>>> gosec: Building testing/gosec 2.13.1-r2 (using abuild 3.10.0_rc1-r2) started Fri, 07 Oct 2022 22:29:59 +0000 >>> gosec: Checking sanity of /home/buildozer/aports/testing/gosec/APKBUILD... >>> gosec: Analyzing dependencies... >>> gosec: Installing for build: build-base go (1/2) Installing go (1.19.2-r0) (2/2) Installing .makedepends-gosec (20221007.223000) Executing busybox-1.35.0-r27.trigger OK: 800 MiB in 100 packages >>> gosec: Cleaning up srcdir >>> gosec: Cleaning up pkgdir >>> gosec: Fetching https://distfiles.alpinelinux.org/distfiles/edge/gosec-2.13.1.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 133k 100 133k 0 0 868k 0 --:--:-- --:--:-- --:--:-- 874k >>> gosec: Fetching https://distfiles.alpinelinux.org/distfiles/edge/gosec-2.13.1.tar.gz >>> gosec: Checking sha512sums... gosec-2.13.1.tar.gz: OK >>> gosec: Unpacking /var/cache/distfiles/edge/gosec-2.13.1.tar.gz... fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git make build make[1]: Entering directory '/home/buildozer/aports/testing/gosec/src/gosec-2.13.1' fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git go build -o gosec ./cmd/gosec/ make[1]: Leaving directory '/home/buildozer/aports/testing/gosec/src/gosec-2.13.1' fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git go install github.com/onsi/ginkgo/v2/ginkgo@latest go build -o gosec ./cmd/gosec/ FORMATTING LINTING: golint GO111MODULE=off go get -u golang.org/x/lint/golint SECURITY SCANNING ./gosec ./... [gosec] 2022/10/07 22:30:10 Including rules: default [gosec] 2022/10/07 22:30:10 Excluding rules: default [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/vflag [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/golint [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/html [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1 [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/junit [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/tools [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/tlsconfig [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/csv [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/testutils [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/yaml [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/json [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosec [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sonar [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/text [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosecutil [gosec] 2022/10/07 22:30:10 Import directory: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cwe go: downloading github.com/onsi/ginkgo/v2 v2.2.0 [gosec] 2022/10/07 22:30:11 Checking package: vflag [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/vflag/flag.go [gosec] 2022/10/07 22:30:11 Checking package: cwe [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cwe/data.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cwe/types.go [gosec] 2022/10/07 22:30:11 Checking package: json [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/json/writer.go [gosec] 2022/10/07 22:30:11 Checking package: yaml [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/yaml/writer.go [gosec] 2022/10/07 22:30:11 Checking package: golint [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/golint/writer.go [gosec] 2022/10/07 22:30:11 Checking package: html [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/html/writer.go [gosec] 2022/10/07 22:30:11 Checking package: csv [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/csv/writer.go [gosec] 2022/10/07 22:30:11 Checking package: junit [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/junit/builder.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/junit/formatter.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/junit/types.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/junit/writer.go [gosec] 2022/10/07 22:30:11 Checking package: report [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/formatter.go [gosec] 2022/10/07 22:30:11 Checking package: sonar [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sonar/builder.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sonar/formatter.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sonar/types.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sonar/writer.go [gosec] 2022/10/07 22:30:11 Checking package: sarif [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif/builder.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif/data.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif/formatter.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif/types.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/sarif/writer.go [gosec] 2022/10/07 22:30:11 Checking package: text [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report/text/writer.go [gosec] 2022/10/07 22:30:11 Checking package: testutils [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/testutils/log.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/testutils/pkg.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/testutils/source.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/testutils/visitor.go [gosec] 2022/10/07 22:30:11 Checking package: main [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosec/main.