Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

gosec-2.21.4-lp160.1.2 RPM for ppc64le

From OpenSuSE Leap 16.0 for ppc64le

Name: gosec Distribution: openSUSE Leap 16.0
Version: 2.21.4 Vendor: openSUSE
Release: lp160.1.2 Build date: Thu Sep 26 16:11:23 2024
Group: Development/Languages/Go Build host: reproducible
Size: 23008579 Source RPM: gosec-2.21.4-lp160.1.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/securego/gosec
Summary: CLI tool to scan the Go AST and SSA code representations for security problems
CLI tool to inspect Go source code for security problems by scanning the
abstract syntax tree (AST) and static single-assignment (SSA) code
representations.

Provides

Requires

License

Apache-2.0

Changelog

* Thu Sep 26 2024 felix.niederwanger@suse.de
  - Update to version 2.21.4:
    * Update the gosec to v2.21.4 in the Github action
    * Add the version into goreleaser config
    * chore(deps): update module google.golang.org/api to v0.198.0 (#1233)
    * Prevent panic: unexpected constant value: <nil> (#1232)
    * Fix running single analyzer which isn't a rule bug (#1231)
* Wed Sep 18 2024 felix.niederwanger@suse.de
  - Update to version 2.21.3:
    * Update gosec version to v2.21.3 in github action (#1227)
    * Populate the fixes only when autofix is not empty (#1226)
    * chore(deps): update all dependencies (#1223)
    * G115 Struct Attribute Checks (#1221)
* Tue Sep 10 2024 felix.niederwanger@suse.de
  - Update to version 2.21.2:
    * Update the github action to v2.21.2 (#1218)
    * Update the SARIF schema URL (#1217)
    * Update go version to 1.23.1 and 1.22.7 (#1216)
    * chore(deps): update all dependencies (#1215)
    * Update gosec version to v2.21.1 in github action (#1213)
    * Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)
    * Update gosec in github action to v2.21.0 (#1208)
    * Update cosign version to v2.4.0 in release github workflow (#1207)
    * Improvement the int conversion overflow logic to handle bound checks (#1194)
    * fix: G602 support for nested conditionals with bounds check (#1201)
    * Update go.mod to sue go 1.22.0 toolchain
    * chore(deps): update all dependencies
    * Make variable name more clear
    * Make variable names more explicity and reduce duplications
    * Fix formatting
    * Refactor to reduce some fuctions and variable names
    * Pass the value argument directly since is an interface
    * Added suggested changes
    * Added another test case in order to increase code coverage
    * Removed function parameter which is always the same
    * Formatting problems(CI was not passing)
    * Updated analyzer to use new way of initialization
    * Migrated the rule to the analyzers folder
    * Refractored code a little bit
    * Added new rule G407(hardcoded IV/nonce)
    * Fix conversion overflow false positive when using ParseUint
    * Add a build step to measure the scan perfomance
    * Fix conversion overflow false positives when they are checked or pre-determined
    * Update go.mod
    * chore(deps): update all dependencies
    * Fix false positive in conversion overflow check from uint8/int8 type
    * Disable staticcheck SA1019 rule
    * Update the golangci linters
    * Add more test to cover more use cases for G115 rule
    * Allow excluding analyzers globally (#1180)
    * Update to Go 1.23.0 (#1183)
    * chore(deps): update all dependencies (#1182)
    * Read the AI API key also from an environment variable (#1181)
    * Add support to generate auto fixes using LLM (AI) (#1177)
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update dependency babel-standalone to v7.24.10
    * Resolve underlying type to detect overflows in type aliases
    * chore(deps): update dependency babel-standalone to v7.24.8
    * Fix multifile ignores
    * Add -enable-audit cli flag
    * Update to go 1.22.5 and 1.21.12
    * chore(deps): update all dependencies
    * Added more rules
    * Fixed coverage workflow
    * Fixed CI workflow
    * Minor changes
    * Split the G401 rule into two separate ones
    * Updated G401 corresponding CWE
    * chore(deps): update docker/build-push-action action to v6
    * Update to go versions to 1.21.11 and 1.22.4
    * chore(deps): update all dependencies
    * Fix nosec when applied to a block
