Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version output is "empty" #323

Closed
lazize opened this issue Jun 6, 2019 · 4 comments · Fixed by #491
Closed

Version output is "empty" #323

lazize opened this issue Jun 6, 2019 · 4 comments · Fixed by #491
Labels
enhancement help wanted

Comments

@lazize
Copy link

lazize commented Jun 6, 2019

Summary

Steps to reproduce the behavior

Run the command: gosec -version

gosec version

This is the issue!

Go version (output of 'go version')

go version go1.12.1 linux/amd64

Operating system / Environment

$ cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=19.04
DISTRIB_CODENAME=disco
DISTRIB_DESCRIPTION="Ubuntu 19.04"
NAME="Ubuntu"
VERSION="19.04 (Disco Dingo)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 19.04"
VERSION_ID="19.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=disco
UBUNTU_CODENAME=disco

Expected behavior

Something like this:

VERSION: 1.0.0
GIT TAG: 1.0.0
BUILD DATE: 2018-04-27T12:41:38Z

Actual behavior

$ gosec -version
Version: 
Git tag: 
Build date:
@gcmurphy
Copy link
Member

gcmurphy commented Jun 6, 2019

I think this could be due to how gosec was installed for you. Did you install via a go get?

If you install via the official release I think this information is populated.

▶ wget https://github.com/securego/gosec/releases/download/2.0.0/gosec_2.0.0_darwin_amd64.tar.gz                                                                                 
▶ tar xf gosec_2.0.0_darwin_amd64.tar.gz wget 
▶ ./gosec 

gosec - Golang security checker

gosec analyzes Go source code to look for common programming mistakes that
can lead to security problems.

VERSION: 2.0.0
GIT TAG: 2.0.0
BUILD DATE: 2019-05-02T15:22:02Z

We should look at updating the docs around installation and releases. Also try to fix for the go get case if possible.

@lazize
Copy link
Author

lazize commented Jun 7, 2019

Yes, I installed it via go get.

@ccojocar
Copy link
Member

This version information is available only for an official release, because it gets updated by the gorelease tool.

go get installs always the latest version from master. I am not sure if we want to hard-code this into the version.

@gcmurphy
Copy link
Member

gcmurphy commented Jul 9, 2019

We could investigate leveraging runtime/debug to embed some build information

// the Sum for the main module is empty here unfortunately and the version shows as (devel)
if info, ok := debug.ReadBuildInfo(); ok {
    // could still print out main module dependencies + version
    for _, dep := range info.Deps {
         fmt.Printf("%s: %s %s\n", dep.Sum, dep.Path, dep.Version)
    }
}

For the current SHA1 we most likely have to wait for the following to land:

golang/go#29814

@ccojocar ccojocar mentioned this issue Jun 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
3 participants
@gcmurphy @ccojocar @lazize