- Update to version 2.21.3:

* Update gosec version to v2.21.3 in github action (#1227) * Populate the fixes only when autofix is not empty (#1226) * chore(deps): update all dependencies (#1223) * G115 Struct Attribute Checks (#1221) OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/gosec?expand=0&rev=35
2024-09-19 00:10:02 +00:00 · 2024-09-19 00:10:02 +00:00 · 594e5d48c9
commit 594e5d48c9
11 changed files with 612 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="filename">gosec</param>
+    <param name="url">https://github.com/securego/gosec.git</param>
+    <param name="scm">git</param>
+    <param name="version">v2.21.3</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="versionrewrite-replacement">\1</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="set_version" mode="manual"/>
+  <service name="tar" mode="buildtime"/>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="compression">gz</param>
+  </service>
+</services>
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/securego/gosec.git</param>
+              <param name="changesrevision">a83689867d8e15cac0f94c1b55979c45df8f69d6</param></service></servicedata>
--- a/gosec-2.20.0.obscpio
+++ b/gosec-2.20.0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7078eb954f6862de1a0777dd13bb05b588d135dea2914a0ca6db1ffeff93fee4
+size 643084
--- a/gosec-2.21.2.obscpio
+++ b/gosec-2.21.2.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b10defe29bea117bc3aba36079f8354ba7a299a29ec580ffc41af0f3dcb3a1f
+size 770572
--- a/gosec-2.21.3.obscpio
+++ b/gosec-2.21.3.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:16214750aee3054b9ce383a087bf331ae5ab69b2d84d83adb659e0bea7f60410
+size 773132
--- a/gosec.changes
+++ b/gosec.changes
@ -0,0 +1,485 @@
+-------------------------------------------------------------------
+Wed Sep 18 18:34:55 UTC 2024 - felix.niederwanger@suse.de
+
+- Update to version 2.21.3:
+  * Update gosec version to v2.21.3 in github action (#1227)
+  * Populate the fixes only when autofix is not empty (#1226)
+  * chore(deps): update all dependencies (#1223)
+  * G115 Struct Attribute Checks (#1221)
+
+-------------------------------------------------------------------
+Tue Sep 10 07:42:28 UTC 2024 - felix.niederwanger@suse.de
+
+- Update to version 2.21.2:
+  * Update the github action to v2.21.2 (#1218)
+  * Update the SARIF schema URL (#1217)
+  * Update go version to 1.23.1 and 1.22.7 (#1216)
+  * chore(deps): update all dependencies (#1215)
+  * Update gosec version to v2.21.1 in github action (#1213)
+  * Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)
+  * Update gosec in github action to v2.21.0 (#1208)
+  * Update cosign version to v2.4.0 in release github workflow (#1207)
+  * Improvement the int conversion overflow logic to handle bound checks (#1194)
+  * fix: G602 support for nested conditionals with bounds check (#1201)
+  * Update go.mod to sue go 1.22.0 toolchain
+  * chore(deps): update all dependencies
+  * Make variable name more clear
+  * Make variable names more explicity and reduce duplications
+  * Fix formatting
+  * Refactor to reduce some fuctions and variable names
+  * Pass the value argument directly since is an interface
+  * Added suggested changes
+  * Added another test case in order to increase code coverage
+  * Removed function parameter which is always the same
+  * Formatting problems(CI was not passing)
+  * Updated analyzer to use new way of initialization
+  * Migrated the rule to the analyzers folder
+  * Refractored code a little bit
+  * Added new rule G407(hardcoded IV/nonce)
+  * Fix conversion overflow false positive when using ParseUint
+  * Add a build step to measure the scan perfomance
+  * Fix conversion overflow false positives when they are checked or pre-determined
+  * Update go.mod
+  * chore(deps): update all dependencies
+  * Fix false positive in conversion overflow check from uint8/int8 type
+  * Disable staticcheck SA1019 rule
+  * Update the golangci linters
+  * Add more test to cover more use cases for G115 rule
+  * Allow excluding analyzers globally (#1180)
+  * Update to Go 1.23.0 (#1183)
+  * chore(deps): update all dependencies (#1182)