    * Add more types to templates rule
    * Map the G115 rule to an CWE ID
    * chore(deps): update all dependencies
    * Update README with G115 rule description
    * Remove deprecated megacheck linter from golangci
    * Format imports
    * Update .gitignore
    * Add a new rule to detect integer overflow on integer types conversion
    * feat: add env var to override the Go version detection
    * Use the proper logic when disabling the go module version
    * Update the README with some details related to Go version used by the rules
    * Add an environment varialbe which disables the parsing of Go version from module file
    * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
* Thu May 16 2024 felix.niederwanger@suse.de
  - Update to version 2.20.0:
    * Update docker image in action to v2.20.0
    * Catch os.ModePerm permissions in os.WriteFile
    * Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
    * Add filepath.EvalSymlinks to clean functions in rule G304
    * chore(deps): update all dependencies
    * Update Go to version 2.22.3 in CI and release
    * chore(deps): update module golang.org/x/text to v0.15.0
    * chore(deps): update all dependencies
    * chore(deps): update module github.com/onsi/gomega to v1.33.0
    * Update to go 1.22.2
    * chore(deps): update all dependencies
    * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
    * chore(deps): update all dependencies
    * fix(helpers/goversion): get from go.mod
    * chore: fix function name
    * chore(deps): update all dependencies
    * Format the imports using the gci tool
    * Fixup: delete unused variable
    * Fix test: update test to comply with the spec of generated sources
    * Refactor: use standard function to check if a file is generated
    * Fix lint warnings
    * Add support for math/rand/v2 added in Go 1.22
    * Skip the G601 tests for Go version 1.22
    * Update go version to 1.22.1 and 1.21.8
    * Ignore 'implicit memory aliasing' rule for Go 1.22+
    * chore(deps): update all dependencies
    * chore(deps): update module golang.org/x/tools to v0.18.0
    * fix(hardcoded): remove duplicated `Stripe API Key`
* Tue Feb 13 2024 felix.niederwanger@suse.de
  - Update to version 2.19.0:
    * Update gosec version to v2.19.0 in the Github action
    * Update CI to go version 1.22
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update all dependencies
    * chore(deps): update dependency babel-standalone to v7.23.7
    * chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
    * chore(deps): update all dependencies
    * chore(deps): update actions/setup-go action to v5
    * Fix lint warnings by properly formatting the files
    * chore: Refactor Sample Code to Separate Files
    * Update go version to 1.21.5 and 1.20.12 (#1084)
    * chore(deps): update all dependencies (#1080)
    * Ignore the issues from generated files when using the analysis framework (#1079)
    * Update README with upload-sarif v2 (#1078)
    * chore(deps): update dependency babel-standalone to v7.23.4
* Sat Nov 25 2023 Dirk Müller <dmueller@suse.com>
  - update to 2.18.2:
    * Disable dot-imports in revive linter
    * Run the gosec with data race detector active during
      tests
    * Fix data race in the analyzer
    * Fix test that checks the overriden nosec directive
    * Clean global state in flgs tests
    * Format the file
    * Update README with details which describe the current
      of #nosec
    * Ensure the ignores are parsed before analysing the
      package
* Sat Nov 25 2023 dmueller@suse.com
  - Update to version 2.18.2:
    * Added ppc64le support
    * chore(deps): update all dependencies
    * Ensure ignores are handled properly for multi-line issues
    * Update Go to version 1.21.4 and 1.20.11
    * chore(deps): update module golang.org/x/text to v0.14.0
    * chore(deps): update all dependencies
    * Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
    * Avoid allocations with `(*regexp.Regexp).MatchString`
    * Fix some typos
    * Update local installation instructions by removing the details for Go 1.16
* Tue Oct 17 2023 felix.niederwanger@suse.de
  - Update to version 2.18.1:
    * chore(deps): update all dependencies
    * Update gosec to version 2.18.1 in the action
    * Update cosign version to v2.2.0
