Update go to 1.25.5 and 1.24.11 in CI (#1433)

* Update go version to 1.25.5 and 1.24.11 in CI


Signed-off-by: Cosmin Cojocar <[email protected]>

* Update the buildSSA to use the new tools package

Signed-off-by: Cosmin Cojocar <[email protected]>

* Remove the type allignment check

Signed-off-by: Cosmin Cojocar <[email protected]>

---------

Signed-off-by: Cosmin Cojocar <[email protected]>

Author: ccojocar

.github/workflows/ci.yml

@@ -11,9 +11,9 @@ jobs:
     strategy:
       matrix:
         version:
-          - go-version: "1.24.10"
+          - go-version: "1.24.11"
             golangci: "latest"
-          - go-version: "1.25.4"
+          - go-version: "1.25.5"
             golangci: "latest"
     runs-on: ubuntu-latest
     env:
@@ -52,7 +52,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@v6
         with:
-          go-version: "1.25.4"
+          go-version: "1.25.5"
       - name: Checkout Source
         uses: actions/checkout@v6
       - uses: actions/cache@v4

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: "1.25.4"
+          go-version: "1.25.5"
       - name: Install Cosign
         uses: sigstore/cosign-installer@v3
         with:

analyzer.go

@@ -35,6 +35,8 @@ import (
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/buildssa"
+	"golang.org/x/tools/go/analysis/passes/ctrlflow"
+	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/packages"
 
 	"github.com/securego/gosec/v2/analyzers"
@@ -430,7 +432,7 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 		buildssa.Analyzer: &analyzers.SSAAnalyzerResult{
 			Config: gosec.Config(),
 			Logger: gosec.logger,
-			SSA:    ssaResult.(*buildssa.SSA),
+			SSA:    ssaResult,
 		},
 	}
 
@@ -491,7 +493,7 @@ func (gosec *Analyzer) generatedFiles(pkg *packages.Package) map[string]bool {
 }
 
 // buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
-func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
+func (gosec *Analyzer) buildSSA(pkg *packages.Package) (*buildssa.SSA, error) {
 	defer func() {
 		if r := recover(); r != nil {
 			gosec.logger.Printf(
@@ -500,26 +502,54 @@ func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
 			)
 		}
 	}()
-	ssaPass := &analysis.Pass{
-		Analyzer:          buildssa.Analyzer,
-		Fset:              pkg.Fset,
-		Files:             pkg.Syntax,
-		OtherFiles:        pkg.OtherFiles,
-		IgnoredFiles:      pkg.IgnoredFiles,
-		Pkg:               pkg.Types,
-		TypesInfo:         pkg.TypesInfo,
-		TypesSizes:        pkg.TypesSizes,
-		ResultOf:          nil,
-		Report:            nil,
-		ImportObjectFact:  nil,
-		ExportObjectFact:  nil,
-		ImportPackageFact: nil,
-		ExportPackageFact: nil,
-		AllObjectFacts:    nil,
-		AllPackageFacts:   nil,
-	}
-
-	return ssaPass.Analyzer.Run(ssaPass)
+	if pkg == nil {
+		return nil, errors.New("nil package provided")
+	}
+	if pkg.Types == nil {
+		return nil, fmt.Errorf("package %s has no type information (compilation failed?)", pkg.Name)
+	}
+	if pkg.TypesInfo == nil {
+		return nil, fmt.Errorf("package %s has no type information", pkg.Name)
+	}
+	pass := &analysis.Pass{
+		Fset:             pkg.Fset,
+		Files:            pkg.Syntax,
+		OtherFiles:       pkg.OtherFiles,
+		IgnoredFiles:     pkg.IgnoredFiles,
+		Pkg:              pkg.Types,
+		TypesInfo:        pkg.TypesInfo,
+		TypesSizes:       pkg.TypesSizes,
+		ResultOf:         make(map[*analysis.Analyzer]interface{}),
+		Report:           func(d analysis.Diagnostic) {},
+		ImportObjectFact: func(obj types.Object, fact analysis.Fact) bool { return false },
+		ExportObjectFact: func(obj types.Object, fact analysis.Fact) {},
+	}
+
+	pass.Analyzer = inspect.Analyzer
+	i, err := inspect.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running inspect analysis: %w", err)
+	}
+	pass.ResultOf[inspect.Analyzer] = i
+
+	pass.Analyzer = ctrlflow.Analyzer
+	cf, err := ctrlflow.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running control flow analysis: %w", err)
+	}
+	pass.ResultOf[ctrlflow.Analyzer] = cf
+
+	pass.Analyzer = buildssa.Analyzer
+	result, err := buildssa.Analyzer.Run(pass)
+	if err != nil {
+		return nil, fmt.Errorf("running SSA analysis: %w", err)
+	}
+
+	ssaResult, ok := result.(*buildssa.SSA)
+	if !ok {
+		return nil, fmt.Errorf("unexpected SSA analysis result type: %T", result)
+	}
+	return ssaResult, nil
 }
 
 // ParseErrors parses the errors from given package