+  * Read the AI API key also from an environment variable (#1181)
+  * Add support to generate auto fixes using LLM (AI) (#1177)
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update dependency babel-standalone to v7.24.10
+  * Resolve underlying type to detect overflows in type aliases
+  * chore(deps): update dependency babel-standalone to v7.24.8
+  * Fix multifile ignores
+  * Add -enable-audit cli flag
+  * Update to go 1.22.5 and 1.21.12
+  * chore(deps): update all dependencies
+  * Added more rules
+  * Fixed coverage workflow
+  * Fixed CI workflow
+  * Minor changes
+  * Split the G401 rule into two separate ones
+  * Updated G401 corresponding CWE
+  * chore(deps): update docker/build-push-action action to v6
+  * Update to go versions to 1.21.11 and 1.22.4
+  * chore(deps): update all dependencies
+  * Fix nosec when applied to a block
+  * Add more types to templates rule
+  * Map the G115 rule to an CWE ID
+  * chore(deps): update all dependencies
+  * Update README with G115 rule description
+  * Remove deprecated megacheck linter from golangci
+  * Format imports
+  * Update .gitignore
+  * Add a new rule to detect integer overflow on integer types conversion
+  * feat: add env var to override the Go version detection
+  * Use the proper logic when disabling the go module version
+  * Update the README with some details related to Go version used by the rules
+  * Add an environment varialbe which disables the parsing of Go version from module file
+  * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
+
+-------------------------------------------------------------------
+Thu May 16 08:20:50 UTC 2024 - felix.niederwanger@suse.de
+
+- Update to version 2.20.0:
+  * Update docker image in action to v2.20.0
+  * Catch os.ModePerm permissions in os.WriteFile
+  * Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
+  * Add filepath.EvalSymlinks to clean functions in rule G304
+  * chore(deps): update all dependencies
+  * Update Go to version 2.22.3 in CI and release
+  * chore(deps): update module golang.org/x/text to v0.15.0
+  * chore(deps): update all dependencies
+  * chore(deps): update module github.com/onsi/gomega to v1.33.0
+  * Update to go 1.22.2
+  * chore(deps): update all dependencies
+  * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
+  * chore(deps): update all dependencies
+  * fix(helpers/goversion): get from go.mod
+  * chore: fix function name
+  * chore(deps): update all dependencies
+  * Format the imports using the gci tool
+  * Fixup: delete unused variable
+  * Fix test: update test to comply with the spec of generated sources
+  * Refactor: use standard function to check if a file is generated
+  * Fix lint warnings
+  * Add support for math/rand/v2 added in Go 1.22
+  * Skip the G601 tests for Go version 1.22
+  * Update go version to 1.22.1 and 1.21.8
+  * Ignore 'implicit memory aliasing' rule for Go 1.22+
+  * chore(deps): update all dependencies
+  * chore(deps): update module golang.org/x/tools to v0.18.0
+  * fix(hardcoded): remove duplicated `Stripe API Key`
+
+-------------------------------------------------------------------
+Tue Feb 13 07:48:54 UTC 2024 - felix.niederwanger@suse.de
+
+- Update to version 2.19.0:
+  * Update gosec version to v2.19.0 in the Github action
+  * Update CI to go version 1.22
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update dependency babel-standalone to v7.23.7
+  * chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
+  * chore(deps): update all dependencies
+  * chore(deps): update actions/setup-go action to v5
+  * Fix lint warnings by properly formatting the files
+  * chore: Refactor Sample Code to Separate Files
+  * Update go version to 1.21.5 and 1.20.12 (#1084)
+  * chore(deps): update all dependencies (#1080)
+  * Ignore the issues from generated files when using the analysis framework (#1079)
+  * Update README with upload-sarif v2 (#1078)
+  * chore(deps): update dependency babel-standalone to v7.23.4
+
+-------------------------------------------------------------------
+Sat Nov 25 19:22:09 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.18.2:
+  * Disable dot-imports in revive linter
