Edoardo Tenani
9b966a447e
add test case for strings.Builder G104 whitelist inclusion
2018-11-11 09:57:28 +01:00
Yuki Ito
41809946d4
Make G201 ignore CallExpr with no args ( #262 )
2018-11-05 09:28:47 +01:00
Yuki Ito
443f84fd4d
Fix golint link ( #263 )
2018-11-05 09:13:26 +01:00
Oleksandr Redko
3116b07de4
Fix typos in comments and rulelist ( #256 )
2018-10-11 14:45:31 +02:00
Cosmin Cojocar
e0a150bfa3
Merge pull request #254 from kishaningithub/253
...
Add install.sh script and update readme
2018-10-05 13:12:28 +02:00
Kishan B
97bc137c5b
Add CI Installation steps and correct markdown lint errors
2018-10-05 15:27:14 +05:30
Kishan B
8c09a83248
Add install.sh script
2018-10-05 15:26:13 +05:30
Cosmin Cojocar
d032909e3f
Merge pull request #251 from NeverOddOrEven/fix-html-template
...
Fix the html template
2018-10-04 09:39:56 +02:00
NeverOddOrEven
027dc2b8a7
This fixes the html template when using '-fmt=html'
...
- resolves HTML escaping issues within the template
- resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats
2018-10-03 13:31:59 -05:00
Cosmin Cojocar
f9b41874b1
Merge pull request #249 from andrewhsu/go
...
bump Dockerfile golang from 1.10 to 1.11
2018-10-03 08:35:47 +02:00
Andrew Hsu
1ecd47e007
bump Dockerfile golang from 1.10 to 1.11
...
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-10-03 00:28:39 +00:00
Cosmin Cojocar
2cc6838ca3
Merge pull request #248 from ccojocar/code-samples-multiple-files
...
Refactor the test code sample to support multiple files per sample
2018-09-28 11:52:04 +03:00
Cosmin Cojocar
64d58c2e51
Refactor the test code sample to support multiple files per sample
2018-09-28 11:42:25 +03:00
Delon Wong Her Laang
d3f1980e7a
Fix false positives for SQL string concatenation with constants from another file ( #247 )
...
* Allow for SQL concatenation of nodes that resolve to literals
If node.Y resolves to a literal, it will not be considered as an issue.
* Fix typo in comment.
* Go through all files in package to resolve that identifier
* Refactor code and added comments.
* Changed checking to not var or func.
* Allow for supporting code for test cases.
* Resolve merge conflict changes.
2018-09-28 10:46:59 +03:00
Andrew Hsu
5f98926a7b
Refactor Dockerfile ( #245 )
...
* ignore the temporary image file used for builds
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOPATH in the Dockerfile
It is already set in the golang:1.10.3-alpine3.8 image.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOROOT in Dockerfile
The correct value is embedded in the go tool.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* bump Dockerfile golang to 1.10.4
The latest golang version thus far.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* replace docker-entrypoint.sh with the gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* git ignore gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* refactor Dockerfile into multi-stage
First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* fix the image execution example in README.md
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-09-26 08:09:20 +03:00
Grant Murphy
7f6509a916
Update README.md ( #246 )
...
Add logo to README.md
2018-09-25 19:44:53 +10:00
Dale Hui
762ff3a709
Allow quoted strings to be used to format SQL queries ( #240 )
...
* Support stripping vendor paths when matching calls
* Factor out matching of formatter string
* Quoted strings are safe to use with SQL str formatted strings
* Add test for allowing quoted strings with string formatters
* Install the pq package for tests to pass
2018-09-25 10:40:05 +03:00
Dale Hui
ec32ce68d8
Support Go 1.11 ( #239 )
...
* Test with the latest minor version of each major Go version
* Support Go 1.11 and modules
2018-09-10 09:09:12 +02:00
cschoenduve-splunk
145f1a0bf4
Removed wrapping feature ( #238 )
2018-09-04 18:08:37 +02:00
cschoenduve-splunk
419c9292c8
G107 - SSRF ( #236 )
...
