I thought that an example where the user inputs a URL is more realistic.
Because if your operating system is already hacked then you are already screwed.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
* Allow for SQL concatenation of nodes that resolve to literals
If node.Y resolves to a literal, it will not be considered as an issue.
* Fix typo in comment.
* Go through all files in package to resolve that identifier
* Refactor code and added comments.
* Changed checking to not var or func.
* Allow for supporting code for test cases.
* Resolve merge conflict changes.
* Support stripping vendor paths when matching calls
* Factor out matching of formatter string
* Quoted strings are safe to use with SQL str formatted strings
* Add test for allowing quoted strings with string formatters
* Install the pq package for tests to pass
* Add a rule which detects file path traversal when extracting zip archive
* Detect if any argument is derived from zip.File
* Drop support for Go version 1.8
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)
* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration
* Update README
* Remove trailing space in README
* Update dependencies
* Fix the commends of the generated functions
* Add nil pointer check to rule. (#181)
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.
Relates to #174
* Add support for YAML output format (#177)
* Add YAML output format
* Update README
* added rule to check for tainted file path
* added #nosec to main/issue.go
* updated test case import
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
on GOPATH)
- Simplified public API