    * Refactor how ignored issues are tracked
    * Restrict the maximum depth when tracking the slice bounds
    * Handle empty ssa results
    * Handle gracefully any panic that occurs when building the SSA representation of a package
    * Fix typo
    * Handle new function when getting the call info in case is overriden
    * Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
    * Update to Go 1.21.3 and 1.20.10 (#1035)
    * Update the list of unsafe functions detected by the unsafe rule (#1033)
* Mon Oct 09 2023 Jeff Kowalczyk <jkowalczyk@suse.com>
  - Packaging improvements:
    * Summary and Description clarify the purpose of this CLI tool
    * Use Group: Development/Languages/Go instead of Other
    * Drop BuildRequires: golang-packaging. The recommended Go
      toolchain dependency is BuildRequires: golang(API) >= 1.x or
      optionally the metapackage BuildRequires: go
    * Drop Requires: golang-packaging. The original macros for file
      movements into GOPATH are obsolete with Go modules. Macro
      go_nostrip is no longer needed with current binutils and Go.
    * Remove %%{go_nostrip} macro which is no longer recommended
* Mon Oct 09 2023 felix.niederwanger@suse.com
  - Update to version 2.18.0:
    * Update the action to use gosec version v2.18.0 (#1029)
    * Use a step ID in github release action to get the digest of the image (#1028)
    * Update to go version 1.21.2 and 1.20.9 (#1027)
    * chore(deps): update all dependencies (#1026)
    * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
    * Fix typos in struct fields, comments, and docs (#1023)
    * chore(deps): update all dependencies
    * Fix lint warning
    * Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
    * Fix lint warnings
    * Update ginkgo to latest version
    * Redesign and reimplement the slice out of bounds check using SSA code representation
    * docs: add reMarkable to users list
    * chore(deps): update all dependencies
    * Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
    * Update to latest go version
    * chore(deps): update all dependencies (#1011)
    * Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
    * chore(deps): update all dependencies (#1008)
    * Exclude maps from slince bounce check rule (#1006)
    * Ignore struct pointers in G601 (#1003)
    * Update gosec image version to 2.17.0 in the Github action (#1002)
  - Packaging improvements:
    * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
      The go metapackage points to a single go version that
      increments at a date TBD after each go1.x major release. The
      expression golang(API) is available immediately upon each go1.x
      major release and is stable for expressing the minimum version
      or a temporarily pinned version.
* Thu Aug 17 2023 Felix Niederwanger felix.niederwanger@suse.com
  - Update to version 2.17.0:
    * Update cosign to version v2.1.1 (#1000)
    * Enable go 1.21.0 in the CI build (#998)
    * chore(deps): update all dependencies (#997)
    * Update to go version 1.20.7 and 1.19.12 (#993)
    * chore(deps): update all dependencies (#992)
    * chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
    * fix: correctly identify infixed concats as potential SQL injections (#987)
    * chore(deps): update all dependencies (#989)
    * Add a new flag terse to show only the results and summary (#986)
    * Switch to a maintained fork of zxcvbn module (#984)
* Fri Aug 04 2023 Felix Niederwanger <felix.niederwanger@suse.com>
  - Require go 1.20
* Tue May 23 2023 Felix Niederwanger <felix.niederwanger@suse.com>
  - Update to version 2.16.0
    * Update cosign to latest version in release Github action
    * chore(deps): update all dependencies
    * Update go version in build and release scripts
    * chore(deps): update all dependencies
    * Update Go version to 1.20.3
    * chore(deps): update all dependencies
    * Fix for Dockerfile smell DL3059
    * README: upgrade GitHub action in examples
    * enable ginkgolinter linter
    * chore(deps): update all dependencies
    * correct gci linter
    * remove deprecated linters
    * increase timeout to 5m
    * chore(deps): update all dependencies
    * Use the latest version
    * Fix some linting warnings
    * Fix lint warning
    * Bump the go versions and golanci
