.go b/cmd/gosec/sort_issues.go
index 04c1d3dc5e..c155cbf697 100644
--- a/cmd/gosec/sort_issues.go
+++ b/cmd/gosec/sort_issues.go
@@ -1,7 +1,8 @@
package main
import (
- "sort"
+ "cmp"
+ "slices"
"strconv"
"strings"
@@ -14,26 +15,14 @@ func extractLineNumber(s string) int {
return lineNumber
}
-type sortBySeverity []*issue.Issue
-
-func (s sortBySeverity) Len() int { return len(s) }
-
-func (s sortBySeverity) Less(i, j int) bool {
- if s[i].Severity == s[j].Severity {
- if s[i].What == s[j].What {
- if s[i].File == s[j].File {
- return extractLineNumber(s[i].Line) > extractLineNumber(s[j].Line)
- }
- return s[i].File > s[j].File
- }
- return s[i].What > s[j].What
- }
- return s[i].Severity > s[j].Severity
-}
-
-func (s sortBySeverity) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
// sortIssues sorts the issues by severity in descending order
func sortIssues(issues []*issue.Issue) {
- sort.Sort(sortBySeverity(issues))
+ slices.SortFunc(issues, func(i, j *issue.Issue) int {
+ return -cmp.Or(
+ cmp.Compare(i.Severity, j.Severity),
+ cmp.Compare(i.What, j.What),
+ cmp.Compare(i.File, j.File),
+ cmp.Compare(extractLineNumber(i.Line), extractLineNumber(j.Line)),
+ )
+ })
}
diff --git a/go.mod b/go.mod
index 84f41e7543..3fb5b0af7b 100644
--- a/go.mod
+++ b/go.mod
@@ -7,22 +7,22 @@ require (
github.com/gookit/color v1.5.4
github.com/lib/pq v1.10.9
github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5
- github.com/onsi/ginkgo/v2 v2.22.0
- github.com/onsi/gomega v1.36.1
+ github.com/onsi/ginkgo/v2 v2.22.2
+ github.com/onsi/gomega v1.36.2
github.com/stretchr/testify v1.10.0
golang.org/x/crypto v0.31.0
golang.org/x/text v0.21.0
golang.org/x/tools v0.28.0
- google.golang.org/api v0.211.0
+ google.golang.org/api v0.214.0
gopkg.in/yaml.v3 v3.0.1
)
require (
cloud.google.com/go v0.116.0 // indirect
cloud.google.com/go/ai v0.8.0 // indirect
- cloud.google.com/go/auth v0.12.1 // indirect
+ cloud.google.com/go/auth v0.13.0 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
- cloud.google.com/go/compute/metadata v0.5.2 // indirect
+ cloud.google.com/go/compute/metadata v0.6.0 // indirect
cloud.google.com/go/longrunning v0.5.7 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -30,7 +30,7 @@ require (
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/google/go-cmp v0.6.0 // indirect
- github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
+ github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
github.com/google/s2a-go v0.1.8 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
github.com/googleapis/gax-go/v2 v2.14.0 // indirect
@@ -43,15 +43,15 @@ require (
go.opentelemetry.io/otel/metric v1.29.0 // indirect
go.opentelemetry.io/otel/trace v1.29.0 // indirect
golang.org/x/mod v0.22.0 // indirect
- golang.org/x/net v0.32.0 // indirect
+ golang.org/x/net v0.33.0 // indirect
golang.org/x/oauth2 v0.24.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
golang.org/x/time v0.8.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
google.golang.org/grpc v1.67.1 // indirect
- google.golang.org/protobuf v1.35.2 // indirect
+ google.golang.org/protobuf v1.36.1 // indirect
)
go 1.22.0
diff --git a/go.sum b/go.sum
index 4cb533b43d..8c585a2b13 100644
--- a/go.sum
+++ b/go.sum
@@ -17,8 +17,8 @@ cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
cloud.google.com/go/ai v0.8.0 h1:rXUEz8Wp2OlrM8r1bfmpF2+VKqc1VJpafE3HgzRnD/w=
cloud.google.com/go/ai v0.8.0/go.mod h1:t3Dfk4cM61sytiggo2UyGsDVW3RF1qGZaUKDrZFyqkE=
-cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4=
-cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4=
+cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs=
+cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q=
cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
@@ -27,8 +27,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
-cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
+cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=
@@ -177,8 +177,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
@@ -286,11 +286,11 @@ github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXW
github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
-github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU=
+github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
-github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
+github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
@@ -468,8 +468,8 @@ golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -614,8 +614,8 @@ google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/
google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg=
-google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0=
+google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA=
+google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -656,8 +656,8 @@ google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20200707001353-8e8330bf89df/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -684,8 +684,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
-google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
+google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/report/html/template.html b/report/html/template.html
index 064379c8ba..5e168c4dec 100644
--- a/report/html/template.html
+++ b/report/html/template.html
@@ -4,10 +4,10 @@
Golang Security Checker
-
-
-
-
+
+
+
+
diff --git a/rules/errors.go b/rules/errors.go
index d31248ccb4..2786426557 100644
--- a/rules/errors.go
+++ b/rules/errors.go
@@ -105,7 +105,7 @@ func NewNoErrorCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
ID: id,
Severity: issue.Low,
Confidence: issue.High,
- What: "Errors unhandled.",
+ What: "Errors unhandled",
},
whitelist: whitelist,
}, []ast.Node{(*ast.AssignStmt)(nil), (*ast.ExprStmt)(nil)}
diff --git a/rules/implicit_aliasing.go b/rules/implicit_aliasing.go
index 75de4ed8cf..ee2358c766 100644
--- a/rules/implicit_aliasing.go
+++ b/rules/implicit_aliasing.go
@@ -47,7 +47,7 @@ func doGetIdentExpr(expr ast.Expr, hasSelector bool) (*ast.Ident, bool) {
}
func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
- // This rule does not apply for Go 1.22, see https://tip.golang.org/doc/go1.22#language.
+ // This rule does not apply for Go 1.22, see https://go.dev/doc/go1.22#language.
major, minor, _ := gosec.GoVersion()
if major >= 1 && minor >= 22 {
return nil, nil
diff --git a/testutils/g402_samples.go b/testutils/g402_samples.go
index 5673a0bcef..8fd01dd5a8 100644
--- a/testutils/g402_samples.go
+++ b/testutils/g402_samples.go
@@ -20,7 +20,7 @@ func main() {
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -54,7 +54,7 @@ func main() {
TLSClientConfig: &tls.Config{MinVersion: 0},
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -164,7 +164,7 @@ func main() {
TLSClientConfig: &tls.Config{MinVersion: theValue},
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -185,7 +185,7 @@ func main() {
TLSClientConfig: &tls.Config{MaxVersion: 0},
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -211,7 +211,7 @@ func main() {
},
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}
@@ -230,12 +230,12 @@ import (
func main() {
tr := &http.Transport{
TLSClientConfig: &tls.Config{
- MaxVersion: 0,
+ MaxVersion: 0,
MinVersion: tls.VersionTLS13,
},
}
client := &http.Client{Transport: tr}
- _, err := client.Get("https://golang.org/")
+ _, err := client.Get("https://go.dev/")
if err != nil {
fmt.Println(err)
}