mod: bump github.com/golangci/golangci-lint from 1.55.2 to 1.56.2

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.55.2 to 1.56.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.55.2...v1.56.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-03-04 17:40:11 +0000
committer: Taras Madan <tarasmadan@google.com> 2024-03-04 18:34:55 +0000
commit: 5fc5366972c874b919f93165bb4ed4e2bcb7c350 (patch)
tree: 287c3361a0dee0c72af80d9a1a66714a06e98a62 /vendor/github.com/securego/gosec
parent: 1be5ce38a9059c356eb193a8c34d60d61c9fc31f (diff)
5 files changed, 33 insertions, 17 deletions
diff --git a/vendor/github.com/securego/gosec/v2/.goreleaser.yml b/vendor/github.com/securego/gosec/v2/.goreleaser.yml
index e3c903e7a..bd85bab3a 100644
--- a/vendor/github.com/securego/gosec/v2/.goreleaser.yml
+++ b/vendor/github.com/securego/gosec/v2/.goreleaser.yml
@@ -19,6 +19,7 @@ builds:
       - amd64
       - arm64
       - s390x
+      - ppc64le
     ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
     env:
       - CGO_ENABLED=0
diff --git a/vendor/github.com/securego/gosec/v2/Makefile b/vendor/github.com/securego/gosec/v2/Makefile
index dcfb4b2ed..4f6cce765 100644
--- a/vendor/github.com/securego/gosec/v2/Makefile
+++ b/vendor/github.com/securego/gosec/v2/Makefile
@@ -17,7 +17,7 @@ GOSEC ?= $(GOBIN)/gosec
 GINKGO ?= $(GOBIN)/ginkgo
 GO_MINOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2)
 GOVULN_MIN_VERSION = 17
-GO_VERSION = 1.20
+GO_VERSION = 1.22
 
 default:
 	$(MAKE) build
@@ -76,7 +76,7 @@ release:
 	goreleaser release
 
 build-linux:
-	CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags=$(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
+	CGO_ENABLED=$(CGO_ENABLED) GOOS=linux go build -ldflags=$(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
 
 image:
 	@echo "Building the Docker image..."
diff --git a/vendor/github.com/securego/gosec/v2/README.md b/vendor/github.com/securego/gosec/v2/README.md
index d9a33f12a..f7b41df2e 100644
--- a/vendor/github.com/securego/gosec/v2/README.md
+++ b/vendor/github.com/securego/gosec/v2/README.md
@@ -1,5 +1,5 @@
 
-# gosec - Golang Security Checker
+# gosec - Go Security Checker
 
 Inspects source code for security problems by scanning the Go AST and SSA code representation.
 
@@ -105,7 +105,7 @@ jobs:
           # we let the report trigger content trigger a failure using the GitHub Security features.
           args: '-no-fail -fmt sarif -out results.sarif ./...'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif
@@ -113,18 +113,10 @@ jobs:
 
 ### Local Installation
 
-#### Go 1.16+
-
 ```bash
 go install github.com/securego/gosec/v2/cmd/gosec@latest
 ```
 
-#### Go version < 1.16
-
-```bash
-go get -u github.com/securego/gosec/v2/cmd/gosec
-```
-
 ## Usage
 