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosec/sort_issues.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosec/version.go [gosec] 2022/10/07 22:30:11 Checking package: gosec [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/analyzer.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/call_list.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/config.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/errors.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/helpers.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/import_tracker.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/issue.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/report.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/resolve.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rule.go [gosec] 2022/10/07 22:30:11 Checking package: rules [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/archive.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/bad_defer.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/bind.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/blocklist.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/decompression-bomb.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/directory-traversal.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/errors.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/fileperms.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/hardcoded_credentials.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/http_serve.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/implicit_aliasing.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/integer_overflow.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/math_big_rat.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/pprof.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/rand.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/readfile.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/rsa.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/rulelist.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/slowloris.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/sql.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/ssh.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/ssrf.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/subproc.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/tempfiles.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/templates.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/tls.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/tls_config.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/unsafe.go [gosec] 2022/10/07 22:30:11 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/rules/weakcrypto.go [gosec] 2022/10/07 22:30:12 Checking package: main [gosec] 2022/10/07 22:30:12 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/gosecutil/tools.go [gosec] 2022/10/07 22:30:13 Checking package: main [gosec] 2022/10/07 22:30:13 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/tlsconfig/header_template.go [gosec] 2022/10/07 22:30:13 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/tlsconfig/rule_template.go [gosec] 2022/10/07 22:30:13 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/tlsconfig/tls_version.go [gosec] 2022/10/07 22:30:13 Checking file: /home/buildozer/aports/testing/gosec/src/gosec-2.13.1/cmd/tlsconfig/tlsconfig.go Results: Summary: Gosec : dev Files : 74 Lines : 12017 Nosec : 20 Issues : 0 GO111MODULE=off go get -u golang.org/x/crypto/ssh /home/buildozer/go/bin/golint -set_exit_status ./... GO111MODULE=off go get -u github.com/lib/pq VETTING GO111MODULE=on go vet ./... /home/buildozer/go/bin/ginkgo -v --fail-fast Running Suite: gosec Suite - /home/buildozer/aports/testing/gosec/src/gosec-2.13.1 ================================================================================== Random Seed: 1665181848 Will run 109 of 110 specs ------------------------------ Configuration when loading from disk should be possible to load configuration from a file github.com/securego/gosec/v2/config_test.go:19 • ------------------------------ Configuration when loading from disk should return an error if configuration file is invalid github.com/securego/gosec/v2/config_test.go:27 • ------------------------------ Configuration when saving to disk should be possible to save an empty configuration to file github.com/securego/gosec/v2/config_test.go:40 • ------------------------------ Configuration when saving to disk should be possible to save configuration to file github.com/securego/gosec/v2/config_test.go:49 • ------------------------------ Configuration when configuring rules should be possible to get configuration for a rule github.com/securego/gosec/v2/config_test.go:63 • ------------------------------ Configuration when using global configuration options should have a default global section github.com/securego/gosec/v2/config_test.go:77 • ------------------------------ Configuration when using global configuration options should save global settings to correct section github.com/securego/gosec/v2/config_test.go:84 • ------------------------------ Configuration when using global configuration options should find global settings which are enabled github.com/securego/gosec/v2/config_test.go:99 • ------------------------------ Configuration when using global configuration options should parse the global settings of type string from file github.com/securego/gosec/v2/config_test.go:106 • ------------------------------ Configuration when using global configuration options should parse the global settings of other types from file github.com/securego/gosec/v2/config_test.go:121 • ------------------------------ Rule when using a ruleset should be possible to register a rule for multiple ast.Node github.com/securego/gosec/v2/rule_test.go:57 • ------------------------------ Rule when using a ruleset should not register a rule when no ast.Nodes are specified github.com/securego/gosec/v2/rule_test.go:69 • ------------------------------ Rule when using a ruleset should be possible to retrieve a list of rules for a given node type github.com/securego/gosec/v2/rule_test.go:74 • ------------------------------ Rule when using a ruleset should register a suppressed rule github.com/securego/gosec/v2/rule_test.go:85 • ------------------------------ Import Tracker when tracking a file should parse the imports from file github.com/securego/gosec/v2/import_tracker_test.go:12 • ------------------------------ Import Tracker when tracking a file should parse the named imports from file github.com/securego/gosec/v2/import_tracker_test.go:32 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve basic literal github.com/securego/gosec/v2/resolve_test.go:14 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve identifier github.com/securego/gosec/v2/resolve_test.go:34 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve variable identifier github.com/securego/gosec/v2/resolve_test.go:54 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve variable identifier with no declaration github.com/securego/gosec/v2/resolve_test.go:74 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve assign statement github.com/securego/gosec/v2/resolve_test.go:95 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve assign statement without rhs github.com/securego/gosec/v2/resolve_test.go:116 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve assign statement with unsolvable rhs github.com/securego/gosec/v2/resolve_test.go:138 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve a binary statement github.com/securego/gosec/v2/resolve_test.go:160 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve value spec github.com/securego/gosec/v2/resolve_test.go:179 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve value spec without values github.com/securego/gosec/v2/resolve_test.go:199 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve value spec with unsolvable value github.com/securego/gosec/v2/resolve_test.go:221 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully resolve composite literal github.com/securego/gosec/v2/resolve_test.go:243 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve composite literal without elst github.com/securego/gosec/v2/resolve_test.go:262 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve composite literal with unsolvable elst github.com/securego/gosec/v2/resolve_test.go:282 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve call expressions github.com/securego/gosec/v2/resolve_test.go:302 • ------------------------------ Resolve ast node to concrete value when attempting to resolve an ast node should successfully not resolve call expressions github.com/securego/gosec/v2/resolve_test.go:321 • ------------------------------ Call List should not return any matches when empty github.com/securego/gosec/v2/call_list_test.go:18 • ------------------------------ Call List should be possible to add a single call github.com/securego/gosec/v2/call_list_test.go:22 • ------------------------------ Call List should be possible to add multiple calls at once github.com/securego/gosec/v2/call_list_test.go:33 • ------------------------------ Call List should be possible to add pointer call github.com/securego/gosec/v2/call_list_test.go:47 • ------------------------------ Call List should be possible to check pointer call github.com/securego/gosec/v2/call_list_test.go:54 • ------------------------------ Call List should not return a match if none are present github.com/securego/gosec/v2/call_list_test.go:61 • ------------------------------ Call List should match a call based on selector and ident github.com/securego/gosec/v2/call_list_test.go:66 • ------------------------------ Call List should match a package call expression github.com/securego/gosec/v2/call_list_test.go:71 • ------------------------------ Call List should match a call expression github.com/securego/gosec/v2/call_list_test.go:96 • ------------------------------ Analyzer when processing a package should not report an error if the package contains no Go files github.com/securego/gosec/v2/analyzer_test.go:30 • ------------------------------ Analyzer when processing a package should report an error if the package fails to build