From 097ce903e0eee397cb4cbc5c99b9b288d119ebdf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 12:39:56 +0000 Subject: [PATCH 1/2] build(deps): bump github.com/securego/gosec/v2 Bumps [github.com/securego/gosec/v2](https://github.com/securego/gosec) from 2.22.11-0.20251204091113-daccba6b93d7 to 2.22.11. - [Release notes](https://github.com/securego/gosec/releases) - [Commits](https://github.com/securego/gosec/commits/v2.22.11) --- updated-dependencies: - dependency-name: github.com/securego/gosec/v2 dependency-version: 2.22.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index edd261bb8fe9..ad13246437f0 100644 --- a/go.mod +++ b/go.mod @@ -104,7 +104,7 @@ require ( github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 github.com/sashamelentyev/interfacebloat v1.1.0 github.com/sashamelentyev/usestdlibvars v1.29.0 - github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7 + github.com/securego/gosec/v2 v2.22.11 github.com/shirou/gopsutil/v4 v4.25.11 github.com/sirupsen/logrus v1.9.3 github.com/sivchari/containedctx v1.0.3 diff --git a/go.sum b/go.sum index a608517471bd..5552a04c36cb 100644 --- a/go.sum +++ b/go.sum @@ -528,8 +528,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= github.com/sashamelentyev/usestdlibvars v1.29.0 h1:8J0MoRrw4/NAXtjQqTHrbW9NN+3iMf7Knkq057v4XOQ= github.com/sashamelentyev/usestdlibvars v1.29.0/go.mod h1:8PpnjHMk5VdeWlVb4wCdrB8PNbLqZ3wBZTZWkrpZZL8= -github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7 h1:rZg6IGn0ySYZwCX8LHwZoYm03JhG/cVAJJ3O+u3Vclo= -github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7/go.mod h1:9sr22NZO5Kfh7unW/xZxkGYTmj2484/fCiE54gw7UTY= +github.com/securego/gosec/v2 v2.22.11 h1:tW+weM/hCM/GX3iaCV91d5I6hqaRT2TPsFM1+USPXwg= +github.com/securego/gosec/v2 v2.22.11/go.mod h1:KE4MW/eH0GLWztkbt4/7XpyH0zJBBnu7sYB4l6Wn7Mw= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil/v4 v4.25.11 h1:X53gB7muL9Gnwwo2evPSE+SfOrltMoR6V3xJAXZILTY= From 160693dc0d3736ae9eebbb320dd0a45f306ba528 Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Thu, 11 Dec 2025 13:46:18 +0100 Subject: [PATCH 2/2] chore: update implementation --- .golangci.next.reference.yml | 58 ++++++++++++------------ jsonschema/golangci.next.jsonschema.json | 1 + 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/.golangci.next.reference.yml b/.golangci.next.reference.yml index 2c8bcbf76949..7389fdab7caf 100644 --- a/.golangci.next.reference.yml +++ b/.golangci.next.reference.yml @@ -1493,36 +1493,37 @@ linters: # Available rules: https://github.com/securego/gosec#available-rules # Default: [] - means include all rules includes: - - G101 # Look for hard coded credentials + - G101 # Look for hardcoded credentials - G102 # Bind to all interfaces - G103 # Audit the use of unsafe block - G104 # Audit errors not checked - - G106 # Audit the use of ssh.InsecureIgnoreHostKey + - G106 # Audit the use of ssh.InsecureIgnoreHostKey function - G107 # Url provided to HTTP request as taint input - - G108 # Profiling endpoint automatically exposed on /debug/pprof - - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 - - G110 # Potential DoS vulnerability via decompression bomb - - G111 # Potential directory traversal - - G112 # Potential slowloris attack + - G108 # Profiling endpoint is automatically exposed + - G109 # Converting strconv.Atoi result to int32/int16 + - G110 # Detect io.Copy instead of io.CopyN when decompression + - G111 # Detect http.Dir('/') as a potential risk + - G112 # Detect ReadHeaderTimeout not configured as a potential risk - G114 # Use of net/http serve function that has no support for setting timeouts - - G115 # Potential integer overflow when converting between integer types + - G115 # Type conversion which leads to integer overflow + - G116 # Detect Trojan Source attacks using bidirectional Unicode characters - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates - G204 # Audit use of command execution - G301 # Poor file permissions used when creating a directory - - G302 # Poor file permissions used with chmod + - G302 # Poor file permissions used when creation file or using chmod - G303 # Creating tempfile using a predictable path - G304 # File path provided as taint input - - G305 # File