mirror of
https://github.com/securego/gosec.git
synced 2024-11-05 19:45:51 +00:00
Merge pull request #5 from HewlettPackard/docs
Update the README to include newer rules
This commit is contained in:
commit
e2caa921fe
1 changed files with 25 additions and 15 deletions
40
README.md
40
README.md
|
@ -15,15 +15,26 @@ By default Gas will run all rules against the supplied file paths. It is however
|
|||
|
||||
##### Available rules
|
||||
|
||||
- __crypto__ - Detects use of weak cryptography primatives
|
||||
- __tls__ - Detects if TLS certificate verification is disabled
|
||||
- __sql__ - SQL injection vectors
|
||||
- __hardcoded__ - Potential hardcoded credentials
|
||||
- __perms__ - Insecure file permissions
|
||||
- __crypto__ - Detects use of weak cryptography primitives.
|
||||
- __tls__ - Detects if TLS certificate verification is disabled.
|
||||
- __sql__ - SQL injection vectors.
|
||||
- __hardcoded__ - Potential hardcoded credentials.
|
||||
- __perms__ - Insecure file permissions.
|
||||
- __tempfile__ - Insecure creation of temporary files
|
||||
- __unsafe__- Detects use of the unsafe pointer functions
|
||||
- __bind__- Listening on all network interfaces
|
||||
- __rsa__- Weak RSA keys
|
||||
- __unsafe__- Detects use of the unsafe pointer functions.
|
||||
- __bind__- Listening on all network interfaces.
|
||||
- __rsa__- Warns for RSA keys that are less than 2048 bits.
|
||||
- __tls_good__ - Checks to ensure ciphers and protocol versions are
|
||||
explicitly enabled to meet the [modern compatibility](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility) standards recommended by Mozilla.
|
||||
- __tls_ok__ - Checks to ensure ciphers and protocol versions are
|
||||
explicitly enabled to meet the [intermediate compatibility]( https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) standards recommended by Mozilla.
|
||||
- __tls_old__ - Checks to ensure ciphers and protocol versions are
|
||||
explicitly enabled to meet the [older compatibility](https://wiki.mozilla.org/Security/Server_Side_TLS#Old_compatibility_.28default.29) standards recommended by Mozilla.
|
||||
- __templates__ - Detect cases where input is not escaped when entered into Go HTML templates.
|
||||
- exec - Report cases where the application is executing an external process.
|
||||
- __errors__ - Report error return values that are ignored.
|
||||
- __httpoxy__ - Report on CGI usage as it may indicate vulnerability to the [httpoxy](https://httpoxy.org/) vulnerability.
|
||||
|
||||
|
||||
|
||||
```
|
||||
|
@ -54,7 +65,7 @@ import "md5" // #nosec
|
|||
|
||||
func main(){
|
||||
|
||||
/* # nosec */
|
||||
/* #nosec */
|
||||
if x > y {
|
||||
h := md5.New() // this will also be ignored
|
||||
}
|
||||
|
@ -64,8 +75,8 @@ func main(){
|
|||
```
|
||||
|
||||
In some cases you may also want to revisit places where #nosec annotations
|
||||
have been used. To run the scanner and ignore any #nosec annotations you can
|
||||
do the following:
|
||||
have been used. To run the scanner and ignore any #nosec annotations you
|
||||
can do the following:
|
||||
|
||||
```
|
||||
$ gas -nosec=true ./...
|
||||
|
@ -73,10 +84,9 @@ $ gas -nosec=true ./...
|
|||
|
||||
### Output formats
|
||||
|
||||
Gas currently supports text, json and csv output formats. By default results
|
||||
will be reported to stdout, but can also be written to an output file. The
|
||||
output format is controlled by the '-fmt' flag, and the output file is
|
||||
controlled by the '-out' flag as follows:
|
||||
Gas currently supports text, json and csv output formats. By default
|
||||
results will be reported to stdout, but can also be written to an output
|
||||
file. The output format is controlled by the '-fmt' flag, and the output file is controlled by the '-out' flag as follows:
|
||||
|
||||
```
|
||||
# Write output in json format to results.json
|
||||
|
|
Loading…
Reference in a new issue