github.com/securego/gosec/v2/analyzer_test.go:41 • ------------------------------ Analyzer when processing a package should be able to analyze multiple Go files github.com/securego/gosec/v2/analyzer_test.go:57 • ------------------------------ Analyzer when processing a package should be able to analyze multiple Go files concurrently github.com/securego/gosec/v2/analyzer_test.go:79 • ------------------------------ Analyzer when processing a package should be able to analyze multiple Go packages github.com/securego/gosec/v2/analyzer_test.go:102 • ------------------------------ Analyzer when processing a package should find errors when nosec is not in use github.com/securego/gosec/v2/analyzer_test.go:126 • ------------------------------ Analyzer when processing a package should report Go build errors and invalid files github.com/securego/gosec/v2/analyzer_test.go:142 • ------------------------------ Analyzer when processing a package should not report errors when a nosec line comment is present github.com/securego/gosec/v2/analyzer_test.go:164 • ------------------------------ Analyzer when processing a package should not report errors when a nosec block comment is present github.com/securego/gosec/v2/analyzer_test.go:181 • ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for the correct rule github.com/securego/gosec/v2/analyzer_test.go:198 • ------------------------------ Analyzer when processing a package should report errors when an exclude comment is present for a different rule github.com/securego/gosec/v2/analyzer_test.go:216 • ------------------------------ Analyzer when processing a package should not report errors when an exclude comment is present for multiple rules, including the correct rule github.com/securego/gosec/v2/analyzer_test.go:233 • ------------------------------ Analyzer when processing a package should pass the build tags github.com/securego/gosec/v2/analyzer_test.go:252 • ------------------------------ Analyzer when processing a package should process an empty package with test file github.com/securego/gosec/v2/analyzer_test.go:264 • ------------------------------ Analyzer when processing a package should be possible to overwrite nosec comments, and report issues github.com/securego/gosec/v2/analyzer_test.go:279 • ------------------------------ P [PENDING] Analyzer when processing a package should be possible to overwrite nosec comments, and report issues but the should not be counted github.com/securego/gosec/v2/analyzer_test.go:302 ------------------------------ Analyzer when processing a package should not report errors when nosec tag is in front of a line github.com/securego/gosec/v2/analyzer_test.go:328 • ------------------------------ Analyzer when processing a package should report errors when nosec tag is not in front of a line github.com/securego/gosec/v2/analyzer_test.go:345 • ------------------------------ Analyzer when processing a package should not report errors when rules are in front of nosec tag even rules are wrong github.com/securego/gosec/v2/analyzer_test.go:362 • ------------------------------ Analyzer when processing a package should report errors when there are nosec tags after a #nosec WrongRuleList annotation github.com/securego/gosec/v2/analyzer_test.go:379 • ------------------------------ Analyzer when processing a package should be possible to use an alternative nosec tag github.com/securego/gosec/v2/analyzer_test.go:396 • ------------------------------ Analyzer when processing a package should ignore vulnerabilities when the default tag is found github.com/securego/gosec/v2/analyzer_test.go:419 • ------------------------------ Analyzer when processing a package should be able to analyze Go test package github.com/securego/gosec/v2/analyzer_test.go:442 • ------------------------------ Analyzer when processing a package should be able to scan generated files if NOT excluded github.com/securego/gosec/v2/analyzer_test.go:467 • ------------------------------ Analyzer when processing a package should be able to skip generated files if excluded github.com/securego/gosec/v2/analyzer_test.go:488 • ------------------------------ Analyzer should be able to analyze Cgo files github.com/securego/gosec/v2/analyzer_test.go:510 • ------------------------------ Analyzer when parsing errors from a package should return no error when the error list is empty github.com/securego/gosec/v2/analyzer_test.go:527 • ------------------------------ Analyzer when parsing errors from a package should properly parse the errors github.com/securego/gosec/v2/analyzer_test.go:533 • ------------------------------ Analyzer when parsing errors from a package should properly parse the errors without line and column github.com/securego/gosec/v2/analyzer_test.go:554 • ------------------------------ Analyzer when parsing errors from a package should properly parse the errors without column github.com/securego/gosec/v2/analyzer_test.go:575 • ------------------------------ Analyzer when parsing errors from a package should return error when line cannot be parsed github.com/securego/gosec/v2/analyzer_test.go:596 • ------------------------------ Analyzer when parsing errors from a package should return error