0eb8143c23
Added new rule G407(hardcoded IV/nonce)
...
The rule is supposed to detect for the usage of hardcoded or static nonce/Iv in many encryption algorithms:
* The different modes of AES (mainly tested here)
* It should be able to work with ascon
Currently the rules doesn't check when constant variables are used.
TODO: Improve the rule, to detected for constatant variable usage
2024-08-30 19:35:07 +02:00
2e71f37efd
Updated G401 corresponding CWE
...
The corresponding CWE from G401 rule was changed from CWE-326 -> CWE-328.
In my opinion, this CWE suits better the rule.
2024-06-24 15:25:54 +02:00
c3209fcaac
Map the G115 rule to an CWE ID
...
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch >
2024-05-27 15:12:55 +02:00
d864a91884
Enable gochecknoinits; fix lint issues; use consts for some vars ( #1022 )
2023-10-05 13:00:22 +02:00
d6aeaad931
correct gci linter ( #946 )
...
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com >
2023-03-30 09:31:24 +02:00
6cd9e6289d
Add CWE-676 to cwe mapping ( #874 )
2022-10-06 08:18:21 +02:00
19fa856bad
fix: make sure that nil Cwe pointer is handled when getting the CWE ID
2022-08-20 13:32:31 +02:00
34d144b3fa
Add new rule for Slowloris Attack
2022-04-30 12:38:50 +02:00
ad5d74d5a1
Update to ginkgo v2 ( #753 )
2022-01-03 18:11:35 +01:00
e72b1e5f25
Use of vars instead of func
2021-06-13 13:30:16 +02:00
1256f16f33
Fix lint and fail on error in the ci build
2021-05-31 10:44:12 +02:00
103c429df5
Enable golangcli and improve testing for formatters
2021-05-10 10:08:04 +02:00
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness
2021-05-07 16:54:34 +02:00
cc83d4c922
Generate the SARIF types, handle taxonomies and separate responsibilities
2021-05-05 18:54:32 +02:00
