Merge pull request #30 from codacy/test-docker-publish-local

stefanvacareanu7 · web-flow · commit 07cbb2c76976 · 2023-04-12T14:19:19.000+03:00
breaking: Update gosec to `2.15.0` and go to `1.18`
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -44,10 +44,6 @@ workflows:
             mkdir -p ~/workdir/artifacts/
             mv target/scala-2.13/codacy-gosec-assembly-$(cat .version).jar ~/workdir/artifacts/codacy-gosec-$(cat .version).jar
             mv target/graalvm-native-image/codacy-gosec ~/workdir/artifacts/codacy-gosec-$(cat .version)
-          filters:
-            branches:
-              only:
-                - master
           requires:
             - check_fmt
             - test_and_coverage
@@ -64,6 +60,10 @@ workflows:
           context: CodacyAWS
           requires:
             - docker_publish_local
+          filters:
+            branches:
+              only:
+                - master
       - codacy/publish_ghr:
           name: publish_ghr
           path: ~/workdir/artifacts/
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18.8-alpine3.17 as builder
+FROM golang:1.18.10-alpine3.17 as builder
 
 COPY doc-generation /doc-generation
 
diff --git a/doc-generation/go.mod b/doc-generation/go.mod
@@ -1,11 +1,16 @@
 module github.com/codacy/gosec-doc-generator
 
-go 1.13
+go 1.18
 
 require (
-	github.com/codacy/codacy-engine-golang-seed v0.0.12
-	github.com/securego/gosec/v2 v2.8.1
-	golang.org/x/mod v0.5.0
-	golang.org/x/sys v0.0.0-20210921065528-437939a70204 // indirect
-	golang.org/x/tools v0.1.6 // indirect
+	github.com/codacy/codacy-engine-golang-seed v1.0.1-0.20230412094526-1a71ba69afe3
+	github.com/securego/gosec/v2 v2.15.0
+	golang.org/x/mod v0.10.0
+)
+
+require (
+	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
 )
diff --git a/doc-generation/go.sum b/doc-generation/go.sum
@@ -72,6 +72,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codacy/codacy-engine-golang-seed v0.0.12 h1:Z+n48l6unhNLETwNfZQdd8cfJg4eFbpJ1qVjYRsRUUE=
 github.com/codacy/codacy-engine-golang-seed v0.0.12/go.mod h1:SX3/fSiePVt1G8IsjTq3a4Zk2EF/VeEYJAX/R+HpyDY=
+github.com/codacy/codacy-engine-golang-seed v1.0.1-0.20230412094526-1a71ba69afe3 h1:7IGgebxyFGZfU2jakv589QjBepw4z+m2xQowuL618u0=
+github.com/codacy/codacy-engine-golang-seed v1.0.1-0.20230412094526-1a71ba69afe3/go.mod h1:Gqi0UsmXhd8vHtjMsiuPWuURITevUS/XKZ7xoM+LmMQ=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -335,6 +337,8 @@ github.com/securego/gosec/v2 v2.3.0 h1:y/9mCF2WPDbSDpL3QDWZD3HHGrSYw0QSHnCqTfs4J
 github.com/securego/gosec/v2 v2.3.0/go.mod h1:UzeVyUXbxukhLeHKV3VVqo7HdoQR9MrRfFmZYotn8ME=
 github.com/securego/gosec/v2 v2.8.1 h1:Tyy/nsH39TYCOkqf5HAgRE+7B5D8sHDwPdXRgFWokh8=
 github.com/securego/gosec/v2 v2.8.1/go.mod h1:pUmsq6+VyFEElJMUX+QB3p3LWNHXg1R3xh2ssVJPs8Q=
+github.com/securego/gosec/v2 v2.15.0 h1:v4Ym7FF58/jlykYmmhZ7mTm7FQvN/setNm++0fgIAtw=
+github.com/securego/gosec/v2 v2.15.0/go.mod h1:VOjTrZOkUtSDt2QLSJmQBMWnvwiQPEjg0l+5juIqGk8=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -343,6 +347,8 @@ github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -364,6 +370,7 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -449,6 +456,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -559,6 +568,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210921065528-437939a70204 h1:JJhkWtBuTQKyz2bd5WG9H8iUsJRU3En/KRfN8B2RnDs=
 golang.org/x/sys v0.0.0-20210921065528-437939a70204/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -626,6 +638,8 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6 h1:SIasE1FVIQOWz2GEAHFOmoW7xchJcqlucjSULTL0Ag4=
 golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
diff --git a/doc-generation/main.go b/doc-generation/main.go
@@ -72,7 +72,7 @@ func gosecVersion() (string, error) {
 }
 