when column cannot be parsed github.com/securego/gosec/v2/analyzer_test.go:609 • ------------------------------ Analyzer when parsing errors from a package should append error to the same file github.com/securego/gosec/v2/analyzer_test.go:622 • ------------------------------ Analyzer when parsing errors from a package should set the config github.com/securego/gosec/v2/analyzer_test.go:650 • ------------------------------ Analyzer when parsing errors from a package should reset the analyzer github.com/securego/gosec/v2/analyzer_test.go:658 • ------------------------------ Analyzer when appending errors should skip error for non-buildable packages github.com/securego/gosec/v2/analyzer_test.go:668 • ------------------------------ Analyzer when appending errors should add a new error github.com/securego/gosec/v2/analyzer_test.go:674 • ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed github.com/securego/gosec/v2/analyzer_test.go:699 • ------------------------------ Analyzer when tracking suppressions should not report an error if the violation is suppressed without certain rules github.com/securego/gosec/v2/analyzer_test.go:719 • ------------------------------ Analyzer when tracking suppressions should track multiple suppressions if the violation is suppressed by both #nosec and #nosec RuleList github.com/securego/gosec/v2/analyzer_test.go:739 • ------------------------------ Analyzer when tracking suppressions should not report an error if the rule is not included github.com/securego/gosec/v2/analyzer_test.go:758 • ------------------------------ Analyzer when tracking suppressions should not report an error if the rule is excluded github.com/securego/gosec/v2/analyzer_test.go:777 • ------------------------------ Analyzer when tracking suppressions should track multiple suppressions if the violation is multiply suppressed github.com/securego/gosec/v2/analyzer_test.go:796 • ------------------------------ Cli vflag test value must be empty as parameter value contains invalid character github.com/securego/gosec/v2/flag_test.go:14 invalid value "-incorrect" for flag -test1: flag value cannot start with - Controlling Test Order --ginkgo.seed [int] (default: randomly generated by Ginkgo) The seed used to randomize the spec suite. --ginkgo.randomize-all  If set, ginkgo will randomize all specs together. By default, ginkgo only randomizes the top level Describe, Context and When containers. Controlling Test Parallelism These are set by the Ginkgo CLI, do not set them manually via go test. Use ginkgo -p or ginkgo -procs=N instead. --ginkgo.parallel.process [int] (default: 1) This worker process's (one-indexed) process number. For running specs in parallel. --ginkgo.parallel.total [int] (default: 1) The total number of worker processes. For running specs in parallel. --ginkgo.parallel.host [string] (default: set by Ginkgo CLI) The address for the server that will synchronize the processes. Filtering Tests --ginkgo.label-filter [expression]  If set, ginkgo will only run specs with labels that match the label-filter. The passed-in expression can include boolean operations (!, &&, ||, ','), groupings via '()', and regular expressions '/regexp/'. e.g. '(cat || dog) && !fruit' --ginkgo.focus [string]  If set, ginkgo will only run specs that match this regular expression. Can be specified multiple times, values are ORed. --ginkgo.skip [string]  If set, ginkgo will only run specs that do not match this regular expression. Can be specified multiple times, values are ORed. --ginkgo.focus-file [file (regexp) | file:line | file:lineA-lineB | file:line,line,line]  If set, ginkgo will only run specs in matching files. Can be specified multiple times, values are ORed. --ginkgo.skip-file [file (regexp) | file:line | file:lineA-lineB | file:line,line,line]  If set, ginkgo will skip specs in matching files. Can be specified multiple times, values are ORed. Failure Handling --ginkgo.fail-on-pending  If set, ginkgo will mark the test suite as failed if any specs are pending. --ginkgo.fail-fast  If set, ginkgo will stop running a test suite after a failure occurs. --ginkgo.flake-attempts [int] (default: 0 - failed tests are not retried) Make up to this many attempts to run each spec. If any of the attempts succeed, the suite will not be failed. Controlling Output Formatting --ginkgo.no-color  If set, suppress color output in default reporter. --ginkgo.slow-spec-threshold [duration] (default: 5s) Specs that take longer to run than this threshold are flagged as slow by the default reporter. --ginkgo.v  If set, emits more output including GinkgoWriter contents. --ginkgo.vv  If set, emits with maximal verbosity - includes skipped and pending tests. --ginkgo.succinct  If set, default reporter prints out a very succinct report --ginkgo.trace  If set, default reporter prints out the full stack trace when a failure occurs --ginkgo.always-emit-ginkgo-writer  If set, default reporter prints out captured output of passed tests. --ginkgo.json-report [filename.json]  If set, Ginkgo will generate a JSON-formatted test report at the specified location. --ginkgo.junit-report [filename.xml]  If set, Ginkgo will generate a conformant junit test report