Update go to 1.25.5 and 1.24.11 in CI (#1433)

* Update go version to 1.25.5 and 1.24.11 in CI Signed-off-by: Cosmin Cojocar <ccojocar@google.com> * Update the buildSSA to use the new tools package Signed-off-by: Cosmin Cojocar <ccojocar@google.com> * Remove the type allignment check Signed-off-by: Cosmin Cojocar <ccojocar@google.com> --------- Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2026-01-15 01:33:41 +08:00 · 2025-12-03 12:57:07 +00:00
parent fde7515239
commit d4be2876cf
3 changed files with 54 additions and 24 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,9 +11,9 @@ jobs:
    strategy:
      matrix:
        version:
-          - go-version: "1.24.10"
+          - go-version: "1.24.11"
            golangci: "latest"
-          - go-version: "1.25.4"
+          - go-version: "1.25.5"
            golangci: "latest"
    runs-on: ubuntu-latest
    env:
@@ -52,7 +52,7 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.25.4"
+          go-version: "1.25.5"
      - name: Checkout Source
        uses: actions/checkout@v6
      - uses: actions/cache@v4
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.25.4"
+          go-version: "1.25.5"
      - name: Install Cosign
        uses: sigstore/cosign-installer@v3
        with:
--- a/analyzer.go
+++ b/analyzer.go
@@ -35,6 +35,8 @@ import (

 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/buildssa"
+	"golang.org/x/tools/go/analysis/passes/ctrlflow"
+	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/packages"

 	"github.com/securego/gosec/v2/analyzers"
@@ -430,7 +432,7 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 		buildssa.Analyzer: &analyzers.SSAAnalyzerResult{
 			Config: gosec.Config(),
 			Logger: gosec.logger,
-			SSA:    ssaResult.(*buildssa.SSA),
+			SSA:    ssaResult,
 		},
 	}

@@ -491,7 +493,7 @@ func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
 }

 // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
-func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
+func (gosec *Analyzer) buildSSA(pkg *packages.Package) (*buildssa.SSA, error) {
 	defer func() {
 		if r := recover(); r != nil {
 			gosec.logger.Printf(
@@ -500,26 +502,54 @@ func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
 			)
 		}
 	}()
-	ssaPass := &analysis.Pass{
-		Analyzer:          buildssa.Analyzer,
-		Fset:              pkg.Fset,
-		Files:             pkg.Syntax,
-		OtherFiles:        pkg.OtherFiles,
-		IgnoredFiles:      pkg.IgnoredFiles,
-		Pkg:               pkg.Types,
-		TypesInfo:         pkg.TypesInfo,
-		TypesSizes:        pkg.TypesSizes,
-		ResultOf:          nil,
-		Report:            nil,
-		ImportObjectFact:  nil,
-		ExportObjectFact:  nil,
-		ImportPackageFact: nil,
-		ExportPackageFact: nil,
-		AllObjectFacts:    nil,
-		AllPackageFacts:   nil,
+	if pkg == nil {
+		return nil, errors.New("nil package provided")
+	}
+	if pkg.Types == nil {
+		return nil, fmt.Errorf("package %s has no type information (compilation failed?)", pkg.Name)
+	}
+	if pkg.TypesInfo == nil {
+		return nil, fmt.Errorf("package %s has no type information", pkg.Name)
+	}
+	pass := &analysis.Pass{
+		Fset:             pkg.Fset,
+		Files:            pkg.Syntax,
+		OtherFiles:       pkg.OtherFiles,
+		IgnoredFiles:     pkg.IgnoredFiles,
+		Pkg:              pkg.Types,
+		TypesInfo:        pkg.TypesInfo,
+		TypesSizes:       pkg.TypesSizes,
+		ResultOf:         make(map[*analysis.Analyzer]interface{}),
+		Report:           func(d analysis.Diagnostic) {},
+		ImportObjectFact: func(obj types.Object, fact analysis.Fact) bool { return false },
+		ExportObjectFact: func(obj types.Object, fact analysis.Fact) {},
 	}

-	return ssaPass.Analyzer.Run(ssaPass)
+	pass.Analyzer = inspect.Analyzer
+	i, err := inspect.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running inspect analysis: %w", err)
+	}
+	pass.ResultOf[inspect.Analyzer] = i
+
+	pass.Analyzer = ctrlflow.Analyzer
+	cf, err := ctrlflow.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running control flow analysis: %w", err)
+	}
+	pass.ResultOf[ctrlflow.Analyzer] = cf
+
+	pass.Analyzer = buildssa.Analyzer
+	result, err := buildssa.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running SSA analysis: %w", err)
+	}
+
+	ssaResult, ok := result.(*buildssa.SSA)
+	if !ok {
+		return nil, fmt.Errorf("unexpected SSA analysis result type: %T", result)
+	}
+	return ssaResult, nil
 }

 // ParseErrors parses the errors from given package