Skip to content

Commit

Permalink
build(deps): bump github.com/securego/gosec/v2 from 2.15.0 to 2.16.0 (#…
Browse files Browse the repository at this point in the history 
…3843)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
  • Loading branch information
@dependabot @ldez
dependabot[bot] and ldez committed May 21, 2023
1 parent 6fffff0 commit 8bbb655
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 19 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ require (
github.com/sanposhiho/wastedassign/v2 v2.0.7
github.com/sashamelentyev/interfacebloat v1.1.0
github.com/sashamelentyev/usestdlibvars v1.23.0
github.com/securego/gosec/v2 v2.15.0
github.com/securego/gosec/v2 v2.16.0
github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c
github.com/shirou/gopsutil/v3 v3.23.4
github.com/sirupsen/logrus v1.9.2
Expand Down Expand Up @@ -187,7 +187,7 @@ require (
golang.org/x/mod v0.10.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.7.0 // indirect
golang.org/x/text v0.9.0 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
Expand Down
15 changes: 9 additions & 6 deletions go.sum
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 12 additions & 11 deletions pkg/golinters/gosec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"sync"

"github.com/securego/gosec/v2"
"github.com/securego/gosec/v2/issue"
"github.com/securego/gosec/v2/rules"
"golang.org/x/tools/go/analysis"
"golang.org/x/tools/go/packages"
Expand Down Expand Up @@ -75,7 +76,7 @@ func runGoSec(lintCtx *linter.Context, pass *analysis.Pass, settings *config.GoS
TypesInfo: pass.TypesInfo,
}

analyzer.Check(pkg)
analyzer.CheckRules(pkg)

secIssues, _, _ := analyzer.Report()
if len(secIssues) == 0 {
Expand Down Expand Up @@ -176,27 +177,27 @@ func gosecRuleFilters(includes, excludes []string) []rules.RuleFilter {
}

// code borrowed from https://github.com/securego/gosec/blob/69213955dacfd560562e780f723486ef1ca6d486/cmd/gosec/main.go#L250-L262
func convertToScore(str string) (gosec.Score, error) {
func convertToScore(str string) (issue.Score, error) {
str = strings.ToLower(str)
switch str {
case "", "low":
return gosec.Low, nil
return issue.Low, nil
case "medium":
return gosec.Medium, nil
return issue.Medium, nil
case "high":
return gosec.High, nil
return issue.High, nil
default:
return gosec.Low, fmt.Errorf("'%s' is invalid, use low instead. Valid options: low, medium, high", str)
return issue.Low, fmt.Errorf("'%s' is invalid, use low instead. Valid options: low, medium, high", str)
}
}

// code borrowed from https://github.com/securego/gosec/blob/69213955dacfd560562e780f723486ef1ca6d486/cmd/gosec/main.go#L264-L276
func filterIssues(issues []*gosec.Issue, severity, confidence gosec.Score) []*gosec.Issue {
res := make([]*gosec.Issue, 0)
func filterIssues(issues []*issue.Issue, severity, confidence issue.Score) []*issue.Issue {
res := make([]*issue.Issue, 0)

for _, issue := range issues {
if issue.Severity >= severity && issue.Confidence >= confidence {
res = append(res, issue)
for _, i := range issues {
if i.Severity >= severity && i.Confidence >= confidence {
res = append(res, i)
}
}

Expand Down

0 comments on commit 8bbb655

Please sign in to comment.