 Gosec can be configured to only run a subset of rules, to exclude certain file
@@ -393,7 +385,7 @@ schema-generate -i sarif-schema-2.1.0.json -o mypath/types.go
 ```
 
 Most of the MarshallJSON/UnmarshalJSON are removed except the one for PropertyBag which is handy to inline the additional properties. The rest can be removed.
-The URI,ID, UUID, GUID were renamed so it fits the Golang convention defined [here](https://github.com/golang/lint/blob/master/lint.go#L700)
+The URI,ID, UUID, GUID were renamed so it fits the Go convention defined [here](https://github.com/golang/lint/blob/master/lint.go#L700)
 
 ### Tests
 
diff --git a/vendor/github.com/securego/gosec/v2/action.yml b/vendor/github.com/securego/gosec/v2/action.yml
index aba47b60c..3097075ce 100644
--- a/vendor/github.com/securego/gosec/v2/action.yml
+++ b/vendor/github.com/securego/gosec/v2/action.yml
@@ -10,7 +10,7 @@ inputs:
 
 runs:
     using: 'docker'
-    image: 'docker://securego/gosec:2.18.1'
+    image: 'docker://securego/gosec:2.18.2'
     args:
       - ${{ inputs.args }}
 
diff --git a/vendor/github.com/securego/gosec/v2/analyzer.go b/vendor/github.com/securego/gosec/v2/analyzer.go
index 1fd1f5649..0b1225b9b 100644
--- a/vendor/github.com/securego/gosec/v2/analyzer.go
+++ b/vendor/github.com/securego/gosec/v2/analyzer.go
@@ -123,7 +123,7 @@ func (i ignores) get(file string, line string) map[string][]issue.SuppressionInf
 	start, end := i.parseLine(line)
 	if is, ok := i[file]; ok {
 		for _, i := range is {
-			if i.start <= start && i.end >= end {
+			if start <= i.start && end >= i.end {
 				return i.suppressions
 			}
 		}
@@ -414,6 +414,9 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 			SSA:    ssaResult.(*buildssa.SSA),
 		},
 	}
+
+	generatedFiles := gosec.generatedFiles(pkg)
+
 	for _, analyzer := range gosec.analyzerList {
 		pass := &analysis.Pass{
 			Analyzer:          analyzer,
@@ -441,6 +444,11 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 		if result != nil {
 			if passIssues, ok := result.([]*issue.Issue); ok {
 				for _, iss := range passIssues {
+					if gosec.excludeGenerated {
+						if _, ok := generatedFiles[iss.File]; ok {
+							continue
+						}
+					}
 					gosec.updateIssues(iss)
 				}
 			}
@@ -448,6 +456,21 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 	}
 }
 
+func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
+	generatedFiles := map[string]bool{}
+	for _, file := range pkg.Syntax {
+		if isGeneratedFile(file) {
+			fp := pkg.Fset.File(file.Pos())
+			if fp == nil {
+				// skip files which cannot be located
+				continue
+			}
+			generatedFiles[fp.Name()] = true
+		}
+	}
+	return generatedFiles
+}
+
 // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
 func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
 	defer func() {
@@ -557,8 +580,8 @@ func (gosec *Analyzer) ignore(n ast.Node) map[string]issue.SuppressionInfo {
 
 		for _, group := range groups {
 			comment := strings.TrimSpace(group.Text())
-			foundDefaultTag := strings.HasPrefix(comment, noSecDefaultTag) || regexp.MustCompile("\n *"+noSecDefaultTag).Match([]byte(comment))
-			foundAlternativeTag := strings.HasPrefix(comment, noSecAlternativeTag) || regexp.MustCompile("\n *"+noSecAlternativeTag).Match([]byte(comment))
+			foundDefaultTag := strings.HasPrefix(comment, noSecDefaultTag) || regexp.MustCompile("\n *"+noSecDefaultTag).MatchString(comment)
+			foundAlternativeTag := strings.HasPrefix(comment, noSecAlternativeTag) || regexp.MustCompile("\n *"+noSecAlternativeTag).MatchString(comment)
 
 			if foundDefaultTag || foundAlternativeTag {
 				gosec.stats.NumNosec++
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-04 17:40:11 +0000
committer	Taras Madan <tarasmadan@google.com>	2024-03-04 18:34:55 +0000
commit	5fc5366972c874b919f93165bb4ed4e2bcb7c350 (patch)
tree	287c3361a0dee0c72af80d9a1a66714a06e98a62 /vendor/github.com/securego/gosec
parent	1be5ce38a9059c356eb193a8c34d60d61c9fc31f (diff)