chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.52.0

.circleci/config.yml

@@ -7,9 +7,9 @@ orbs:
 references:
   install_trivy_and_download_dbs: &install_trivy_and_download_dbs
     persist_to_workspace: true
-    # https://aquasecurity.github.io/trivy/v0.49/getting-started/installation/#install-script
+    # https://aquasecurity.github.io/trivy/v0.52/getting-started/installation/#install-script
     cmd: |
-      curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.49.1
+      curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.52.0
       mkdir cache
       ./trivy --cache-dir ./cache image --download-db-only
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine as builder
+FROM golang:1.22-alpine as builder
 
 WORKDIR /src
 

docs/multiple-tests/all-patterns/results.xml

@@ -1,10 +1,14 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <checkstyle version="1.5">
     <file name="aws-config.txt">
-        <error source="secret" line="1" message="Possible hardcoded secret: AWS Secret Access Key" severity="error" />
-        <error source="secret" line="2" message="Possible hardcoded secret: AWS Access Key ID" severity="error" />
+        <error source="secret" line="1" message="Possible hardcoded secret: AWS Secret Access Key"
+            severity="error" />
+        <error source="secret" line="2" message="Possible hardcoded secret: AWS Access Key ID"
+            severity="error" />
     </file>
-    <file name="dart/pubspec.lock">
-        <error source="vulnerability" line="20" message="Insecure dependency dio@4.0.0 (CVE-2021-31402: dio vulnerable to CRLF injection with HTTP method string) (update to 5.0.0)" severity="error" />
+    <file name="gradle/gradle.lockfile">
+        <error source="vulnerability" line="1"
+            message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.3.2, 2.12.4, 2.17.1)"
+            severity="error" />
     </file>
-</checkstyle>
+</checkstyle>

docs/multiple-tests/all-patterns/src/gradle/gradle.lockfile

@@ -0,0 +1 @@
+org.apache.logging.log4j:log4j-core:2.17.0

docs/multiple-tests/pattern-secret/results.xml

@@ -1,7 +1,14 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <checkstyle version="1.5">
+    <file name="dart/hello-world.dart">
+        <error source="secret" line="2" message="Possible hardcoded secret: AWS Access Key ID"
+            severity="error" />
+    </file>
+
     <file name="aws-config.txt">
-        <error source="secret" line="1" message="Possible hardcoded secret: AWS Secret Access Key" severity="error" />
-        <error source="secret" line="2" message="Possible hardcoded secret: AWS Access Key ID" severity="error" />
+        <error source="secret" line="1" message="Possible hardcoded secret: AWS Secret Access Key"
+            severity="error" />
+        <error source="secret" line="2" message="Possible hardcoded secret: AWS Access Key ID"
+            severity="error" />
     </file>
-</checkstyle>
+</checkstyle>

docs/multiple-tests/pattern-secret/src/dart/hello-world.dart

@@ -0,0 +1,4 @@
+void main() {
+    var AWS_ACCESS_KEY_ID="AKIA0123456789ABCDEF"
+    print('Hello, World!')
+}