+  * Run the gosec with data race detector active during
+    tests
+  * Fix data race in the analyzer
+  * Fix test that checks the overriden nosec directive
+  * Clean global state in flgs tests
+  * Format the file
+  * Update README with details which describe the current
+    of #nosec
+  * Ensure the ignores are parsed before analysing the
+    package
+
+-------------------------------------------------------------------
+Sat Nov 25 19:19:43 UTC 2023 - dmueller@suse.com
+
+- Update to version 2.18.2:
+  * Added ppc64le support
+  * chore(deps): update all dependencies
+  * Ensure ignores are handled properly for multi-line issues
+  * Update Go to version 1.21.4 and 1.20.11
+  * chore(deps): update module golang.org/x/text to v0.14.0
+  * chore(deps): update all dependencies
+  * Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
+  * Avoid allocations with `(*regexp.Regexp).MatchString`
+  * Fix some typos
+  * Update local installation instructions by removing the details for Go 1.16
+
+-------------------------------------------------------------------
+Tue Oct 17 14:29:50 UTC 2023 - felix.niederwanger@suse.de
+
+- Update to version 2.18.1:
+  * chore(deps): update all dependencies
+  * Update gosec to version 2.18.1 in the action
+  * Update cosign version to v2.2.0
+  * Refactor how ignored issues are tracked
+  * Restrict the maximum depth when tracking the slice bounds
+  * Handle empty ssa results
+  * Handle gracefully any panic that occurs when building the SSA representation of a package
+  * Fix typo
+  * Handle new function when getting the call info in case is overriden
+  * Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
+  * Update to Go 1.21.3 and 1.20.10 (#1035)
+  * Update the list of unsafe functions detected by the unsafe rule (#1033)
+
+-------------------------------------------------------------------
+Mon Oct  9 13:23:33 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Packaging improvements:
+  * Summary and Description clarify the purpose of this CLI tool
+  * Use Group: Development/Languages/Go instead of Other
+  * Drop BuildRequires: golang-packaging. The recommended Go
+    toolchain dependency is BuildRequires: golang(API) >= 1.x or
+    optionally the metapackage BuildRequires: go
+  * Drop Requires: golang-packaging. The original macros for file
+    movements into GOPATH are obsolete with Go modules. Macro
+    go_nostrip is no longer needed with current binutils and Go.
+  * Remove %%{go_nostrip} macro which is no longer recommended
+
+-------------------------------------------------------------------
+Mon Oct 09 09:02:02 UTC 2023 - felix.niederwanger@suse.com
+
+- Update to version 2.18.0:
+  * Update the action to use gosec version v2.18.0 (#1029)
+  * Use a step ID in github release action to get the digest of the image (#1028)
+  * Update to go version 1.21.2 and 1.20.9 (#1027)
+  * chore(deps): update all dependencies (#1026)
+  * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
+  * Fix typos in struct fields, comments, and docs (#1023)
+  * chore(deps): update all dependencies
+  * Fix lint warning
+  * Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
+  * Fix lint warnings
+  * Update ginkgo to latest version
+  * Redesign and reimplement the slice out of bounds check using SSA code representation
+  * docs: add reMarkable to users list
+  * chore(deps): update all dependencies
+  * Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
+  * Update to latest go version
+  * chore(deps): update all dependencies (#1011)
+  * Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
+  * chore(deps): update all dependencies (#1008)
+  * Exclude maps from slince bounce check rule (#1006)
+  * Ignore struct pointers in G601 (#1003)
+  * Update gosec image version to 2.17.0 in the Github action (#1002)
+- Packaging improvements:
+  * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
+    The go metapackage points to a single go version that
+    increments at a date TBD after each go1.x major release. The
+    expression golang(API) is available immediately upon each go1.x
+    major release and is stable for expressing the minimum version
+    or a temporarily pinned version.
