SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for gosec-2.21.4-lp160.39.1.x86_64.rpm :

* Thu Sep 26 2024 felix.niederwangerAATTsuse.de- Update to version 2.21.4:
* Update the gosec to v2.21.4 in the Github action
* Add the version into goreleaser config
* chore(deps): update module google.golang.org/api to v0.198.0 (#1233)
* Prevent panic: unexpected constant value: (#1232)
* Fix running single analyzer which isn\'t a rule bug (#1231)
* Wed Sep 18 2024 felix.niederwangerAATTsuse.de- Update to version 2.21.3:
* Update gosec version to v2.21.3 in github action (#1227)
* Populate the fixes only when autofix is not empty (#1226)
* chore(deps): update all dependencies (#1223)
* G115 Struct Attribute Checks (#1221)
* Tue Sep 10 2024 felix.niederwangerAATTsuse.de- Update to version 2.21.2:
* Update the github action to v2.21.2 (#1218)
* Update the SARIF schema URL (#1217)
* Update go version to 1.23.1 and 1.22.7 (#1216)
* chore(deps): update all dependencies (#1215)
* Update gosec version to v2.21.1 in github action (#1213)
* Rollback the SARIF version to 2.1 since github doesn\'t support 2.2 (#1210)
* Update gosec in github action to v2.21.0 (#1208)
* Update cosign version to v2.4.0 in release github workflow (#1207)
* Improvement the int conversion overflow logic to handle bound checks (#1194)
* fix: G602 support for nested conditionals with bounds check (#1201)
* Update go.mod to sue go 1.22.0 toolchain
* chore(deps): update all dependencies
* Make variable name more clear
* Make variable names more explicity and reduce duplications
* Fix formatting
* Refactor to reduce some fuctions and variable names
* Pass the value argument directly since is an interface
* Added suggested changes
* Added another test case in order to increase code coverage
* Removed function parameter which is always the same
* Formatting problems(CI was not passing)
* Updated analyzer to use new way of initialization
* Migrated the rule to the analyzers folder
* Refractored code a little bit
* Added new rule G407(hardcoded IV/nonce)
* Fix conversion overflow false positive when using ParseUint
* Add a build step to measure the scan perfomance
* Fix conversion overflow false positives when they are checked or pre-determined
* Update go.mod
* chore(deps): update all dependencies
* Fix false positive in conversion overflow check from uint8/int8 type
* Disable staticcheck SA1019 rule
* Update the golangci linters
* Add more test to cover more use cases for G115 rule
* Allow excluding analyzers globally (#1180)
* Update to Go 1.23.0 (#1183)
* chore(deps): update all dependencies (#1182)
* Read the AI API key also from an environment variable (#1181)
* Add support to generate auto fixes using LLM (AI) (#1177)
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update dependency babel-standalone to v7.24.10
* Resolve underlying type to detect overflows in type aliases
* chore(deps): update dependency babel-standalone to v7.24.8
* Fix multifile ignores
* Add -enable-audit cli flag
* Update to go 1.22.5 and 1.21.12
* chore(deps): update all dependencies
* Added more rules
* Fixed coverage workflow
* Fixed CI workflow
* Minor changes
* Split the G401 rule into two separate ones
* Updated G401 corresponding CWE
* chore(deps): update docker/build-push-action action to v6
* Update to go versions to 1.21.11 and 1.22.4
* chore(deps): update all dependencies
* Fix nosec when applied to a block
* Add more types to templates rule
* Map the G115 rule to an CWE ID
* chore(deps): update all dependencies
* Update README with G115 rule description
* Remove deprecated megacheck linter from golangci
* Format imports
* Update .gitignore
* Add a new rule to detect integer overflow on integer types conversion
* feat: add env var to override the Go version detection
* Use the proper logic when disabling the go module version
* Update the README with some details related to Go version used by the rules
* Add an environment varialbe which disables the parsing of Go version from module file
* chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
* Thu May 16 2024 felix.niederwangerAATTsuse.de- Update to version 2.20.0:
* Update docker image in action to v2.20.0
* Catch os.ModePerm permissions in os.WriteFile
* Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
* Add filepath.EvalSymlinks to clean functions in rule G304
* chore(deps): update all dependencies
* Update Go to version 2.22.3 in CI and release
* chore(deps): update module golang.org/x/text to v0.15.0
* chore(deps): update all dependencies
* chore(deps): update module github.com/onsi/gomega to v1.33.0
* Update to go 1.22.2
* chore(deps): update all dependencies
* chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
* chore(deps): update all dependencies
* fix(helpers/goversion): get from go.mod
* chore: fix function name
* chore(deps): update all dependencies
* Format the imports using the gci tool
* Fixup: delete unused variable
* Fix test: update test to comply with the spec of generated sources
