gosec

actions/gosec

Fork 0

mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00

Commit graph

Author	SHA1	Message	Date
Tim Kelsey	45f3b5f671	Creating blacklist import rules Creating a new generic blacklist rule and removing the older specific ones. This will need configuration integration when we have some. The new test is immune to import aliasing but not shadowing	2016-08-05 12:58:27 +01:00
Tim Kelsey	d4367de2e2	Adding a config block to the analyzer, parsed from JSON A CLI option can now be given to tell GAS it should parse data from a JSON file. Fatal errors are given if the file is not readable or is not valid JSON.	2016-08-01 17:39:47 +01:00
Tim Kelsey	361593394e	Adding check for httpoxy Go code running under CGI is vulnerable to httpoxy attack. See https://httpoxy.org/ this checks for an import of net/http/cgi that might indicate code may be run under CGI. closes #1	2016-07-21 16:30:09 +01:00

Author

SHA1

Message

Date

Tim Kelsey

45f3b5f671

Creating blacklist import rules

Creating a new generic blacklist rule and removing the older
specific ones. This will need configuration integration when
we have some.

The new test is immune to import aliasing but not shadowing

2016-08-05 12:58:27 +01:00

Tim Kelsey

d4367de2e2

Adding a config block to the analyzer, parsed from JSON

A CLI option can now be given to tell GAS it should parse data
from a JSON file. Fatal errors are given if the file is not
readable or is not valid JSON.

2016-08-01 17:39:47 +01:00

Tim Kelsey

361593394e

Adding check for httpoxy

Go code running under CGI is vulnerable to httpoxy attack. See
https://httpoxy.org/ this checks for an import of net/http/cgi
that might indicate code may be run under CGI.

closes #1

2016-07-21 16:30:09 +01:00

3 commits