docs/multiple-tests/pattern-vulnerability/results.xml

@@ -1,26 +1,123 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <checkstyle version="1.5">
+    <!--
     <file name="dart/pubspec.lock">
-        <error source="vulnerability" line="20" message="Insecure dependency dio@4.0.0 (CVE-2021-31402: dio vulnerable to CRLF injection with HTTP method string) (update to 5.0.0)" severity="error" />
+        <error source="vulnerability" line="20"
+            message="Insecure dependency dio@4.0.0 (CVE-2021-31402: dio vulnerable to CRLF injection with HTTP
+    method string) (update to 5.0.0)"
+            severity="error" />
     </file>
+
+    <file
+    name="golang/go.mod">
+        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0
+    (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes
+    DoS) (update to 0.23.0)" severity="error" />
+        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0
+    (CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work
+    (CVE-2023-44487)) (update to 0.17.0)" severity="error" />
+        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0
+    (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack
+    (Rapid Reset Attack)) (update to 0.17.0)" severity="error" />
+    </file>
+-->
+
+    <file name="dart/pubspec.lock">
+        <!-- TODO: If this tests fail, dart can now be supported. Update the Language file and
+        docs. -->
+        <error message="Line numbers not supported"></error>
+    </file>
+
     <file name="golang/go.mod">
-        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0 (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 0.23.0)" severity="error" />
-        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0 (CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)) (update to 0.17.0)" severity="error" />
-        <error source="vulnerability" line="5" message="Insecure dependency golang.org/x/net@v0.16.0 (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 0.17.0)" severity="error" />
+        <!-- TODO: If this tests fail, golang can now be supported. Update the Language file and
+        docs. -->
+        <error message="Line numbers not supported"></error>
     </file>
+
     <file name="gradle/gradle.lockfile">
-        <error source="vulnerability" line="1" message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.3.2, 2.12.4, 2.17.1)" severity="error" />
+        <error source="vulnerability" line="1"
+            message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.3.2, 2.12.4, 2.17.1)"
+            severity="error" />
+    </file>
+
+    <file name="java/pom.xml">
+        <error source="vulnerability" line="13"
+            message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.3.2, 2.12.4, 2.17.1)"
+            severity="error" />
+    </file>
+
+    <file name="javascript/package-lock.json">
+        <error source="vulnerability" line="14"
+            message="Insecure dependency axios@0.21.0 (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
+            severity="error" />
+        <error source="vulnerability" line="14"
+            message="Insecure dependency axios@0.21.0 (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
+            severity="error" />
+        <error source="vulnerability" line="14"
+            message="Insecure dependency axios@0.21.0 (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 1.6.0, 0.28.0)"
+            severity="error" />
+    </file>
+
+    <file name="javascript/yarn.lock">
+        <error source="vulnerability" line="5"
+            message="Insecure dependency axios@0.21.0 (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
+            severity="error" />
+        <error source="vulnerability" line="5"
+            message="Insecure dependency axios@0.21.0 (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
+            severity="error" />
+        <error source="vulnerability" line="5"
+            message="Insecure dependency axios@0.21.0 (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 1.6.0, 0.28.0)"
+            severity="error" />
     </file>
-    <file name="python/requirements.txt">
-        <error source="vulnerability" line="2" message="Insecure dependency requests@v2.30.0 (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)" severity="error" />
+
+    <file
+        name="python/Pipfile.lock">
+        <error source="vulnerability" line="123"
+            message="Insecure dependency idna@3.6 (CVE-2024-3651: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()) (update to 3.7)"
+            severity="error" />
+        <error source="vulnerability" line="131"
+            message="Insecure dependency requests@2.30.0 (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
+            severity="error" />
+        <error source="vulnerability" line="131"
+            message="Insecure dependency requests@2.30.0 (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
+            severity="error" />
     </file>
-    <file name="python/requirements.txt">
-        <error source="vulnerability" line="2" message="Insecure dependency requests@v2.30.0 (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)" severity="error" />
+
+    <file
+        name="python/requirements.txt">
+        <error source="vulnerability" line="2"
+            message="Insecure dependency requests@v2.30.0 (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
+            severity="error" />
+        <error source="vulnerability" line="2"
+            message="Insecure dependency requests@v2.30.0 (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
+            severity="error" />
     </file>
+
     <file name="ruby/Gemfile.lock">
-        <error source="vulnerability" line="4" message="Insecure dependency puma@6.3.0 (CVE-2023-40175: rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers) (update to ~> 5.6.7, >= 6.3.1)" severity="error" />
+        <error source="vulnerability" line="4"
+            message="Insecure dependency puma@6.3.0 (CVE-2023-40175: rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers) (update to ~> 5.6.7, >= 6.3.1)"
+            severity="error" />
+        <error source="vulnerability" line="4"
+            message="Insecure dependency puma@6.3.0 (CVE-2024-21647: rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies) (update to ~> 5.6.8, >= 6.4.2)"
+            severity="error" />
     </file>
-        <file name="ruby/Gemfile.lock">
-        <error source="vulnerability" line="4" message="Insecure dependency puma@6.3.0 (CVE-2024-21647: rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies) (update to ~> 5.6.8, >= 6.4.2)" severity="error" />
+
+
+    <file name="swift/Package.resolved">
+        <error source="vulnerability" line="67"
+            message="Insecure dependency github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-0618: Denial of service via HTTP/2 HEADERS frames padding) (update to 1.20)"
+            severity="error" />
+        <error source="vulnerability" line="67"
+            message="Insecure dependency github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24666: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length) (update to 1.19.2)"
+            severity="error" />
+        <error source="vulnerability" line="67"
+            message="Insecure dependency github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24667: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding) (update to 1.19.2)"
+            severity="error" />
+        <error source="vulnerability" line="67"
+            message="Insecure dependency github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24668: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames) (update to 1.19.2)"
+            severity="error" />
+        <error source="vulnerability" line="67"
+            message="Insecure dependency github.com/apple/swift-nio-http2@1.2.1 (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 1.28.0)"
+            severity="error" />
     </file>
-</checkstyle>
+</checkstyle>

docs/multiple-tests/pattern-vulnerability/src/java/pom.xml

@@ -0,0 +1,19 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.example</groupId>
+    <artifactId>happy</artifactId>
+    <version>1.0.0</version>
+
+    <name>happy</name>
+    <description>Example</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.17.0</version>
+        </dependency>
+    </dependencies>
+</project>

docs/multiple-tests/pattern-vulnerability/src/javascript/package.json

@@ -0,0 +1,8 @@
+{
+  "name": "node-js-sample",
+  "version": "0.2.0",
+  "main": "index.js",
+  "dependencies": {
+    "axios": "0.21.0"
+  }
+}

docs/multiple-tests/pattern-vulnerability/src/javascript/yarn.lock

@@ -0,0 +1,15 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+axios@0.21.0:
+  version "0.21.0"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.0.tgz#26df088803a2350dff2c27f96fef99fe49442aca"
+  integrity sha512-fmkJBknJKoZwem3/IKSSLpkdNXZeBu5Q7GA/aRsr2btgrptmSCxi2oFjZHqGdK9DoTil9PIHlPIZw2EcRJXRvw==
+  dependencies:
+    follow-redirects "^1.10.0"
+
+follow-redirects@^1.10.0:
+  version "1.15.6"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b"
+  integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==

