New Rule Tainted file (#183)

* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178) * Add a tool which generates the TLS rule configuration from Mozilla server side TLS configuration * Update README * Remove trailing space in README * Update dependencies * Fix the commends of the generated functions * Add nil pointer check to rule. (#181) TypeOf returns the type of expression e, or nil if not found. We are calling .String() on a value that may be nil in this clause. Relates to #174 * Add support for YAML output format (#177) * Add YAML output format * Update README * added rule to check for tainted file path * added #nosec to main/issue.go * updated test case import
2025-11-29 22:37:59 +02:00 · 2018-03-08 18:23:27 -05:00
parent 57dd25a893
commit e76b258456
7 changed files with 100 additions and 0 deletions
--- a/rules/rulelist.go
+++ b/rules/rulelist.go
@@ -77,6 +77,7 @@ func Generate(filters ...RuleFilter) RuleList {
 		"G301": {"Poor file permissions used when creating a directory", NewMkdirPerms},
 		"G302": {"Poor file permisions used when creation file or using chmod", NewFilePerms},
 		"G303": {"Creating tempfile using a predictable path", NewBadTempFile},
+		"G304": {"File path provided as taint input", NewReadFile},

 		// crypto
 		"G401": {"Detect the usage of DES, RC4, or MD5", NewUsesWeakCryptography},