7f6509a916
Update README.md ( #246 )
...
Add logo to README.md
2018-09-25 19:44:53 +10:00
762ff3a709
Allow quoted strings to be used to format SQL queries ( #240 )
...
* Support stripping vendor paths when matching calls
* Factor out matching of formatter string
* Quoted strings are safe to use with SQL str formatted strings
* Add test for allowing quoted strings with string formatters
* Install the pq package for tests to pass
2018-09-25 10:40:05 +03:00
ec32ce68d8
Support Go 1.11 ( #239 )
...
* Test with the latest minor version of each major Go version
* Support Go 1.11 and modules
2018-09-10 09:09:12 +02:00
145f1a0bf4
Removed wrapping feature ( #238 )
2018-09-04 18:08:37 +02:00
419c9292c8
G107 - SSRF ( #236 )
...
* Initial SSRF Rule
* Added Selector evaluation
* Added source code tests
* Fixed spacing issues
* Fixed Spacingv2
* Removed resty test
2018-09-04 08:55:03 +02:00
63b25c147f
Fix typo in README ( #235 )
...
`PORJECT` -> `PROJECT`
2018-09-03 09:39:31 +02:00
7fd94463ed
update to G304 which adds binary expressions and file joining ( #233 )
...
* Added features to G304
* Linted
* Added path selectors
* Used better solution
* removed debugging lines
* fixed comments
* Added test code
* fixed a spacing change
2018-08-28 14:34:07 +10:00
e4ba96adc3
Update README
2018-08-21 11:15:14 +02:00
ec0f8ec9d6
Set the GOROOT and GOPATH env variables in Dockerfile
2018-08-21 11:15:14 +02:00
247828cfa5
Update docker base image to 1.10.3-alpine3.8
2018-08-21 11:15:14 +02:00
b6891998ce
Add Fprintf to Rule G201
2018-08-21 09:31:38 +02:00
a7cff91312
Small update to G201 and added ConcatString Function ( #228 )
2018-08-19 19:57:36 +02:00
1c438e36af
Tweak makefile to match up with docker repo ( #231 )
2018-08-19 10:28:17 +10:00
9577fd0b44
Update README
2018-08-15 09:58:26 +02:00
e543f4662c
Use the Linux build for Docker image
2018-08-15 09:53:33 +02:00
dbd0f8f511
Use the make build goal when creeating the docker image
2018-08-15 09:45:37 +02:00
f06a84ebaa
Merge pull request #227 from ccojocar/sha1
...
Add sha1 to weak crypto primitives
2018-08-09 09:34:49 +02:00
8dfa8dc015
Update README
2018-08-08 16:41:34 +02:00
fb0dc73a96
Add sha1 to weak crypto primitives
2018-08-08 16:38:57 +02:00
90a1c1d625
Merge pull request #225 from jvmatl/jvmatl-patch-1
...
Document #nosec use with a list of rules
2018-08-03 10:02:42 +02:00
0d2e16dfa3
Document #nosec use with a list of rules
...
Extend the readme to document the ability to prevent some, but not all, rules from being enforced within an AST node.
2018-07-31 16:22:19 -04:00
639987a295
Merge pull request #223 from ccojocar/fail_by_severity
...
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 13:46:25 +02:00
de10a7456f
Fix the help message
2018-07-30 09:45:29 +02:00
4702cc5da7
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 09:43:41 +02:00
c0db486820
Merge pull request #222 from ccojocar/vendor_folder_flag
...
Add a flag to turn on scanning on vendor folder
2018-07-30 09:23:52 +02:00
6919d97188
Add a flag to turn on scanning on vendor folder
2018-07-30 09:11:23 +02:00
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
...
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
7d767b4b66
Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
...
replace len(x)<=0 with len(x)==0
2018-07-30 08:43:44 +02:00
3c8707c6c4
fix duplicated index issue in Less method
...
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
2f61fad317
replace len(x)<=0 with len(x)==0
...
length can't be negative.
Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
5fb530cda3
Merge pull request #219 from ccojocar/goreleaser
...
Use the goreleaser tool to perform releases
2018-07-27 14:59:25 +02:00
a8edd07bf1
Update locked dependencies
2018-07-27 14:48:09 +02:00
2a6e887167
Use the goreleaser tool to perform releases
2018-07-27 14:42:00 +02:00
5ba647528a
Merge pull request #211 from WillAbides/commandcontext
...
Make G204 look for CommandContext calls
2018-07-26 16:48:42 +02:00
1f9d09d456
remove extra bracket from test source
2018-07-26 09:27:39 -05:00
6a156e2695
Merge branch 'master' into commandcontext
2018-07-26 09:13:43 -05:00
2785f7aaf8
Merge pull request #217 from ccojocar/derive_pkg_from_files
...
Derive the package from given files
2018-07-23 15:29:24 +02:00
4c6396b7d4
Derive the package from given files
...
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
3f2b81461f
Update README.md
2018-07-20 09:23:46 +10:00
138e6decee
Add slack community link ( #215 )
...
Add slack community link
2018-07-20 09:22:43 +10:00
f254cec60b
Merge pull request #216 from ccojocar/rename_gas_with_gosec
...
Rename gas with gosec
2018-07-19 18:56:36 +02:00
e6641c6265
Replace gas with gosec in the README file
2018-07-19 18:46:26 +02:00
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00
da26f64208
Rename github org ( #214 )
2018-07-19 17:40:28 +10:00
1923b6d18e
Rule which detects a potential path traversal when extracting zip archives ( #208 )
...
* Add a rule which detects file path traversal when extracting zip archive
* Detect if any argument is derived from zip.File
* Drop support for Go version 1.8
2018-07-18 22:31:07 +10:00
d7ec2fce7a
add CommandContext as subprocess launcher
2018-06-03 16:43:28 -05:00
4ae8c95b40
Add an option for Go build tags ( #201 )
...
* Add an option for Go build tags
* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
7790709b81
Discard the logs messages if the quite flag is set ( #200 )
2018-04-16 19:41:40 +10:00
830cb81b29
Support package resolution and filepaths ( #187 )
...
* Support package resolution and filepaths
This change introduces the logic to resolve packages using gotool
and build packages from filepaths. It assumes that the packages
being scanned are located within the GOPATH.
If the GOPATH environment variable is not set the GOPATH is derived
as $HOME/go.
Relates to #184
* Fix build error
* Address unhandled error
* Fix formatting error
* Handle multiple paths on GOPATH
2018-04-16 15:46:39 +10:00
b643ac26a4
Add rule ID to text output ( #198 )
2018-04-16 15:44:54 +10:00
