Commit graph

96 commits

Author SHA1 Message Date
cschoenduve-splunk
a7cff91312 Small update to G201 and added ConcatString Function (#228) 2018-08-19 19:57:36 +02:00
Cosmin Cojocar
8dfa8dc015 Update README 2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96 Add sha1 to weak crypto primitives 2018-08-08 16:38:57 +02:00
Will Roden
6a156e2695 Merge branch 'master' into commandcontext 2018-07-26 09:13:43 -05:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org (#214) 2018-07-19 17:40:28 +10:00
Cosmin Cojocar
1923b6d18e Rule which detects a potential path traversal when extracting zip archives (#208)
* Add a rule which detects file path traversal when extracting zip archive

* Detect if any argument is derived from zip.File

* Drop support for Go version 1.8
2018-07-18 22:31:07 +10:00
Will Roden
d7ec2fce7a add CommandContext as subprocess launcher 2018-06-03 16:43:28 -05:00
cosmincojocar
4ae8c95b40 Add an option for Go build tags (#201)
* Add an option for Go build tags

* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
cosmincojocar
c25269ef39 Regenerate the TLS config (#199) 2018-04-16 15:44:11 +10:00
cosmincojocar
e809226800 Build improvments (#179)
* Add a semantic version to the usage text

* Add a comment to the version function

* Inject the version, git tag and build date as build variables

* Update README

* Fix lint warnings

* Update README

* Manage dependencies with dep tool instead of godep

* Add a Makefile for common build tasks

* Update the build file to use the make tool

* Update Dockerfile

* Add docker entry point in to make the passing of arguments easy

* Update README

* Add missing tools to the build

* Drop 1.7 support and add 1.10

* Fix Go 1.10 according with the travis guidelines

https://docs.travis-ci.com/user/languages/go/

* Update the tls-observatory package

* Fix lint warnings

* Change the output of the tests to be more verbose

* Check if the are build errors before executing the rule test
2018-03-13 08:57:10 +10:00
jonmcclintock
2115402409 Add the rule ID to issues (#188) 2018-03-12 18:18:44 +10:00
Grant Murphy
66aea5cd99 fix gofmt errors 2018-03-09 12:49:01 +10:00
Grant Murphy
90fe5cb5ab Port readfile rule to include ID and metadata 2018-03-09 11:27:41 +10:00
Grant Murphy
58a48c471c Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule 2018-03-09 10:54:34 +10:00
andyleap
f3c8d59863 Switch to valuespec instead of gendecl for hardcoded credential rule (#186) 2018-03-09 09:49:49 +10:00
coredefend
e76b258456 New Rule Tainted file (#183)
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)

* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions

* Add nil pointer check to rule. (#181)

TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174

* Add support for YAML output format (#177)

* Add YAML output format

* Update README

* added rule to check for tainted file path

* added #nosec to main/issue.go

* updated test case import
2018-03-09 09:23:27 +10:00
Jon McClintock
6b484e734e Run gofmt 2018-03-03 00:03:39 +00:00
Jon McClintock
1429033aca Add support for #excluding specific rules 2018-03-02 23:44:51 +00:00
Grant Murphy
c6183b4d5c
Add nil pointer check to rule. (#181)
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174
2018-02-28 04:29:25 +10:00
cosmincojocar
edb362fc9d Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)
* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions
2018-02-21 15:59:18 +10:00
cosmincojocar
1c58cbd378 Make the folder permissions more permissive to avoid false positives (#175) 2018-02-15 19:53:01 +10:00
Cosmin Cojocar
230d286f4e Fix gofmt formatting 2018-02-10 20:04:58 +01:00
Grant Murphy
6b28d5c0e6
Merge pull request #166 from cosmincojocar/fprint_whitelist
Add Fprint, Fprintf, Fprintln to NoErrorCheck whitelist
2018-02-08 11:54:44 +10:00
Cosmin Cojocar
6cd7a6d7fe Add Fprint, Fprintf, Fprintln to NoErrorCheck whitelist 2018-02-07 14:13:17 +01:00
Cosmin Cojocar
179c178924 Add some review fixes 2018-02-07 09:23:52 +01:00
Cosmin Cojocar
d3c3cd6419 Add a rule to detect the usage of ssh InsecureIgnoreHostKey function 2018-02-06 16:56:26 +01:00
Grant Murphy
a97a196160 Unused import 2018-01-30 09:35:35 +10:00
Grant Murphy
7c7fe752b6 Fix go vet errors in tests 2018-01-30 09:32:04 +10:00
Jon McClintock
1ca335016a Rebase to master 2018-01-22 18:45:07 +00:00
Jon McClintock
8eb9cc02a4 Adjust SQL format-string rules to ignore inherently safe formats 2018-01-22 18:34:57 +00:00
Grant Murphy
085e0f65af
Merge pull request #150 from GoASTScanner/experimental
Use explicit packages in call lists
2018-01-05 23:14:24 +10:00
Grant Murphy
aecbc873ef Use explicit packages in call lists
By allowing partial matches of selectors there are chances of collisions
such as those in issue #145, this removes it to expect explicit packages
for each rule.

Closes #145
2018-01-05 23:05:53 +10:00
Grant Murphy
9a2bec1cd0
Merge pull request #149 from GoASTScanner/experimental
Fix nil pointer dereference in complit types
2018-01-05 22:20:21 +10:00
Grant Murphy
b6f85d50da Fix nil pointer dereference in complit types 2018-01-05 22:19:08 +10:00
Grant Murphy
3520a5ae85
Merge pull request #146 from GoASTScanner/experimental
Merge experimental / refactor
2018-01-05 22:08:59 +10:00
Grant Murphy
e925d3c347 Migrated old test cases. 2017-12-28 16:54:10 +10:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c fix hound-ci errors 2017-12-13 17:39:00 +10:00
Grant Murphy
3caf7c3154 Add test cases 2017-09-16 10:12:27 +10:00
Cosmin Cojocar
c36954f04a Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 16:00:56 +02:00
Grant Murphy
6943f9e5e4 Major rework of codebase
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
  on GOPATH)
- Simplified public API
2017-07-19 15:17:00 -06:00
Grant Murphy
65b18da711 Hack to address circular dependency in rulelist 2017-05-09 21:26:12 -07:00
Grant Murphy
bf78d027a9 Restructure and introduce a standalone config 2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Cosmin Cojocar
5b71c2b05f Add a test for math/big.Int.Exp rule 2017-04-10 16:10:24 +02:00
Cosmin Cojocar
65b8e74ecd Add a rule for big.Exp function call 2017-04-10 14:25:48 +02:00
mockturtl
b74c83e7e7 BindsToAllNetworkInterfaces should check TLS also 2017-03-28 13:24:22 -04:00
Grant Murphy
177fa7dde0 Merge pull request #122 from GoASTScanner/testfixes
Correct bad test cases and intermitent failure
2017-03-22 10:51:44 -07:00
Grant Murphy
622440f167 Correct bad test cases and intermitent failure
The filelist test was non-deterministic and causing intermittent
failures due to ordering. This change will ensure that the file list
returns an ordered list of files in the String() method now.

Additionally there were a number of test cases that the sample code
was incorrect, or would not compile. These have also been corrected.
2017-03-15 08:47:40 -07:00