in the specified file. --ginkgo.teamcity-report [filename]  If set, Ginkgo will generate a Teamcity-formatted test report at the specified location. Debugging Tests In addition to these flags, Ginkgo supports a few debugging environment variables. To change the parallel server protocol set GINKGO_PARALLEL_PROTOCOL to HTTP. To avoid pruning callstacks set GINKGO_PRUNE_STACK to FALSE. --ginkgo.dry-run  If set, ginkgo will walk the test hierarchy without actually running anything. Best paired with -v. --ginkgo.progress  If set, ginkgo will emit progress information as each spec runs to the GinkgoWriter. --ginkgo.timeout [duration] (default: 1h) Test suite fails if it does not complete within the specified timeout. --ginkgo.output-interceptor-mode [dup, swap, or none]  If set, ginkgo will use the specified output interception strategy when running in parallel. Defaults to dup on unix and swap on windows. Go test flags -test.bench regexp run only benchmarks matching regexp -test.benchmem print memory allocations for benchmarks -test.benchtime d run each benchmark for duration d -test.blockprofile file write a goroutine blocking profile to file -test.blockprofilerate rate set blocking profile rate (see runtime.SetBlockProfileRate) -test.count n run tests and benchmarks n times -test.coverprofile file write a coverage profile to file -test.cpu list comma-separated list of cpu counts to run each test with -test.cpuprofile file write a cpu profile to file -test.failfast do not start new tests after the first test failure -test.fuzz regexp run the fuzz test matching regexp -test.fuzzcachedir string directory where interesting fuzzing inputs are stored (for use only by cmd/go) -test.fuzzminimizetime value time to spend minimizing a value after finding a failing input -test.fuzztime value time to spend fuzzing; default is to run indefinitely -test.fuzzworker coordinate with the parent process to fuzz random values (for use only by cmd/go) -test.list regexp list tests, examples, and benchmarks matching regexp then exit -test.memprofile file write an allocation profile to file -test.memprofilerate rate set memory allocation profiling rate (see runtime.MemProfileRate) -test.mutexprofile string write a mutex contention profile to the named file after execution -test.mutexprofilefraction int if >= 0, calls runtime.SetMutexProfileFraction() -test.outputdir dir write profiles to dir -test.paniconexit0 panic on call to os.Exit(0) -test.parallel n run at most n tests in parallel -test.run regexp run only tests and examples matching regexp -test.short run smaller test suite to save time -test.shuffle string randomize the execution order of tests and benchmarks -test.testlogfile file write test action log to file (for use only by cmd/go) -test.timeout d panic test binary after duration d (default 0, timeout disabled) -test.trace file write an execution trace to file -test.v verbose: print additional output -test1 value • ------------------------------ Cli vflag test value must be empty as parameter value contains invalid character without equal sign github.com/securego/gosec/v2/flag_test.go:23 invalid value " -incorrect" for flag -test2: flag value cannot start with - Controlling Test Order --ginkgo.seed [int] (default: randomly generated by Ginkgo) The seed used to randomize the spec suite. --ginkgo.randomize-all  If set, ginkgo will randomize all specs together. By default, ginkgo only randomizes the top level Describe, Context and When containers. Controlling Test Parallelism These are set by the Ginkgo CLI, do not set them manually via go test. Use ginkgo -p or ginkgo -procs=N instead. --ginkgo.parallel.process [int] (default: 1) This worker process's (one-indexed) process number. For running specs in parallel. --ginkgo.parallel.total [int] (default: 1) The total number of worker processes. For running specs in parallel. --ginkgo.parallel.host [string] (default: set by Ginkgo CLI) The address for the server that will synchronize the processes. Filtering Tests --ginkgo.label-filter [expression]  If set, ginkgo will only run specs with labels that match the label-filter. The passed-in expression can include boolean operations (!, &&, ||, ','), groupings via '()', and regular expressions '/regexp/'. e.g. '(cat || dog) && !fruit' --ginkgo.focus [string]  If set, ginkgo will only run specs that match this regular expression. Can be specified multiple times, values are ORed. --ginkgo.skip [string]  If set, ginkgo will only run specs that do not match this regular expression. Can be specified multiple times, values are ORed. --ginkgo.focus-file [file (regexp) | file:line | file:lineA-lineB | file:line,line,line]  If set, ginkgo will only run specs in matching files. Can be specified multiple times, values are ORed. --ginkgo.skip-file [file (regexp) | file:line | file:lineA-lineB | file:line,line,line]  If set, ginkgo will skip specs in matching files. Can be specified multiple times, values are ORed. Failure Handling --ginkgo.fail-on-pending  If set, ginkgo will mark the test suite as failed if any specs are pending. --ginkgo.fail-fast  If set, ginkgo will stop running a test suite after a failure occurs. --ginkgo.flake-attempts [int] (default: 0 - failed tests are not retried) Make up to this many attempts to run each spec. If any of the attempts succeed, the suite will not be failed. Controlling Output Formatting --ginkgo.no-color  If set, suppress color output in default reporter. --ginkgo.slow-spec-threshold [duration] (default: 5s) Specs that take longer to run than this threshold are flagged as slow by the default reporter. --ginkgo.v  If set, emits more output including GinkgoWriter contents. --ginkgo.vv  If set, emits with maximal verbosity - includes skipped and pending tests. --ginkgo.succinct  If set, default reporter prints out a very succinct report --ginkgo.trace  If set, default reporter prints out the full stack trace when a failure occurs --ginkgo.always-emit-ginkgo-writer  If set, default reporter prints out captured output of passed tests. --ginkgo.json-report [filename.json]  If set, Ginkgo will generate a JSON-formatted test report at the specified location. --ginkgo.junit-report [filename.xml]  If set, Ginkgo will generate a conformant junit test report in the specified file. --ginkgo.teamcity-report [filename]  If set, Ginkgo will generate a Teamcity-formatted test report at the specified location. Debugging Tests In addition to these flags, Ginkgo supports a few debugging environment variables. To change the parallel server protocol set GINKGO_PARALLEL_PROTOCOL to HTTP. To avoid pruning callstacks set GINKGO_PRUNE_STACK to FALSE. --ginkgo.dry-run  If set, ginkgo will walk the test hierarchy without actually running anything. Best paired with -v. --ginkgo.progress  If set, ginkgo will emit progress information as each spec runs to the GinkgoWriter. --ginkgo.timeout [duration] (default: 1h) Test suite fails if it does not complete within the specified timeout. --ginkgo.output-interceptor-mode [dup, swap, or none]  If set, ginkgo will use the specified output interception strategy when running in parallel. Defaults to dup on unix and swap on windows. Go test flags -test.bench regexp run only benchmarks matching regexp -test.benchmem print memory allocations for benchmarks -test.benchtime d run each benchmark for duration d -test.blockprofile file write a goroutine blocking profile to file -test.blockprofilerate rate set blocking profile rate (see runtime.SetBlockProfileRate) -test.count n run tests and benchmarks n times -test.coverprofile file write a coverage profile to file -test.cpu list comma-separated list of cpu counts to run each test with -test.cpuprofile file write a cpu profile to file -test.failfast do not start new tests after the first test failure -test.fuzz regexp run the fuzz test matching regexp -test.fuzzcachedir string directory where interesting fuzzing inputs are stored (for use only by cmd/go) -test.fuzzminimizetime value time to spend minimizing a value after finding a failing input -test.fuzztime value time to spend fuzzing; default is to run indefinitely -test.fuzzworker coordinate with the parent process to fuzz random values (for use only by cmd/go) -test.list regexp list tests, examples, and benchmarks matching regexp then exit -test.memprofile file write an allocation profile to file -test.memprofilerate rate set memory allocation profiling rate (see runtime.MemProfileRate) -test.mutexprofile string write a mutex contention profile to the named file after execution -test.mutexprofilefraction int if >= 0, calls runtime.SetMutexProfileFraction() -test.outputdir dir write profiles to dir -test.paniconexit0 panic on call to os.Exit(0) -test.parallel n run at most n tests in parallel -test.run regexp run only tests and examples matching regexp -test.short run smaller test suite to save time -test.shuffle string randomize the execution order of tests and benchmarks -test.testlogfile file write test action log to file (for use only by cmd/go) -test.timeout d panic test binary after duration d (default 0, timeout disabled) -test.trace file write an execution trace to file -test.v verbose: print additional output -test1 value -test2 value • ------------------------------ Cli vflag test value must not be empty as parameter value contains valid character github.com/securego/gosec/v2/flag_test.go:32 • ------------------------------ Issue when creating a new issue should create a code snippet from the specified ast.Node github.com/securego/gosec/v2/issue_test.go:15 • ------------------------------ Issue when creating a new issue should return an error if specific context is not able to be obtained github.com/securego/gosec/v2/issue_test.go:47 ------------------------------ S [SKIPPED] [0.000 seconds] Issue github.com/securego/gosec/v2/issue_test.go:13 when creating a new issue github.com/securego/gosec/v2/issue_test.go:14 [It] should return an error if specific context is not able to be obtained github.com/securego/gosec/v2/issue_test.go:47 Not implemented In [It] at: github.com/securego/gosec/v2/issue_test.go:48 ------------------------------ Issue when creating a new issue should construct file path based on line and file information github.com/securego/gosec/v2/issue_test.go:51 • ------------------------------ Issue when creating a new issue should provide accurate line and file information