+
+-------------------------------------------------------------------
+Thu Aug 17 12:57:28 UTC 2023 - Felix Niederwanger felix.niederwanger@suse.com
+
+- Update to version 2.17.0:
+  * Update cosign to version v2.1.1 (#1000)
+  * Enable go 1.21.0 in the CI build (#998)
+  * chore(deps): update all dependencies (#997)
+  * Update to go version 1.20.7 and 1.19.12 (#993)
+  * chore(deps): update all dependencies (#992)
+  * chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
+  * fix: correctly identify infixed concats as potential SQL injections (#987)
+  * chore(deps): update all dependencies (#989)
+  * Add a new flag terse to show only the results and summary (#986)
+  * Switch to a maintained fork of zxcvbn module (#984)
+
+-------------------------------------------------------------------
+Fri Aug  4 08:27:41 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+- Require go 1.20
+
+-------------------------------------------------------------------
+Tue May 23 09:10:04 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+- Update to version 2.16.0
+
+* Update cosign to latest version in release Github action
+* chore(deps): update all dependencies
+* Update go version in build and release scripts
+* chore(deps): update all dependencies
+* Update Go version to 1.20.3
+* chore(deps): update all dependencies
+* Fix for Dockerfile smell DL3059
+* README: upgrade GitHub action in examples
+* enable ginkgolinter linter
+* chore(deps): update all dependencies
+* correct gci linter
+* remove deprecated linters
+* increase timeout to 5m
+* chore(deps): update all dependencies
+* Use the latest version
+* Fix some linting warnings
+* Fix lint warning
+* Bump the go versions and golanci
+* chore(deps): update all dependencies
+* Check nil pointer when variable is declared in a different file
+* fix dead link to issue.go in README.md
+* Remove rule G307 which checks when an error is not handled when a file or socket connection is closed
+* Fix rule index reference into sarif report
+* Bump golang.org/x/net from 0.6.0 to 0.7.0
+* Format file
+* Use the gosec issue in the go analysers
+* Fix file formatting
+* Update Go version in CI builds
+* Fix method name in the comment
+* Extract the issue in its own package
+* Add support for Go analysis framework and SSA code representation
+* chore(deps): update all dependencies
+* Remove the version form ci github action
+* Pin github action to latest release version 2.15.0
+* Revert the image tag in github action until a working solution is found
+* Fix version interpolation in github action image
+* Add gosec version as an input parameter to GitHub action
+* Update release build script
+
+-------------------------------------------------------------------
+Mon Feb  6 15:09:19 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to version 2.15.0
+
+- Fix dependencies after renovate update
+- chore(deps): update all dependencies (#922)
+- Update to Go 1.20 and fix unit tests (#923)
+- Update Go to latest version (#920)
+- Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)
+- Fix github latest URL (#918)
+- Fix github release url (#916)
+- chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)
+- Update Go version in CI script (#913)
+- Track back when a file path was sanitized with filepath.Clean (#912)
+- Fix the TLS config rule when parsing the settings from a variable (#911)
+- Fix build after updating the dependencies (#910)
+- chore(deps): update all dependencies (#909)
+- Fix dependencies after renovate update (#907)
+- chore(deps): update all dependencies (#906)
+- Update slack badge and link (#905)
+- Auto-detect TLS MinVersion integer base (#903)
+- Adding s390x support (#902)
+- chore(deps): update all dependencies (#904)
+- chore(deps): update all dependencies (#898)
+- Additional types for bad defer check (#897)
+- chore(deps): update all dependencies (#894)
+- chore(deps): update all dependencies (#892)
+- Update Go version in CI scripts (#889)
+- chore(deps): update all dependencies (#888)
+- Allow to override build date with SOURCE_DATE_EPOCH (#887)
+- chore(deps): update all dependencies (#886)
+- chore(deps): update all dependencies (#884)
+- fileperms: bitwise permission comparison (#883)
+
+-------------------------------------------------------------------
+Mon Dec 12 19:31:05 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+- Switch OBS source service from tar_scm to obs_scm.
