build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe

Author: ldez

.golangci.next.reference.yml

@@ -874,6 +874,7 @@ linters-settings:
       - G504 # Import blocklist: net/http/cgi
       - G505 # Import blocklist: crypto/sha1
       - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
 
     # To specify a set of rules to explicitly exclude.
     # Available rules: https://github.com/securego/gosec#available-rules
@@ -913,6 +914,7 @@ linters-settings:
       - G504 # Import blocklist: net/http/cgi
       - G505 # Import blocklist: crypto/sha1
       - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
 
     # Exclude generated files
     # Default: false

.golangci.reference.yml

@@ -874,6 +874,7 @@ linters-settings:
       - G504 # Import blocklist: net/http/cgi
       - G505 # Import blocklist: crypto/sha1
       - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
 
     # To specify a set of rules to explicitly exclude.
     # Available rules: https://github.com/securego/gosec#available-rules
@@ -913,6 +914,7 @@ linters-settings:
       - G504 # Import blocklist: net/http/cgi
       - G505 # Import blocklist: crypto/sha1
       - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
 
     # Exclude generated files
     # Default: false

go.mod

@@ -92,7 +92,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sashamelentyev/interfacebloat v1.1.0
 	github.com/sashamelentyev/usestdlibvars v1.27.0
-	github.com/securego/gosec/v2 v2.20.1-0.20240525090044-5f0084eb01a9
+	github.com/securego/gosec/v2 v2.20.1-0.20240820084340-81cda2f91fbe
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c
 	github.com/shirou/gopsutil/v3 v3.24.5
 	github.com/sirupsen/logrus v1.9.3
@@ -124,7 +124,7 @@ require (
 	go-simpler.org/musttag v0.12.2
 	go-simpler.org/sloglint v0.7.2
 	go.uber.org/automaxprocs v1.5.3
-	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/tools v0.24.0
 	gopkg.in/yaml.v3 v3.0.1
 	honnef.co/go/tools v0.5.1
@@ -192,8 +192,8 @@ require (
 	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.23.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

go.sum

@@ -157,7 +157,8 @@
         "G503",
         "G504",
         "G505",
-        "G601"
+        "G601",
+        "G602"
       ]
     },
     "govet-analyzers": {

jsonschema/golangci.jsonschema.json

@@ -157,7 +157,8 @@
         "G503",
         "G504",
         "G505",
-        "G601"
+        "G601",
+        "G602"
       ]
     },
     "govet-analyzers": {

jsonschema/golangci.next.jsonschema.json

@@ -10,6 +10,7 @@ import (
 	"sync"
 
 	"github.com/securego/gosec/v2"
+	"github.com/securego/gosec/v2/analyzers"
 	"github.com/securego/gosec/v2/issue"
 	"github.com/securego/gosec/v2/rules"
 	"golang.org/x/tools/go/analysis"
@@ -27,16 +28,20 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter {
 	var mu sync.Mutex
 	var resIssues []goanalysis.Issue
 
-	var filters []rules.RuleFilter
 	conf := gosec.NewConfig()
+
+	var ruleFilters []rules.RuleFilter
+	var analyzerFilters []analyzers.AnalyzerFilter
 	if settings != nil {
-		filters = gosecRuleFilters(settings.Includes, settings.Excludes)
+		ruleFilters = createRuleFilters(settings.Includes, settings.Excludes)
+		analyzerFilters = createAnalyzerFilters(settings.Includes, settings.Excludes)
 		conf = toGosecConfig(settings)
 	}
 
 	logger := log.New(io.Discard, "", 0)
 
-	ruleDefinitions := rules.Generate(false, filters...)
+	ruleDefinitions := rules.Generate(false, ruleFilters...)
+	analyzerDefinitions := analyzers.Generate(false, analyzerFilters...)
 
 	analyzer := &analysis.Analyzer{
 		Name: linterName,
@@ -53,7 +58,9 @@ func New(settings *config.GoSecSettings) *goanalysis.Linter {
 		analyzer.Run = func(pass *analysis.Pass) (any, error) {
 			// The `gosecAnalyzer` is here because of concurrency issue.
 			gosecAnalyzer := gosec.NewAnalyzer(conf, true, settings.ExcludeGenerated, false, settings.Concurrency, logger)
+
 			gosecAnalyzer.LoadRules(ruleDefinitions.RulesInfo())
+			gosecAnalyzer.LoadAnalyzers(analyzerDefinitions.AnalyzersInfo())
 
 			issues := runGoSec(lintCtx, pass, settings, gosecAnalyzer)
 
@@ -176,8 +183,23 @@ func convertGosecGlobals(globalOptionFromConfig any, conf gosec.Config) {
 	}
 }
 
+// based on https://github.com/securego/gosec/blob/81cda2f91fbe1bf4735feb55febcae03e697a92b/cmd/gosec/main.go#L258-L275
+func createAnalyzerFilters(includes, excludes []string) []analyzers.AnalyzerFilter {
+	var filters []analyzers.AnalyzerFilter
+
+	if len(includes) > 0 {
+		filters = append(filters, analyzers.NewAnalyzerFilter(false, includes...))
+	}
+
+	if len(excludes) > 0 {
+		filters = append(filters, analyzers.NewAnalyzerFilter(true, excludes...))
+	}
+
+	return filters
+}
+
 // based on https://github.com/securego/gosec/blob/569328eade2ccbad4ce2d0f21ee158ab5356a5cf/cmd/gosec/main.go#L170-L188
-func gosecRuleFilters(includes, excludes []string) []rules.RuleFilter {
+func createRuleFilters(includes, excludes []string) []rules.RuleFilter {
 	var filters []rules.RuleFilter
 
 	if len(includes) > 0 {