TCE-1226 Bump Gosec 2.22.7

Author: DMarinhoCodacy

.gitignore

@@ -9,3 +9,9 @@ target/
 .DS_Store
 *.iml
 .codacy-coverage
+
+
+#Ignore vscode AI rules
+.github/copilot-instructions.md
+
+.vscode

Dockerfile

@@ -1,12 +1,12 @@
-FROM golang:1.18.10-alpine3.17 as builder
+FROM golang:1.23-alpine3.22 as builder
 
 COPY doc-generation /doc-generation
 
 WORKDIR /doc-generation
 RUN mkdir -p /docs/description
 RUN go run main.go -docFolder=../docs
 
-FROM alpine:3.17.3
+FROM alpine:3.22
 
 COPY --from=builder /docs /docs
 COPY docs/tool-description.md /docs/

build.sbt

@@ -1,6 +1,6 @@
-val scalaVersionNumber = "2.13.1"
+val scalaVersionNumber = "2.13.16"
 val circeVersion = "0.12.3"
-val graalVersion = "21.2.0"
+val graalVersion = "24.2.2"
 
 lazy val root = (project in file("."))
   .enablePlugins(JavaAppPackaging)
@@ -12,11 +12,11 @@ lazy val root = (project in file("."))
     scalaVersion := scalaVersionNumber,
     test in assembly := {},
     libraryDependencies ++= Seq(
-      "com.codacy" %% "codacy-analysis-cli-model" % "2.2.0",
+      "com.codacy" %% "codacy-analysis-cli-model" % "5.2.1",
       "io.circe" %% "circe-core" % circeVersion,
       "io.circe" %% "circe-parser" % circeVersion,
-      "com.github.scopt" %% "scopt" % "3.7.1",
-      "org.scalatest" %% "scalatest" % "3.1.0" % Test
+      "com.github.scopt" %% "scopt" % "4.1.0",
+      "org.scalatest" %% "scalatest" % "3.2.19" % Test
     ),
     graalVMNativeImageGraalVersion := Some(graalVersion),
     graalVMNativeImageOptions ++= Seq(

doc-generation/go.mod

@@ -1,16 +1,19 @@
 module github.com/codacy/gosec-doc-generator
 
-go 1.18
+go 1.23.0
+
+toolchain go1.24.5
 
 require (
 	github.com/codacy/codacy-engine-golang-seed v1.0.1-0.20230412094526-1a71ba69afe3
-	github.com/securego/gosec/v2 v2.15.0
-	golang.org/x/mod v0.10.0
+	github.com/securego/gosec/v2 v2.22.7
+	golang.org/x/mod v0.26.0
 )
 
 require (
-	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/tools v0.5.0 // indirect
+	github.com/ccojocar/zxcvbn-go v1.0.4 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/tools v0.35.0 // indirect
 )

doc-generation/go.sum

@@ -1,2 +1,2 @@
 ## G307
-Unsafe defer call of a method returning an error
+Poor file permissions used when creating a file with os.Create

docs/description/G307.md

@@ -1,2 +1,2 @@
 ## G401
-Detect the usage of DES, RC4, MD5 or SHA1
+Detect the usage of MD5 or SHA1