    * chore(deps): update all dependencies
    * Check nil pointer when variable is declared in a different file
    * fix dead link to issue.go in README.md
    * Remove rule G307 which checks when an error is not handled when a file or socket connection is closed
    * Fix rule index reference into sarif report
    * Bump golang.org/x/net from 0.6.0 to 0.7.0
    * Format file
    * Use the gosec issue in the go analysers
    * Fix file formatting
    * Update Go version in CI builds
    * Fix method name in the comment
    * Extract the issue in its own package
    * Add support for Go analysis framework and SSA code representation
    * chore(deps): update all dependencies
    * Remove the version form ci github action
    * Pin github action to latest release version 2.15.0
    * Revert the image tag in github action until a working solution is found
    * Fix version interpolation in github action image
    * Add gosec version as an input parameter to GitHub action
    * Update release build script
* Mon Feb 06 2023 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to version 2.15.0
  - Fix dependencies after renovate update
  - chore(deps): update all dependencies (#922)
  - Update to Go 1.20 and fix unit tests (#923)
  - Update Go to latest version (#920)
  - Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)
  - Fix github latest URL (#918)
  - Fix github release url (#916)
  - chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)
  - Update Go version in CI script (#913)
  - Track back when a file path was sanitized with filepath.Clean (#912)
  - Fix the TLS config rule when parsing the settings from a variable (#911)
  - Fix build after updating the dependencies (#910)
  - chore(deps): update all dependencies (#909)
  - Fix dependencies after renovate update (#907)
  - chore(deps): update all dependencies (#906)
  - Update slack badge and link (#905)
  - Auto-detect TLS MinVersion integer base (#903)
  - Adding s390x support (#902)
  - chore(deps): update all dependencies (#904)
  - chore(deps): update all dependencies (#898)
  - Additional types for bad defer check (#897)
  - chore(deps): update all dependencies (#894)
  - chore(deps): update all dependencies (#892)
  - Update Go version in CI scripts (#889)
  - chore(deps): update all dependencies (#888)
  - Allow to override build date with SOURCE_DATE_EPOCH (#887)
  - chore(deps): update all dependencies (#886)
  - chore(deps): update all dependencies (#884)
  - fileperms: bitwise permission comparison (#883)
* Mon Dec 12 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  - Switch OBS source service from tar_scm to obs_scm.
    * Embed version info with go build arg GIT_TAG="v%{version}"
    * _service obs_scm switch from tar_scm
    * _service obs_scm switch param revision (branch) to version (tag)
    * _service tar set to buildtime
    * _service recompress set to buildtime
    * _service recompress change tar compression from gz to xz
* Mon Oct 17 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to versin 2.14.0
  - Pin release build to Go version 1.19.2 (#882)
  - Refactor to support duplicate imports with different aliases (#865)
  - chore(deps): update all dependencies (#881)
  - go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
  - Update Go version to 1.19 in the makefile (#876)
  - chore(deps): update all dependencies (#875)
  - Add CWE-676 to cwe mapping (#874)
  - chore(deps): update all dependencies (#872)
  - Add a way to use private repositories on GitHub (#869)
  - chore(deps): update all dependencies (#868)
  - Check go version when installing govulncheck
  - Check go version when running govulncheck
  - Add vulncheck to the test steps
  - chore(deps): update all dependencies
  - Fix false positives for G404 with aliased packages
  - chore(deps): update all dependencies
  - chore(deps): update all dependencies
  - fix: add a CWE ID mapping to rule G114
  - chore(deps): update golang.org/x/crypto digest to bc19a97
* Mon Aug 22 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to version 2.13.1
  - fix: make sure that nil Cwe pointer is handled when getting the CWE ID
  - test: remove white spaces from template
  - fix: handle nil CWE pointer in text template
    * Update to version 2.13.0
  - chore(deps): update dependency babel-standalone to v7