+  * Embed version info with go build arg GIT_TAG="v%{version}"
+  * _service obs_scm switch from tar_scm
+  * _service obs_scm switch param revision (branch) to version (tag)
+  * _service tar set to buildtime
+  * _service recompress set to buildtime
+  * _service recompress change tar compression from gz to xz
+
+-------------------------------------------------------------------
+Mon Oct 17 13:45:23 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to versin 2.14.0
+
+- Pin release build to Go version 1.19.2 (#882)
+- Refactor to support duplicate imports with different aliases (#865)
+- chore(deps): update all dependencies (#881)
+- go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
+- Update Go version to 1.19 in the makefile (#876)
+- chore(deps): update all dependencies (#875)
+- Add CWE-676 to cwe mapping (#874)
+- chore(deps): update all dependencies (#872)
+- Add a way to use private repositories on GitHub (#869)
+- chore(deps): update all dependencies (#868)
+- Check go version when installing govulncheck
+- Check go version when running govulncheck
+- Add vulncheck to the test steps
+- chore(deps): update all dependencies
+- Fix false positives for G404 with aliased packages
+- chore(deps): update all dependencies
+- chore(deps): update all dependencies
+- fix: add a CWE ID mapping to rule G114
+- chore(deps): update golang.org/x/crypto digest to bc19a97
+
+-------------------------------------------------------------------
+Mon Aug 22 08:47:01 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to version 2.13.1
+
+- fix: make sure that nil Cwe pointer is handled when getting the CWE ID
+- test: remove white spaces from template
+- fix: handle nil CWE pointer in text template
+
+* Update to version 2.13.0
+
+- chore(deps): update dependency babel-standalone to v7
+- chore: update module go to 1.19
+- chore: fix lint warnings
+- chore: add support for Go 1.19
+- fix: parsing of the Go version (#844)
+- Detect use of net/http functions that have no support for setting timeouts (#842)
+- Refactor SQL rules for better extensibility (#841)
+- chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
+- Fix lint warning
+- Check the suppressed issues when generating the exit code
+- Fix for G402. Check package path instead of package name (#838)
+- fix G204 bugs (#835)
+- Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
+- chore(deps): update all dependencies (#836)
+- chore(deps): update dependency highlight.js to v11.6.0 (#830)
+- fix: filepaths with git anywhere in them being erroneously excluded (#828)
+- Fix wrong location for G109 (#829)
+- chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
+- fix ReadTimeout for G112 rule
+- Pin cosign-installer to v2 (#824)
+
+* Update to version 2.12.0
+
+- chore(deps): update all dependencies (#822)
+- Add check for usage of Rat.SetString in math/big with an overflow error (#819)
+- Remove additional --update for apk in Dockerfile (#818)
+- Update x/tools to pick up fix for golang/go#51629 (#817)
+- chore(deps): update all dependencies (#816)
+- chore(deps): update all dependencies (#812)
+- chore(deps): update all dependencies (#811)
+- Add new rule for Slowloris Attack
+- Fix the dependencies after renovate upate (#806)
+- chore(deps): update all dependencies (#805)
+- Update the description message of template rule (#803)
+- Fix typo in ReadMe (#802)
+- Fix build after renovate update (#800)
+- Fix use rule IDs to retrieve the rule config
+- chore(deps): update all dependencies (#796)
+
+
+-------------------------------------------------------------------
+Tue Mar 22 08:10:13 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to version 2.11.0
+
+- Enable Go 1.18 in the ci and release workflows
+- Fix the lint action after upgrade (#790)
+- chore(deps): update all dependencies (#789)
+- Add a recursive flag -r to skip specifying ./... path