traversal when extracting zip/tar archive - - G306 # Poor file permissions used when writing to a new file + - G305 # File path traversal when extracting zip archive + - G306 # Poor file permissions used when writing to a file - G307 # Poor file permissions used when creating a file with os.Create - G401 # Detect the usage of MD5 or SHA1 - G402 # Look for bad TLS connection settings - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) - G405 # Detect the usage of DES or RC4 - - G406 # Detect the usage of MD4 or RIPEMD160 + - G406 # Detect the usage of deprecated MD4 or RIPEMD160 - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 @@ -1530,43 +1531,44 @@ linters: - G505 # Import blocklist: crypto/sha1 - G506 # Import blocklist: golang.org/x/crypto/md4 - G507 # Import blocklist: golang.org/x/crypto/ripemd160 - - G601 # Implicit memory aliasing of items from a range statement - - G602 # Slice access out of bounds + - G601 # Implicit memory aliasing in RangeStmt + - G602 # Possible slice bounds out of range # To specify a set of rules to explicitly exclude. # Available rules: https://github.com/securego/gosec#available-rules # Default: [] excludes: - - G101 # Look for hard coded credentials + - G101 # Look for hardcoded credentials - G102 # Bind to all interfaces - G103 # Audit the use of unsafe block - G104 # Audit errors not checked - - G106 # Audit the use of ssh.InsecureIgnoreHostKey + - G106 # Audit the use of ssh.InsecureIgnoreHostKey function - G107 # Url provided to HTTP request as taint input - - G108 # Profiling endpoint automatically exposed on /debug/pprof - - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 - - G110 # Potential DoS vulnerability via decompression bomb - - G111 # Potential directory traversal - - G112 # Potential slowloris attack + - G108 # Profiling endpoint is automatically exposed + - G109 # Converting strconv.Atoi result to int32/int16 + - G110 # Detect io.Copy instead of io.CopyN when decompression + - G111 # Detect http.Dir('/') as a potential risk + - G112 # Detect ReadHeaderTimeout not configured as a potential risk - G114 # Use of net/http serve function that has no support for setting timeouts - - G115 # Potential integer overflow when converting between integer types + - G115 # Type conversion which leads to integer overflow + - G116 # Detect Trojan Source attacks using bidirectional Unicode characters - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates - G204 # Audit use of command execution - G301 # Poor file permissions used when creating a directory - - G302 # Poor file permissions used with chmod + - G302 # Poor file permissions used when creation file or using chmod - G303 # Creating tempfile using a predictable path - G304 # File path provided as taint input - - G305 # File traversal when extracting zip/tar archive - - G306 # Poor file permissions used when writing to a new file + - G305 # File path traversal when extracting zip archive + - G306 # Poor file permissions used when writing to a file - G307 # Poor file permissions used when creating a file with os.Create - G401 # Detect the usage of MD5 or SHA1 - G402 # Look for bad TLS connection settings - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) - G405 # Detect the usage of DES or RC4 - - G406 # Detect the usage of MD4 or RIPEMD160 + - G406 # Detect the usage of deprecated MD4 or RIPEMD160 - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 @@ -1574,8 +1576,8 @@ linters: - G505 # Import blocklist: crypto/sha1 - G506 # Import blocklist: golang.org/x/crypto/md4 - G507 # Import blocklist: golang.org/x/crypto/ripemd160 - - G601 # Implicit memory aliasing of items from a range statement - - G602 # Slice access out of bounds + - G601 # Implicit memory aliasing in RangeStmt + - G602 # Possible slice bounds out of range # Filter out the issues with a lower severity than the given value. # Valid options are: low, medium, high. diff --git a/jsonschema/golangci.next.jsonschema.json b/jsonschema/golangci.next.jsonschema.json index accf61f97455..0f5b2d0ff68a 100644 --- a/jsonschema/golangci.next.jsonschema.json +++ b/jsonschema/golangci.next.jsonschema.json @@ -505,6 +505,7 @@ "G112", "G114", "G115", + "G116", "G201", "G202", "G203",