docs/description/G401.md

@@ -54,11 +54,6 @@
     "title": "G112",
     "description": "Detect ReadHeaderTimeout not configured as a potential risk"
   },
-  {
-    "patternId": "G113",
-    "title": "G113",
-    "description": "Usage of Rat.SetString in math/big with an overflow"
-  },
   {
     "patternId": "G114",
     "title": "G114",
@@ -117,12 +112,12 @@
   {
     "patternId": "G307",
     "title": "G307",
-    "description": "Unsafe defer call of a method returning an error"
+    "description": "Poor file permissions used when creating a file with os.Create"
   },
   {
     "patternId": "G401",
     "title": "G401",
-    "description": "Detect the usage of DES, RC4, MD5 or SHA1"
+    "description": "Detect the usage of MD5 or SHA1"
   },
   {
     "patternId": "G402",
@@ -139,6 +134,16 @@
     "title": "G404",
     "description": "Insecure random number source (rand)"
   },
+  {
+    "patternId": "G405",
+    "title": "G405",
+    "description": "Detect the usage of DES or RC4"
+  },
+  {
+    "patternId": "G406",
+    "title": "G406",
+    "description": "Detect the usage of deprecated MD4 or RIPEMD160"
+  },
   {
     "patternId": "G501",
     "title": "G501",
@@ -164,6 +169,16 @@
     "title": "G505",
     "description": "Import blocklist: crypto/sha1"
   },
+  {
+    "patternId": "G506",
+    "title": "G506",
+    "description": "Import blocklist: golang.org/x/crypto/md4"
+  },
+  {
+    "patternId": "G507",
+    "title": "G507",
+    "description": "Import blocklist: golang.org/x/crypto/ripemd160"
+  },
   {
     "patternId": "G601",
     "title": "G601",
@@ -224,11 +239,6 @@
     "title": "G112",
     "description": "Detect ReadHeaderTimeout not configured as a potential risk"
   },
-  {
-    "patternId": "G113",
-    "title": "G113",
-    "description": "Usage of Rat.SetString in math/big with an overflow"
-  },
   {
     "patternId": "G114",
     "title": "G114",
@@ -287,12 +297,12 @@
   {
     "patternId": "G307",
     "title": "G307",
-    "description": "Unsafe defer call of a method returning an error"
+    "description": "Poor file permissions used when creating a file with os.Create"
   },
   {
     "patternId": "G401",
     "title": "G401",
-    "description": "Detect the usage of DES, RC4, MD5 or SHA1"
+    "description": "Detect the usage of MD5 or SHA1"
   },
   {
     "patternId": "G402",
@@ -309,6 +319,16 @@
     "title": "G404",
     "description": "Insecure random number source (rand)"
   },
+  {
+    "patternId": "G405",
+    "title": "G405",
+    "description": "Detect the usage of DES or RC4"
+  },
+  {
+    "patternId": "G406",
+    "title": "G406",
+    "description": "Detect the usage of deprecated MD4 or RIPEMD160"
+  },
   {
     "patternId": "G501",
     "title": "G501",
@@ -334,6 +354,16 @@
     "title": "G505",
     "description": "Import blocklist: crypto/sha1"
   },
+  {
+    "patternId": "G506",
+    "title": "G506",
+    "description": "Import blocklist: golang.org/x/crypto/md4"
+  },
+  {
+    "patternId": "G507",
+    "title": "G507",
+    "description": "Import blocklist: golang.org/x/crypto/ripemd160"
+  },
   {
     "patternId": "G601",
     "title": "G601",

docs/description/description.json

@@ -1,6 +1,6 @@
 {
   "name": "gosec",
-  "version": "2.15.0",
+  "version": "2.22.7",
   "patterns": [
     {
       "patternId": "G101",
@@ -68,12 +68,6 @@
       "level": "Error",
       "enabled": false
     },
-    {
-      "patternId": "G113",
-      "category": "Security",
-      "level": "Error",
-      "enabled": false
-    },
     {
       "patternId": "G114",
       "category": "Security",
@@ -170,6 +164,18 @@
       "level": "Error",
       "enabled": false
     },
+    {
+      "patternId": "G405",
+      "category": "Security",
+      "level": "Error",
+      "enabled": false
+    },
+    {
+      "patternId": "G406",
+      "category": "Security",
+      "level": "Error",
+      "enabled": false
+    },
     {
       "patternId": "G501",
       "category": "Security",
@@ -200,6 +206,18 @@
       "level": "Error",
       "enabled": false
     },
+    {
+      "patternId": "G506",
+      "category": "Security",
+      "level": "Error",
+      "enabled": false
+    },
+    {
+      "patternId": "G507",
+      "category": "Security",
+      "level": "Error",
+      "enabled": false
+    },
     {
       "patternId": "G601",
       "category": "Security",

docs/patterns.json

@@ -1 +1 @@
-sbt.version = 1.3.8
+sbt.version = 1.10.1