diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6740b0eb52..6040a238c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,9 +11,9 @@ jobs: strategy: matrix: version: - - go-version: "1.24.10" + - go-version: "1.24.11" golangci: "latest" - - go-version: "1.25.4" + - go-version: "1.25.5" golangci: "latest" runs-on: ubuntu-latest env: @@ -52,7 +52,7 @@ jobs: - name: Setup go uses: actions/setup-go@v6 with: - go-version: "1.25.4" + go-version: "1.25.5" - name: Checkout Source uses: actions/checkout@v6 - uses: actions/cache@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 58a68d95a7..cf153b21cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: "1.25.4" + go-version: "1.25.5" - name: Install Cosign uses: sigstore/cosign-installer@v3 with: diff --git a/analyzer.go b/analyzer.go index 24a2956308..0508bcea6e 100644 --- a/analyzer.go +++ b/analyzer.go @@ -35,6 +35,8 @@ import ( "golang.org/x/tools/go/analysis" "golang.org/x/tools/go/analysis/passes/buildssa" + "golang.org/x/tools/go/analysis/passes/ctrlflow" + "golang.org/x/tools/go/analysis/passes/inspect" "golang.org/x/tools/go/packages" "github.com/securego/gosec/v2/analyzers" @@ -430,7 +432,7 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) { buildssa.Analyzer: &analyzers.SSAAnalyzerResult{ Config: gosec.Config(), Logger: gosec.logger, - SSA: ssaResult.(*buildssa.SSA), + SSA: ssaResult, }, } @@ -491,7 +493,7 @@ func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool { } // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic. -func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) { +func (gosec *Analyzer) buildSSA(pkg *packages.Package) (*buildssa.SSA, error) { defer func() { if r := recover(); r != nil { gosec.logger.Printf( @@ -500,26 +502,54 @@ func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) { ) } }() - ssaPass := &analysis.Pass{ - Analyzer: buildssa.Analyzer, - Fset: pkg.Fset, - Files: pkg.Syntax, - OtherFiles: pkg.OtherFiles, - IgnoredFiles: pkg.IgnoredFiles, - Pkg: pkg.Types, - TypesInfo: pkg.TypesInfo, - TypesSizes: pkg.TypesSizes, - ResultOf: nil, - Report: nil, - ImportObjectFact: nil, - ExportObjectFact: nil, - ImportPackageFact: nil, - ExportPackageFact: nil, - AllObjectFacts: nil, - AllPackageFacts: nil, - } - - return ssaPass.Analyzer.Run(ssaPass) + if pkg == nil { + return nil, errors.New("nil package provided") + } + if pkg.Types == nil { + return nil, fmt.Errorf("package %s has no type information (compilation failed?)", pkg.Name) + } + if pkg.TypesInfo == nil { + return nil, fmt.Errorf("package %s has no type information", pkg.Name) + } + pass := &analysis.Pass{ + Fset: pkg.Fset, + Files: pkg.Syntax, + OtherFiles: pkg.OtherFiles, + IgnoredFiles: pkg.IgnoredFiles, + Pkg: pkg.Types, + TypesInfo: pkg.TypesInfo, + TypesSizes: pkg.TypesSizes, + ResultOf: make(map[*analysis.Analyzer]interface{}), + Report: func(d analysis.Diagnostic) {}, + ImportObjectFact: func(obj types.Object, fact analysis.Fact) bool { return false }, + ExportObjectFact: func(obj types.Object, fact analysis.Fact) {}, + } + + pass.Analyzer = inspect.Analyzer + i, err := inspect.Analyzer.Run(pass) + if err != nil { + return nil, fmt.Errorf("running inspect analysis: %w", err) + } + pass.ResultOf[inspect.Analyzer] = i + + pass.Analyzer = ctrlflow.Analyzer + cf, err := ctrlflow.Analyzer.Run(pass) + if err != nil { + return nil, fmt.Errorf("running control flow analysis: %w", err) + } + pass.ResultOf[ctrlflow.Analyzer] = cf + + pass.Analyzer = buildssa.Analyzer + result, err := buildssa.Analyzer.Run(pass) + if err != nil { + return nil, fmt.Errorf("running SSA analysis: %w", err) + } + + ssaResult, ok := result.(*buildssa.SSA) + if !ok { + return nil, fmt.Errorf("unexpected SSA analysis result type: %T", result) + } + return ssaResult, nil } // ParseErrors parses the errors from given package