docs/multiple-tests/pattern-vulnerability/src/python/Pipfile

@@ -0,0 +1,12 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+requests = "==v2.30.0"
+
+[dev-packages]
+
+[requires]
+python_version = "3.11"

docs/multiple-tests/pattern-vulnerability/src/swift/Package.resolved

@@ -0,0 +1,79 @@
+{
+  "object": {
+    "pins": [
+      {
+        "package": "DeckOfPlayingCards",
+        "repositoryURL": "https://github.com/apple/example-package-deckofplayingcards.git",
+        "state": {
+          "branch": null,
+          "revision": "2c0e5ac3e10216151fc78ac1ec6bd9c2c0111a3a",
+          "version": "3.0.4"
+        }
+      },
+      {
+        "package": "FisherYates",
+        "repositoryURL": "https://github.com/apple/example-package-fisheryates.git",
+        "state": {
+          "branch": null,
+          "revision": "e729f197bbc3831b9a3005fa71ad6f38c1e7e17e",
+          "version": "2.0.6"
+        }
+      },
+      {
+        "package": "PlayingCard",
+        "repositoryURL": "https://github.com/apple/example-package-playingcard.git",
+        "state": {
+          "branch": null,
+          "revision": "39ddabb01e8102ab548a8c6bb3eb20b15f3b4fbc",
+          "version": "3.0.5"
+        }
+      },
+      {
+        "package": "swift-argument-parser",
+        "repositoryURL": "https://github.com/apple/swift-argument-parser.git",
+        "state": {
+          "branch": null,
+          "revision": "6b2aa2748a7881eebb9f84fb10c01293e15b52ca",
+          "version": "0.5.0"
+        }
+      },
+      {
+        "package": "swift-atomics",
+        "repositoryURL": "https://github.com/apple/swift-atomics.git",
+        "state": {
+          "branch": null,
+          "revision": "cd142fd2f64be2100422d658e7411e39489da985",
+          "version": "1.2.0"
+        }
+      },
+      {
+        "package": "swift-collections",
+        "repositoryURL": "https://github.com/apple/swift-collections.git",
+        "state": {
+          "branch": null,
+          "revision": "a902f1823a7ff3c9ab2fba0f992396b948eda307",
+          "version": "1.0.5"
+        }
+      },
+      {
+        "package": "swift-nio",
+        "repositoryURL": "https://github.com/apple/swift-nio.git",
+        "state": {
+          "branch": null,
+          "revision": "3db5c4aeee8100d2db6f1eaf3864afdad5dc68fd",
+          "version": "2.59.0"
+        }
+      },
+      {
+        "package": "swift-nio-http2",
+        "repositoryURL": "https://github.com/apple/swift-nio-http2.git",
+        "state": {
+          "branch": null,
+          "revision": "c2638ff60910a0d468ff9a882c8586a827da1a0d",
+          "version": "1.2.1"
+        }
+      }
+    ]
+  },
+  "version": 1
+}

docs/multiple-tests/pattern-vulnerability/src/swift/Package.swift

@@ -0,0 +1,50 @@
+// swift-tools-version:5.5
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright 2015 – 2021 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+*/
+
+import PackageDescription
+
+let package = Package(
+    name: "dealer",
+    platforms: [
+        .macOS(.v11)
+    ],
+    products: [
+        .executable(name: "dealer", targets: ["dealer"]),
+    ],
+    dependencies: [
+        // Dependencies declare other packages that this package depends on.
+        .package(url: "https://github.com/apple/example-package-deckofplayingcards.git",
+                 from: "3.0.0"),
+        .package(url: "https://github.com/apple/swift-argument-parser.git",
+                 from: "0.4.4"),
+        .package(url: "https://github.com/apple/swift-nio-http2.git",
+                 "1.0.0"..<"1.2.8"),
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package. A target can define a module or a test suite.
+        // Targets can depend on other targets in this package, and on products in packages which this package depends on.
+        .executableTarget(
+            name: "dealer",
+            dependencies: [
+                .product(name: "DeckOfPlayingCards",
+                         package: "example-package-deckofplayingcards"),
+                .product(name: "ArgumentParser",
+                         package: "swift-argument-parser")
+            ]),
+        .testTarget(
+            name: "DealerTests",
+            dependencies: [
+                .byName(name: "dealer")
+            ]),
+    ]
+)

internal/tool/tool_test.go

@@ -119,7 +119,7 @@ func TestRun(t *testing.T) {
 			},
 			{
 				Target: file2,
-				Secrets: []ftypes.SecretFinding{
+				Secrets: []types.DetectedSecret{
 					{
 						StartLine: 2,
 						Title:     "secret title",
@@ -138,7 +138,7 @@ func TestRun(t *testing.T) {
 			},
 			{
 				Target: "file-3",
-				Secrets: []ftypes.SecretFinding{
+				Secrets: []types.DetectedSecret{
 					{
 						StartLine: 10,
 						Title:     "unkown file",