  - chore: update module go to 1.19
  - chore: fix lint warnings
  - chore: add support for Go 1.19
  - fix: parsing of the Go version (#844)
  - Detect use of net/http functions that have no support for setting timeouts (#842)
  - Refactor SQL rules for better extensibility (#841)
  - chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
  - Fix lint warning
  - Check the suppressed issues when generating the exit code
  - Fix for G402. Check package path instead of package name (#838)
  - fix G204 bugs (#835)
  - Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
  - chore(deps): update all dependencies (#836)
  - chore(deps): update dependency highlight.js to v11.6.0 (#830)
  - fix: filepaths with git anywhere in them being erroneously excluded (#828)
  - Fix wrong location for G109 (#829)
  - chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
  - fix ReadTimeout for G112 rule
  - Pin cosign-installer to v2 (#824)
    * Update to version 2.12.0
  - chore(deps): update all dependencies (#822)
  - Add check for usage of Rat.SetString in math/big with an overflow error (#819)
  - Remove additional --update for apk in Dockerfile (#818)
  - Update x/tools to pick up fix for golang/go#51629 (#817)
  - chore(deps): update all dependencies (#816)
  - chore(deps): update all dependencies (#812)
  - chore(deps): update all dependencies (#811)
  - Add new rule for Slowloris Attack
  - Fix the dependencies after renovate upate (#806)
  - chore(deps): update all dependencies (#805)
  - Update the description message of template rule (#803)
  - Fix typo in ReadMe (#802)
  - Fix build after renovate update (#800)
  - Fix use rule IDs to retrieve the rule config
  - chore(deps): update all dependencies (#796)
* Tue Mar 22 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to version 2.11.0
  - Enable Go 1.18 in the ci and release workflows
  - Fix the lint action after upgrade (#790)
  - chore(deps): update all dependencies (#789)
  - Add a recursive flag -r to skip specifying ./... path
  - Adds directory traversal for Http.Dir("/")
* Wed Mar 02 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to version 2.10.0:
  - Extend the release action to sign the docker image and binary files with cosign (#781)
  - feat: add concurrency option to parallelize package loading (#778)
  - chore(deps): update all dependencies
  - Process the code snippet before adding it to the SARIF report
  - Updated sponsor link in README.md
  - chore(deps): update golang.org/x/crypto commit hash to 30dcbda
  - chore(deps): update all dependencies
  - Use the CWE name as a name in the SARIF report
  - chore(deps): update all dependencies (#771)
  - Resolve the TLS min version when is declarted in the same package but in a different file
  - Add a test for tls min version defined in a different file
  - chore(deps): update all dependencies (#765)
* Fri Jan 21 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  * Update to version 2.9.6:
  - Add db.Exec and db.Prepare to the sql rule (#763)
  - chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
  - Add os.Create to the readfile rule (#761)
  - Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
  - chore(deps): update dependency highlight.js to v11.4.0 (#758)
  - Fix false negatives for SQL injection in multi-line queries
  - Find G303 with filepath.Join'd temp dirs (#754)
  - Find more tempdirs
  - build(fmt): use [ instead of [[ (#751)
  - Update to ginkgo v2 (#753)
  - Fix #743 (#748)
  - Handle nil when looking up a file by position into a package (#747)
  - Add in the config file settings for exclude and include options
  - chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
  - Track both #nosec and #nosec rulelist for one violation (#741)
  - Add the sponsors section in the README file (#740)
  - Remove space between // and #nosec in examples and internal use
* Fri Jan 14 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  - Add position-independent executable to compiler flags
* Fri Jan 14 2022 Felix Niederwanger <felix.niederwanger@suse.com>
  - Add version 2.9.5

Files

/usr/bin/gosec
/usr/share/doc/packages/gosec
/usr/share/doc/packages/gosec/README.md
/usr/share/licenses/gosec
/usr/share/licenses/gosec/LICENSE.txt


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 20 23:54:22 2024