* Refactor: use standard function to check if a file is generated
* Fix lint warnings
* Add support for math/rand/v2 added in Go 1.22
* Skip the G601 tests for Go version 1.22
* Update go version to 1.22.1 and 1.21.8
* Ignore \'implicit memory aliasing\' rule for Go 1.22+
* chore(deps): update all dependencies
* chore(deps): update module golang.org/x/tools to v0.18.0
* fix(hardcoded): remove duplicated `Stripe API Key`
* Tue Feb 13 2024 felix.niederwangerAATTsuse.de- Update to version 2.19.0:
* Update gosec version to v2.19.0 in the Github action
* Update CI to go version 1.22
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update all dependencies
* chore(deps): update dependency babel-standalone to v7.23.7
* chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update all dependencies
* chore(deps): update actions/setup-go action to v5
* Fix lint warnings by properly formatting the files
* chore: Refactor Sample Code to Separate Files
* Update go version to 1.21.5 and 1.20.12 (#1084)
* chore(deps): update all dependencies (#1080)
* Ignore the issues from generated files when using the analysis framework (#1079)
* Update README with upload-sarif v2 (#1078)
* chore(deps): update dependency babel-standalone to v7.23.4
* Sat Nov 25 2023 Dirk Müller - update to 2.18.2:
* Disable dot-imports in revive linter
* Run the gosec with data race detector active during tests
* Fix data race in the analyzer
* Fix test that checks the overriden nosec directive
* Clean global state in flgs tests
* Format the file
* Update README with details which describe the current of #nosec
* Ensure the ignores are parsed before analysing the package
* Sat Nov 25 2023 dmuellerAATTsuse.com- Update to version 2.18.2:
* Added ppc64le support
* chore(deps): update all dependencies
* Ensure ignores are handled properly for multi-line issues
* Update Go to version 1.21.4 and 1.20.11
* chore(deps): update module golang.org/x/text to v0.14.0
* chore(deps): update all dependencies
* Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
* Avoid allocations with `(
*regexp.Regexp).MatchString`
* Fix some typos
* Update local installation instructions by removing the details for Go 1.16
* Tue Oct 17 2023 felix.niederwangerAATTsuse.de- Update to version 2.18.1:
* chore(deps): update all dependencies
* Update gosec to version 2.18.1 in the action
* Update cosign version to v2.2.0
* Refactor how ignored issues are tracked
* Restrict the maximum depth when tracking the slice bounds
* Handle empty ssa results
* Handle gracefully any panic that occurs when building the SSA representation of a package
* Fix typo
* Handle new function when getting the call info in case is overriden
* Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
* Update to Go 1.21.3 and 1.20.10 (#1035)
* Update the list of unsafe functions detected by the unsafe rule (#1033)
* Mon Oct 09 2023 Jeff Kowalczyk - Packaging improvements:
* Summary and Description clarify the purpose of this CLI tool
* Use Group: Development/Languages/Go instead of Other
* Drop BuildRequires: golang-packaging. The recommended Go toolchain dependency is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go
* Drop Requires: golang-packaging. The original macros for file movements into GOPATH are obsolete with Go modules. Macro go_nostrip is no longer needed with current binutils and Go.
* Remove %%{go_nostrip} macro which is no longer recommended
* Mon Oct 09 2023 felix.niederwangerAATTsuse.com- Update to version 2.18.0:
* Update the action to use gosec version v2.18.0 (#1029)
* Use a step ID in github release action to get the digest of the image (#1028)
* Update to go version 1.21.2 and 1.20.9 (#1027)
* chore(deps): update all dependencies (#1026)
* Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
* Fix typos in struct fields, comments, and docs (#1023)
* chore(deps): update all dependencies
* Fix lint warning
* Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
* Fix lint warnings
* Update ginkgo to latest version
* Redesign and reimplement the slice out of bounds check using SSA code representation
* docs: add reMarkable to users list
* chore(deps): update all dependencies
* Drop support for go 1.19.x since go team doesn\'t ship anymore security fixes for it
* Update to latest go version
* chore(deps): update all dependencies (#1011)
* Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
* chore(deps): update all dependencies (#1008)
* Exclude maps from slince bounce check rule (#1006)
* Ignore struct pointers in G601 (#1003)
* Update gosec image version to 2.17.0 in the Github action (#1002)- Packaging improvements:
* Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20. The go metapackage points to a single go version that increments at a date TBD after each go1.x major release. The expression golang(API) is available immediately upon each go1.x major release and is stable for expressing the minimum version or a temporarily pinned version.