* Initial SSRF Rule
* Added Selector evaluation
* Added source code tests
* Fixed spacing issues
* Fixed Spacingv2
* Removed resty test
2018-09-04 08:55:03 +02:00
Dom Udall 改善
63b25c147f
Fix typo in README ( #235 )
...
`PORJECT` -> `PROJECT`
2018-09-03 09:39:31 +02:00
cschoenduve-splunk
7fd94463ed
update to G304 which adds binary expressions and file joining ( #233 )
...
* Added features to G304
* Linted
* Added path selectors
* Used better solution
* removed debugging lines
* fixed comments
* Added test code
* fixed a spacing change
2018-08-28 14:34:07 +10:00
Cosmin Cojocar
e4ba96adc3
Update README
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
ec0f8ec9d6
Set the GOROOT and GOPATH env variables in Dockerfile
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
247828cfa5
Update docker base image to 1.10.3-alpine3.8
2018-08-21 11:15:14 +02:00
cschoenduve-splunk
b6891998ce
Add Fprintf to Rule G201
2018-08-21 09:31:38 +02:00
cschoenduve-splunk
a7cff91312
Small update to G201 and added ConcatString Function ( #228 )
2018-08-19 19:57:36 +02:00
Grant Murphy
1c438e36af
Tweak makefile to match up with docker repo ( #231 )
2018-08-19 10:28:17 +10:00
Cosmin Cojocar
9577fd0b44
Update README
2018-08-15 09:58:26 +02:00
Cosmin Cojocar
e543f4662c
Use the Linux build for Docker image
2018-08-15 09:53:33 +02:00
Cosmin Cojocar
dbd0f8f511
Use the make build goal when creeating the docker image
2018-08-15 09:45:37 +02:00
Cosmin Cojocar
f06a84ebaa
Merge pull request #227 from ccojocar/sha1
...
Add sha1 to weak crypto primitives
2018-08-09 09:34:49 +02:00
Cosmin Cojocar
8dfa8dc015
Update README
2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96
Add sha1 to weak crypto primitives
2018-08-08 16:38:57 +02:00
Cosmin Cojocar
90a1c1d625
Merge pull request #225 from jvmatl/jvmatl-patch-1
...
Document #nosec use with a list of rules
2018-08-03 10:02:42 +02:00
John Martinez
0d2e16dfa3
Document #nosec use with a list of rules
...
Extend the readme to document the ability to prevent some, but not all, rules from being enforced within an AST node.
2018-07-31 16:22:19 -04:00
Cosmin Cojocar
639987a295
Merge pull request #223 from ccojocar/fail_by_severity
...
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 13:46:25 +02:00
Cosmin Cojocar
de10a7456f
Fix the help message
2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 09:43:41 +02:00
Cosmin Cojocar
c0db486820
Merge pull request #222 from ccojocar/vendor_folder_flag
...
Add a flag to turn on scanning on vendor folder
2018-07-30 09:23:52 +02:00
Cosmin Cojocar
6919d97188
Add a flag to turn on scanning on vendor folder
2018-07-30 09:11:23 +02:00
Cosmin Cojocar
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
...
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
Cosmin Cojocar
7d767b4b66
Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
...
replace len(x)<=0 with len(x)==0
2018-07-30 08:43:44 +02:00
Iskander Sharipov
3c8707c6c4
fix duplicated index issue in Less method
...
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
Iskander Sharipov
2f61fad317
replace len(x)<=0 with len(x)==0
...
length can't be negative.
Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
Cosmin Cojocar
5fb530cda3
Merge pull request #219 from ccojocar/goreleaser
...
Use the goreleaser tool to perform releases
2018-07-27 14:59:25 +02:00
Cosmin Cojocar
a8edd07bf1
Update locked dependencies
2018-07-27 14:48:09 +02:00
Cosmin Cojocar
2a6e887167
Use the goreleaser tool to perform releases
2018-07-27 14:42:00 +02:00
Cosmin Cojocar
5ba647528a
Merge pull request #211 from WillAbides/commandcontext
...
Make G204 look for CommandContext calls
2018-07-26 16:48:42 +02:00
Will Roden
1f9d09d456
remove extra bracket from test source
2018-07-26 09:27:39 -05:00