+- Adds directory traversal for Http.Dir("/")
+
+-------------------------------------------------------------------
+Wed Mar  2 07:35:25 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to version 2.10.0:
+
+- Extend the release action to sign the docker image and binary files with cosign (#781)
+- feat: add concurrency option to parallelize package loading (#778)
+- chore(deps): update all dependencies
+- Process the code snippet before adding it to the SARIF report
+- Updated sponsor link in README.md
+- chore(deps): update golang.org/x/crypto commit hash to 30dcbda
+- chore(deps): update all dependencies
+- Use the CWE name as a name in the SARIF report
+- chore(deps): update all dependencies (#771)
+- Resolve the TLS min version when is declarted in the same package but in a different file
+- Add a test for tls min version defined in a different file
+- chore(deps): update all dependencies (#765)
+
+-------------------------------------------------------------------
+Fri Jan 21 07:49:30 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+* Update to version 2.9.6:
+
+- Add db.Exec and db.Prepare to the sql rule (#763)
+- chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
+- Add os.Create to the readfile rule (#761)
+- Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
+- chore(deps): update dependency highlight.js to v11.4.0 (#758)
+- Fix false negatives for SQL injection in multi-line queries
+- Find G303 with filepath.Join'd temp dirs (#754)
+- Find more tempdirs
+- build(fmt): use [ instead of [[ (#751)
+- Update to ginkgo v2 (#753)
+- Fix #743 (#748)
+- Handle nil when looking up a file by position into a package (#747)
+- Add in the config file settings for exclude and include options
+- chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
+- Track both #nosec and #nosec rulelist for one violation (#741)
+- Add the sponsors section in the README file (#740)
+- Remove space between // and #nosec in examples and internal use
+
+-------------------------------------------------------------------
+Fri Jan 14 09:33:28 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+- Add position-independent executable to compiler flags
+
+-------------------------------------------------------------------
+Fri Jan 14 09:15:56 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>
+
+- Add version 2.9.5
--- a/gosec.obsinfo
+++ b/gosec.obsinfo
@ -0,0 +1,4 @@
+name: gosec
+version: 2.21.3
+mtime: 1726661447
+commit: a83689867d8e15cac0f94c1b55979c45df8f69d6
--- a/gosec.spec
+++ b/gosec.spec
@ -0,0 +1,61 @@
+#
+# spec file for package gosec
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           gosec
+Version:        2.21.3
+Release:        0
+Summary:        CLI tool to scan the Go AST and SSA code representations for security problems
+License:        Apache-2.0
+Group:          Development/Languages/Go
+URL:            https://github.com/securego/gosec
+Source:         gosec-%{version}.tar.xz
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) >= 1.20
+
+%description
+CLI tool to inspect Go source code for security problems by scanning the
+abstract syntax tree (AST) and static single-assignment (SSA) code
+representations.
+
+%prep
+%autosetup -D -a 1
+
+%build
+# Native linux build includes version tags but currently works only on x86_64
+%ifarch x86_64
+GOFLAGS="-buildmode=pie" GIT_TAG="v%{version}" make build-linux
+%else
+GOFLAGS="-buildmode=pie" GIT_TAG="v%{version}" make build
+%endif
+
+%check
+# check if binary is working
+./gosec --version
+make sec
+# Not yet working because it wants to pull the latest ginkgo version from GitHub
+#make test
+
+%install
+install -Dm 755 gosec %{buildroot}/%{_bindir}/gosec
+
+%files
+%license LICENSE.txt
+%doc README.md
+%{_bindir}/gosec
+
+%changelog
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:672519a7143ddcdd618e3a4d25af9db33a787d44d3e4e7fabff7433ab521399b
+size 6787054