 func listGosecRules() []rules.RuleDefinition {
-	rulesMap := rules.Generate()
+	rulesMap := rules.Generate(false).Rules
 
 	var rulesList []rules.RuleDefinition
 	for _, ruleDefinition := range rulesMap {
diff --git a/docs/description/G111.md b/docs/description/G111.md
@@ -0,0 +1,2 @@
+## G111
+Detect http.Dir('/') as a potential risk
diff --git a/docs/description/G112.md b/docs/description/G112.md
@@ -0,0 +1,2 @@
+## G112
+Detect ReadHeaderTimeout not configured as a potential risk
diff --git a/docs/description/G113.md b/docs/description/G113.md
@@ -0,0 +1,2 @@
+## G113
+Usage of Rat.SetString in math/big with an overflow
diff --git a/docs/description/G114.md b/docs/description/G114.md
@@ -0,0 +1,2 @@
+## G114
+Use of net/http serve function that has no support for setting timeouts
diff --git a/docs/description/description.json b/docs/description/description.json
@@ -44,6 +44,26 @@
     "title": "G110",
     "description": "Detect io.Copy instead of io.CopyN when decompression"
   },
+  {
+    "patternId": "G111",
+    "title": "G111",
+    "description": "Detect http.Dir('/') as a potential risk"
+  },
+  {
+    "patternId": "G112",
+    "title": "G112",
+    "description": "Detect ReadHeaderTimeout not configured as a potential risk"
+  },
+  {
+    "patternId": "G113",
+    "title": "G113",
+    "description": "Usage of Rat.SetString in math/big with an overflow"
+  },
+  {
+    "patternId": "G114",
+    "title": "G114",
+    "description": "Use of net/http serve function that has no support for setting timeouts"
+  },
   {
     "patternId": "G201",
     "title": "G201",
@@ -194,6 +214,26 @@
     "title": "G110",
     "description": "Detect io.Copy instead of io.CopyN when decompression"
   },
+  {
+    "patternId": "G111",
+    "title": "G111",
+    "description": "Detect http.Dir('/') as a potential risk"
+  },
+  {
+    "patternId": "G112",
+    "title": "G112",
+    "description": "Detect ReadHeaderTimeout not configured as a potential risk"
+  },
+  {
+    "patternId": "G113",
+    "title": "G113",
+    "description": "Usage of Rat.SetString in math/big with an overflow"
+  },
+  {
+    "patternId": "G114",
+    "title": "G114",
+    "description": "Use of net/http serve function that has no support for setting timeouts"
+  },
   {
     "patternId": "G201",
     "title": "G201",
diff --git a/docs/patterns.json b/docs/patterns.json

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM golang:1.18.8-alpine3.17 as builder`
	`1`	`+FROM golang:1.18.10-alpine3.17 as builder`
`2`	`2`
`3`	`3`	`COPY doc-generation /doc-generation`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ func gosecVersion() (string, error) {`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`func listGosecRules() []rules.RuleDefinition {`
`75`		`- rulesMap := rules.Generate()`
	`75`	`+ rulesMap := rules.Generate(false).Rules`
`76`	`76`
`77`	`77`	`var rulesList []rules.RuleDefinition`
`78`	`78`	`for _, ruleDefinition := range rulesMap {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+## G111`
	`2`	`+Detect http.Dir('/') as a potential risk`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+## G112`
	`2`	`+Detect ReadHeaderTimeout not configured as a potential risk`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+## G113`
	`2`	`+Usage of Rat.SetString in math/big with an overflow`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+## G114`
	`2`	`+Use of net/http serve function that has no support for setting timeouts`