云微
34d144b3fa
Add new rule for Slowloris Attack
2022-04-30 12:38:50 +02:00
Calin Capitanu
48bbf96b56
Adds directory traversal for Http.Dir("/")
2022-03-06 10:58:47 +01:00
Yiwei Ding
b45f95f6ad
Add support for suppressing the findings
2021-12-09 11:53:36 +01:00
evalphobia
03f12f3f5d
Change naming rule from blacklist to blocklist
2020-06-29 13:45:44 +02:00
Caccavale
ee3146e637
Rule which detects aliasing of values in RangeStmt
2020-04-24 07:46:25 -07:00
Cosmin Cojocar
c6e10af40f
Handle properly the gosec module version v2
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2020-04-06 09:06:23 -07:00
Sam Caccavale
7525fe4bb7
Rule for defering methods which return errors ( #441 )
2020-03-01 21:45:37 +01:00
Sam Caccavale
a305f10eb9
Fileperms ( #442 )
2020-02-28 12:48:18 +01:00
Hiroki Suezawa
a4d7b3628b
Add G110(Potential DoS vulnerability via decompression bomb)
...
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-20 10:37:56 +01:00
Hiroki Suezawa
9cb83e10af
Add a rule which detects when there is potential integer overflow ( #422 )
...
* Add G109(Potential Integer OverFlow Detection)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* add CWE to G109(Potential Integer Overflow)
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
* Modify G109 to use gosec.Context
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2020-01-06 09:55:52 +01:00
Cosmin Cojocar
9cee24cccd
Add a rule which detects when pprof endpoint is automatically exposed
...
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-24 09:32:09 +10:00
Cosmin Cojocar
338b50debb
Remove rule G105 which detects the use of math/big#Int.Exp
...
The big#Int.Exp used to be vulnerable in older versions of Go, but in the
meantime has been fixed (https://github.com/golang/go/issues/15184 ).
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2019-09-10 11:59:05 +10:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
cschoenduve-splunk
419c9292c8
G107 - SSRF ( #236 )
...
* Initial SSRF Rule
* Added Selector evaluation
* Added source code tests
* Fixed spacing issues
* Fixed Spacingv2
* Removed resty test
2018-09-04 08:55:03 +02:00
Cosmin Cojocar
8dfa8dc015
Update README
2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96
Add sha1 to weak crypto primitives
2018-08-08 16:38:57 +02:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org ( #214 )
2018-07-19 17:40:28 +10:00
Cosmin Cojocar
1923b6d18e
Rule which detects a potential path traversal when extracting zip archives ( #208 )
...
* Add a rule which detects file path traversal when extracting zip archive
* Detect if any argument is derived from zip.File
* Drop support for Go version 1.8
2018-07-18 22:31:07 +10:00
Grant Murphy
66aea5cd99
fix gofmt errors
2018-03-09 12:49:01 +10:00
Grant Murphy
58a48c471c
Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule
2018-03-09 10:54:34 +10:00
coredefend
e76b258456
New Rule Tainted file ( #183 )
...
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178 )
* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration
* Update README
* Remove trailing space in README
* Update dependencies
* Fix the commends of the generated functions
* Add nil pointer check to rule. (#181 )
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.
Relates to #174
* Add support for YAML output format (#177 )
* Add YAML output format
* Update README
* added rule to check for tainted file path
* added #nosec to main/issue.go
* updated test case import
2018-03-09 09:23:27 +10:00
Jon McClintock
6b484e734e
Run gofmt
2018-03-03 00:03:39 +00:00
Jon McClintock
1429033aca
Add support for #excluding specific rules
2018-03-02 23:44:51 +00:00
Cosmin Cojocar
230d286f4e
Fix gofmt formatting
2018-02-10 20:04:58 +01:00
Cosmin Cojocar
d3c3cd6419
Add a rule to detect the usage of ssh InsecureIgnoreHostKey function
2018-02-06 16:56:26 +01:00
Grant Murphy
af25ac1f6e
fix golint errors picked up by hound-ci
2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c
fix hound-ci errors
2017-12-13 17:39:00 +10:00
Grant Murphy
65b18da711
Hack to address circular dependency in rulelist
2017-05-09 21:26:12 -07:00
Grant Murphy
bf78d027a9
Restructure and introduce a standalone config
2017-04-28 14:46:26 -07:00