commit 05290390fe8b6b55c374f4aece3d347e16c7f13a7d724d42f0ae91178096f9f0 Author: Jeff Kowalczyk Date: Tue Feb 1 21:12:11 2022 +0000 Accepting request 947871 from home:ph03nix Add gosec package (includes new released version) OBS-URL: https://build.opensuse.org/request/show/947871 OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/gosec?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..c14c746 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + https://github.com/securego/gosec.git + git + master + v2.9.6 + @PARENT_TAG@ + v(.*) + + + + *.tar + gz + + + diff --git a/gosec-2.9.6.tar.gz b/gosec-2.9.6.tar.gz new file mode 100644 index 0000000..7db771a --- /dev/null +++ b/gosec-2.9.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:08b864f9e7d6dc93071843c6528b0f4c435e86ddab6d1702ae891055085be5d4 +size 137046 diff --git a/gosec.changes b/gosec.changes new file mode 100644 index 0000000..c9dc432 --- /dev/null +++ b/gosec.changes @@ -0,0 +1,32 @@ +------------------------------------------------------------------- +Fri Jan 21 07:49:30 UTC 2022 - Felix Niederwanger + +* Update to version 2.9.6: + +- Add db.Exec and db.Prepare to the sql rule (#763) +- chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764) +- Add os.Create to the readfile rule (#761) +- Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759) +- chore(deps): update dependency highlight.js to v11.4.0 (#758) +- Fix false negatives for SQL injection in multi-line queries +- Find G303 with filepath.Join'd temp dirs (#754) +- Find more tempdirs +- build(fmt): use [ instead of [[ (#751) +- Update to ginkgo v2 (#753) +- Fix #743 (#748) +- Handle nil when looking up a file by position into a package (#747) +- Add in the config file settings for exclude and include options +- chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745) +- Track both #nosec and #nosec rulelist for one violation (#741) +- Add the sponsors section in the README file (#740) +- Remove space between // and #nosec in examples and internal use + +------------------------------------------------------------------- +Fri Jan 14 09:33:28 UTC 2022 - Felix Niederwanger + +- Add position-independent executable to compiler flags + +------------------------------------------------------------------- +Fri Jan 14 09:15:56 UTC 2022 - Felix Niederwanger + +- Add version 2.9.5 diff --git a/gosec.spec b/gosec.spec new file mode 100644 index 0000000..afd8b10 --- /dev/null +++ b/gosec.spec @@ -0,0 +1,53 @@ +# +# spec file for package gosec +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: gosec +Version: 2.9.6 +Release: 0 +Summary: Golang security checker +License: Apache-2.0 +URL: https://github.com/securego/gosec +Source: gosec-%{version}.tar.gz +Source1: vendor.tar.gz +BuildRequires: golang-packaging +BuildRequires: go >= 1.11 +%{go_nostrip} + +%description +Inspects source code for security problems by scanning the Go AST. + +%prep +%autosetup -D -a 1 + +%build +GOFLAGS="-buildmode=pie" make build + +# this check is not yet working +#%%check +#make test + +%install +install -Dm 755 gosec %{buildroot}/%{_bindir}/gosec + +%files +%license LICENSE.txt +%doc README.md +%{_bindir}/gosec + +%changelog + diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..281867c --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b6117dbd1f13b5d8402cf535e8b3af58cd750be1a92bddac1bb6848ae0363ac0 +size 3140664