* Thu Aug 17 2023 Felix Niederwanger felix.niederwangerAATTsuse.com- Update to version 2.17.0:
* Update cosign to version v2.1.1 (#1000)
* Enable go 1.21.0 in the CI build (#998)
* chore(deps): update all dependencies (#997)
* Update to go version 1.20.7 and 1.19.12 (#993)
* chore(deps): update all dependencies (#992)
* chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
* fix: correctly identify infixed concats as potential SQL injections (#987)
* chore(deps): update all dependencies (#989)
* Add a new flag terse to show only the results and summary (#986)
* Switch to a maintained fork of zxcvbn module (#984)
* Fri Aug 04 2023 Felix Niederwanger - Require go 1.20
* Tue May 23 2023 Felix Niederwanger - Update to version 2.16.0
* Update cosign to latest version in release Github action
* chore(deps): update all dependencies
* Update go version in build and release scripts
* chore(deps): update all dependencies
* Update Go version to 1.20.3
* chore(deps): update all dependencies
* Fix for Dockerfile smell DL3059
* README: upgrade GitHub action in examples
* enable ginkgolinter linter
* chore(deps): update all dependencies
* correct gci linter
* remove deprecated linters
* increase timeout to 5m
* chore(deps): update all dependencies
* Use the latest version
* Fix some linting warnings
* Fix lint warning
* Bump the go versions and golanci
* chore(deps): update all dependencies
* Check nil pointer when variable is declared in a different file
* fix dead link to issue.go in README.md
* Remove rule G307 which checks when an error is not handled when a file or socket connection is closed
* Fix rule index reference into sarif report
* Bump golang.org/x/net from 0.6.0 to 0.7.0
* Format file
* Use the gosec issue in the go analysers
* Fix file formatting
* Update Go version in CI builds
* Fix method name in the comment
* Extract the issue in its own package
* Add support for Go analysis framework and SSA code representation
* chore(deps): update all dependencies
* Remove the version form ci github action
* Pin github action to latest release version 2.15.0
* Revert the image tag in github action until a working solution is found
* Fix version interpolation in github action image
* Add gosec version as an input parameter to GitHub action
* Update release build script
* Mon Feb 06 2023 Felix Niederwanger
* Update to version 2.15.0- Fix dependencies after renovate update- chore(deps): update all dependencies (#922)- Update to Go 1.20 and fix unit tests (#923)- Update Go to latest version (#920)- Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)- Fix github latest URL (#918)- Fix github release url (#916)- chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)- Update Go version in CI script (#913)- Track back when a file path was sanitized with filepath.Clean (#912)- Fix the TLS config rule when parsing the settings from a variable (#911)- Fix build after updating the dependencies (#910)- chore(deps): update all dependencies (#909)- Fix dependencies after renovate update (#907)- chore(deps): update all dependencies (#906)- Update slack badge and link (#905)- Auto-detect TLS MinVersion integer base (#903)- Adding s390x support (#902)- chore(deps): update all dependencies (#904)- chore(deps): update all dependencies (#898)- Additional types for bad defer check (#897)- chore(deps): update all dependencies (#894)- chore(deps): update all dependencies (#892)- Update Go version in CI scripts (#889)- chore(deps): update all dependencies (#888)- Allow to override build date with SOURCE_DATE_EPOCH (#887)- chore(deps): update all dependencies (#886)- chore(deps): update all dependencies (#884)- fileperms: bitwise permission comparison (#883)
* Mon Dec 12 2022 Felix Niederwanger - Switch OBS source service from tar_scm to obs_scm.
