1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-28 21:08:22 +02:00
Commit Graph

28 Commits

Author SHA1 Message Date
Cosmin Cojocar
a892be9827 fix: add a CWE ID mapping to rule G114
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-22 10:23:10 +02:00
Vladimir Severov
9c19cb6501
Add check for usage of Rat.SetString in math/big with an overflow error (#819)
* Add check for usage of Rat.SetString in math/big with an overflow error

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7
has an overflow that can lead to Uncontrolled Memory Consumption.

It is the CVE-2022-23772.

* Use ContainsPkgCallExpr instead of manual parsing
2022-06-03 00:19:51 +02:00
云微
34d144b3fa
Add new rule for Slowloris Attack 2022-04-30 12:38:50 +02:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/") 2022-03-06 10:58:47 +01:00
Ville Skyttä
d23ab2d997
Remove space between // and #nosec in examples and internal use
Comments intended for machines to read do not have the space by
convention.
2021-12-15 19:31:14 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings 2021-12-09 11:53:36 +01:00
Marc Brugger
ba23b5e49a
Add possibility to list waived (nosec) marked issues but not count them as such 2021-08-18 13:00:38 +02:00
Matthieu MOREL
1256f16f33
Fix lint and fail on error in the ci build 2021-05-31 10:44:12 +02:00
Matthieu MOREL
c4f5932ab7
Refactor : Replace Cwe with cwe.Weakness 2021-05-07 16:54:34 +02:00
Cosmin Cojocar
4d4e5949c6 Add some comments
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-07 10:00:15 +02:00
Cosmin Cojocar
d1467ac998 Extend the code snippet included in the issue and refactored how the code snippet is printed
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-07-07 10:00:15 +02:00
Cosmin Cojocar
32be4a5cc6 Make sure all rules are mapped to CWE numbers
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-05-26 08:59:14 +02:00
Marco Antônio Singer
656691b387
feature(formatter/text): Add color option on text format (#460)
* feature(issue): Add function to return file path and line number

* docs(formatter/CreateReport): Update formats accepted

* feature(formatter): Add color output for text format

Basic color support for text format. For now, only the "Summary" title
and "Issues" section has color

* feature(formatter): Highlight issues based on severity

Given an issue, the file path is painted based on its severity.
We're using the following rules: high is red, medium is yellow and
low is simple black & white

* feature(main): Add color flag

It's only valid for text format

* refactor(formatter): Passing color flag forward
2020-04-14 09:50:02 +02:00
Hiroki Suezawa
a4d7b3628b Add G110(Potential DoS vulnerability via decompression bomb)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Hiroki Suezawa
9cb83e10af Add a rule which detects when there is potential integer overflow (#422)
* Add G109(Potential Integer OverFlow Detection)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* add CWE to G109(Potential Integer Overflow)

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>

* Modify G109 to use gosec.Context

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00
Hiroki Suezawa
79fbf3af8d Add golint format to output format (#428)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-03 10:56:21 +01:00
Julian Thome
53be8dd864 Add CWE rule mappings (#405)
* added mappings

* added cwe to template

* link in function to template

* moved mappings and added test cases

* wording

* cleanup
2019-10-31 09:22:38 +01:00
Cosmin Cojocar
3af4ae9ddb Fix some lint warnings
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-05-01 08:52:23 +02:00
Oleksandr Redko
3116b07de4 Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
jonmcclintock
2115402409 Add the rule ID to issues (#188) 2018-03-12 18:18:44 +10:00
Grant Murphy
58a48c471c Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule 2018-03-09 10:54:34 +10:00
coredefend
e76b258456 New Rule Tainted file (#183)
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)

* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions

* Add nil pointer check to rule. (#181)

TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174

* Add support for YAML output format (#177)

* Add YAML output format

* Update README

* added rule to check for tainted file path

* added #nosec to main/issue.go

* updated test case import
2018-03-09 09:23:27 +10:00
Jon McClintock
1429033aca Add support for #excluding specific rules 2018-03-02 23:44:51 +00:00
Cosmin Cojocar
7355f0a119 Fix some gas warnings 2018-02-10 20:10:56 +01:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
3caf7c3154 Add test cases 2017-09-16 10:12:27 +10:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00