github.com/securego/gosec/v2/issue_test.go:88 ------------------------------ S [SKIPPED] [0.000 seconds] Issue github.com/securego/gosec/v2/issue_test.go:13 when creating a new issue github.com/securego/gosec/v2/issue_test.go:14 [It] should provide accurate line and file information github.com/securego/gosec/v2/issue_test.go:88 Not implemented In [It] at: github.com/securego/gosec/v2/issue_test.go:89 ------------------------------ Issue when creating a new issue should provide accurate line and file information for multi-line statements github.com/securego/gosec/v2/issue_test.go:92 • ------------------------------ Issue when creating a new issue should maintain the provided severity score github.com/securego/gosec/v2/issue_test.go:129 ------------------------------ S [SKIPPED] [0.000 seconds] Issue github.com/securego/gosec/v2/issue_test.go:13 when creating a new issue github.com/securego/gosec/v2/issue_test.go:14 [It] should maintain the provided severity score github.com/securego/gosec/v2/issue_test.go:129 Not implemented In [It] at: github.com/securego/gosec/v2/issue_test.go:130 ------------------------------ Issue when creating a new issue should maintain the provided confidence score github.com/securego/gosec/v2/issue_test.go:133 ------------------------------ S [SKIPPED] [0.000 seconds] Issue github.com/securego/gosec/v2/issue_test.go:13 when creating a new issue github.com/securego/gosec/v2/issue_test.go:14 [It] should maintain the provided confidence score github.com/securego/gosec/v2/issue_test.go:133 Not implemented In [It] at: github.com/securego/gosec/v2/issue_test.go:134 ------------------------------ Helpers when listing package paths should return the root directory as package path github.com/securego/gosec/v2/helpers_test.go:29 • ------------------------------ Helpers when listing package paths should return the package package path github.com/securego/gosec/v2/helpers_test.go:34 • ------------------------------ Helpers when listing package paths should exclude folder github.com/securego/gosec/v2/helpers_test.go:39 • ------------------------------ Helpers when listing package paths should exclude folder with subpath github.com/securego/gosec/v2/helpers_test.go:51 • ------------------------------ Helpers when listing package paths should be empty when folder does not exist github.com/securego/gosec/v2/helpers_test.go:63 • ------------------------------ Helpers when getting the root path should return the absolute path from relative path github.com/securego/gosec/v2/helpers_test.go:72 • ------------------------------ Helpers when getting the root path should return the absolute path from ellipsis path github.com/securego/gosec/v2/helpers_test.go:80 • ------------------------------ Helpers when excluding the dirs should create a proper regexp github.com/securego/gosec/v2/helpers_test.go:91 • ------------------------------ Helpers when excluding the dirs should create a proper regexp for dir with subdir github.com/securego/gosec/v2/helpers_test.go:100 • ------------------------------ Helpers when excluding the dirs should create no regexp when dir list is empty github.com/securego/gosec/v2/helpers_test.go:111 • ------------------------------ Helpers when getting call info should return the type and call name for selector expression github.com/securego/gosec/v2/helpers_test.go:120 • ------------------------------ Helpers when getting call info should return the type and call name for new selector expression github.com/securego/gosec/v2/helpers_test.go:154 • ------------------------------ Helpers when getting call info should return the type and call name for function selector expression github.com/securego/gosec/v2/helpers_test.go:187 • ------------------------------ Helpers when getting call info should return the type and call name for package function github.com/securego/gosec/v2/helpers_test.go:224 • ------------------------------ Helpers when getting binary expression operands should return all operands of a binary expression github.com/securego/gosec/v2/helpers_test.go:255 • ------------------------------ Helpers when getting binary expression operands should return all operands of complex binary expression github.com/securego/gosec/v2/helpers_test.go:285 • Ran 105 of 110 Specs in 13.763 seconds SUCCESS! -- 105 Passed | 0 Failed | 1 Pending | 4 Skipped PASS Ginkgo ran 1 suite in 16.100623028s Test Suite Passed >>> gosec: Entering fakeroot... >>> gosec*: Running postcheck for gosec >>> gosec*: Preparing package gosec... >>> gosec*: Stripping binaries >>> gosec*: Scanning shared objects >>> gosec*: Tracing dependencies... so:libc.musl-x86_64.so.1 >>> gosec*: Package size: 7.4 MB >>> gosec*: Compressing data... >>> gosec*: Create checksum... >>> gosec*: Create gosec-2.13.1-r2.apk >>> gosec: Build complete at Fri, 07 Oct 2022 22:31:04 +0000 elapsed time 0h 1m 5s >>> gosec: Cleaning up srcdir >>> gosec: Cleaning up pkgdir >>> gosec: Uninstalling dependencies... (1/2) Purging .makedepends-gosec (20221007.223000) (2/2) Purging go (1.19.2-r0) Executing busybox-1.35.0-r27.trigger OK: 393 MiB in 98 packages >>> gosec: Updating the testing/x86_64 repository index... >>> gosec: Signing the index...