* Embed version info with go build arg GIT_TAG=\"v%{version}\"
* _service obs_scm switch from tar_scm
* _service obs_scm switch param revision (branch) to version (tag)
* _service tar set to buildtime
* _service recompress set to buildtime
* _service recompress change tar compression from gz to xz
* Mon Oct 17 2022 Felix Niederwanger
* Update to versin 2.14.0- Pin release build to Go version 1.19.2 (#882)- Refactor to support duplicate imports with different aliases (#865)- chore(deps): update all dependencies (#881)- go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)- Update Go version to 1.19 in the makefile (#876)- chore(deps): update all dependencies (#875)- Add CWE-676 to cwe mapping (#874)- chore(deps): update all dependencies (#872)- Add a way to use private repositories on GitHub (#869)- chore(deps): update all dependencies (#868)- Check go version when installing govulncheck- Check go version when running govulncheck- Add vulncheck to the test steps- chore(deps): update all dependencies- Fix false positives for G404 with aliased packages- chore(deps): update all dependencies- chore(deps): update all dependencies- fix: add a CWE ID mapping to rule G114- chore(deps): update golang.org/x/crypto digest to bc19a97
* Mon Aug 22 2022 Felix Niederwanger
* Update to version 2.13.1- fix: make sure that nil Cwe pointer is handled when getting the CWE ID- test: remove white spaces from template- fix: handle nil CWE pointer in text template
* Update to version 2.13.0- chore(deps): update dependency babel-standalone to v7- chore: update module go to 1.19- chore: fix lint warnings- chore: add support for Go 1.19- fix: parsing of the Go version (#844)- Detect use of net/http functions that have no support for setting timeouts (#842)- Refactor SQL rules for better extensibility (#841)- chore(deps): update module golang.org/x/tools to v0.1.12 (#840)- Fix lint warning- Check the suppressed issues when generating the exit code- Fix for G402. Check package path instead of package name (#838)- fix G204 bugs (#835)- Phase out support for Go 1.16 since is not supported anymore by Go team (#837)- chore(deps): update all dependencies (#836)- chore(deps): update dependency highlight.js to v11.6.0 (#830)- fix: filepaths with git anywhere in them being erroneously excluded (#828)- Fix wrong location for G109 (#829)- chore(deps): update golang.org/x/crypto digest to 0559593 (#826)- fix ReadTimeout for G112 rule- Pin cosign-installer to v2 (#824)
* Update to version 2.12.0- chore(deps): update all dependencies (#822)- Add check for usage of Rat.SetString in math/big with an overflow error (#819)- Remove additional --update for apk in Dockerfile (#818)- Update x/tools to pick up fix for golang/go#51629 (#817)- chore(deps): update all dependencies (#816)- chore(deps): update all dependencies (#812)- chore(deps): update all dependencies (#811)- Add new rule for Slowloris Attack- Fix the dependencies after renovate upate (#806)- chore(deps): update all dependencies (#805)- Update the description message of template rule (#803)- Fix typo in ReadMe (#802)- Fix build after renovate update (#800)- Fix use rule IDs to retrieve the rule config- chore(deps): update all dependencies (#796)
* Tue Mar 22 2022 Felix Niederwanger
* Update to version 2.11.0- Enable Go 1.18 in the ci and release workflows- Fix the lint action after upgrade (#790)- chore(deps): update all dependencies (#789)- Add a recursive flag -r to skip specifying ./... path- Adds directory traversal for Http.Dir(\"/\")
* Wed Mar 02 2022 Felix Niederwanger
* Update to version 2.10.0:- Extend the release action to sign the docker image and binary files with cosign (#781)- feat: add concurrency option to parallelize package loading (#778)- chore(deps): update all dependencies- Process the code snippet before adding it to the SARIF report- Updated sponsor link in README.md- chore(deps): update golang.org/x/crypto commit hash to 30dcbda- chore(deps): update all dependencies- Use the CWE name as a name in the SARIF report- chore(deps): update all dependencies (#771)- Resolve the TLS min version when is declarted in the same package but in a different file- Add a test for tls min version defined in a different file- chore(deps): update all dependencies (#765)
* Fri Jan 21 2022 Felix Niederwanger
* Update to version 2.9.6:- Add db.Exec and db.Prepare to the sql rule (#763)- chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)- Add os.Create to the readfile rule (#761)- Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)- chore(deps): update dependency highlight.js to v11.4.0 (#758)- Fix false negatives for SQL injection in multi-line queries- Find G303 with filepath.Join\'d temp dirs (#754)- Find more tempdirs- build(fmt): use [ instead of [[ (#751)- Update to ginkgo v2 (#753)- Fix #743 (#748)- Handle nil when looking up a file by position into a package (#747)- Add in the config file settings for exclude and include options- chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)- Track both #nosec and #nosec rulelist for one violation (#741)- Add the sponsors section in the README file (#740)- Remove space between // and #nosec in examples and internal use
* Fri Jan 14 2022 Felix Niederwanger - Add position-independent executable to compiler flags
* Fri Jan 14 2022 Felix Niederwanger - Add version 2.9.5
  
ICM