actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
227 commits 2 branches 41 tags 20 MiB
Commit graph

227 commits

This branch
This branch
All branches
Author SHA1 Message Date
Grant Murphy
b49fef79a5 Using godep not glide for dependency management 2018-01-30 09:27:55 +10:00
Grant Murphy
07a2eecabe
Merge pull request #156 from gcmurphy/bugfix 
Sending log messages to multiple streams
 2018-01-23 10:17:07 +10:00
Grant Murphy
5361949a13 Sending log messages to multiple streams 
Use the configured logger for all log messages.
 2018-01-23 10:02:20 +10:00
Grant Murphy
51b4a4ddc8
Merge pull request #138 from jonmcclintock/sqli-format-whitelist 
Adjust SQL format-string rules to ignore inherently safe formats
 2018-01-23 07:50:52 +10:00
Jon McClintock
bc2a61bd17 Merge branch 'sqli-format-whitelist' of github.com:jonmcclintock/gas into sqli-format-whitelist 2018-01-22 18:56:58 +00:00
Jon McClintock
1ca335016a Rebase to master 2018-01-22 18:45:07 +00:00
Jon McClintock
8eb9cc02a4 Adjust SQL format-string rules to ignore inherently safe formats 2018-01-22 18:34:57 +00:00
Grant Murphy
a0fc08918b
Merge pull request #154 from GoASTScanner/issue/153 
Add install instructions
 2018-01-11 11:31:50 +10:00
Grant Murphy
806c1d081f
Add install instructions 
Closes 153
 2018-01-11 11:31:08 +10:00
Grant Murphy
b0682841bb
Merge pull request #152 from ashanbrown/one-build 
Do a single build for all packages
 2018-01-08 09:23:10 +10:00
Andrew S. Brown
22dc89384d Do a single build for all packages. 
This is much faster because the loader can reuse packages.
 2018-01-07 15:02:33 -08:00
Grant Murphy
085e0f65af
Merge pull request #150 from GoASTScanner/experimental 
Use explicit packages in call lists
 2018-01-05 23:14:24 +10:00
Grant Murphy
aecbc873ef Use explicit packages in call lists 
By allowing partial matches of selectors there are chances of collisions
such as those in issue #145, this removes it to expect explicit packages
for each rule.

Closes #145
 2018-01-05 23:05:53 +10:00
Grant Murphy
9a2bec1cd0
Merge pull request #149 from GoASTScanner/experimental 
Fix nil pointer dereference in complit types
 2018-01-05 22:20:21 +10:00
Grant Murphy
b6f85d50da Fix nil pointer dereference in complit types 2018-01-05 22:19:08 +10:00
Grant Murphy
3520a5ae85
Merge pull request #146 from GoASTScanner/experimental 
Merge experimental / refactor
 2018-01-05 22:08:59 +10:00
Grant Murphy
867d3009e8 Fix lint issues 2018-01-05 21:56:42 +10:00
Grant Murphy
d452dcb20d Fix ginko invocation 
The tests are running extremely slow at the moment, and these extra
options add to the problem.
 2018-01-05 21:55:06 +10:00
Grant Murphy
4c49716f0e move utils to separate executable 2017-12-28 16:55:12 +10:00
Grant Murphy
e925d3c347 Migrated old test cases. 2017-12-28 16:54:10 +10:00
Grant Murphy
25d74c6b20 address review comments 2017-12-14 10:04:22 +10:00
Grant Murphy
af25ac1f6e fix golint errors picked up by hound-ci 2017-12-13 22:35:47 +10:00
Grant Murphy
cfa432729c fix hound-ci errors 2017-12-13 17:39:00 +10:00
Grant Murphy
97cde35f32 update travis-ci to use ginkgo tests 2017-12-13 16:38:15 +10:00
Grant Murphy
e3b6fd94c2 update readme to provide info regarding package level scans 2017-12-13 16:35:54 +10:00
Grant Murphy
02901b98fc actually skip tests until implementation exists 2017-12-13 16:35:28 +10:00
Grant Murphy
d4311c96e2 make it clear that these tests have not been implemented yet 2017-12-13 16:32:53 +10:00
Grant Murphy
67dc43293c use godep instead of glide 2017-12-13 16:32:12 +10:00
Jon McClintock
7dfebaf91e Adjust SQL format-string rules to ignore inherently safe formats 2017-10-05 16:24:29 +00:00
Grant Murphy
27b2fd9cd3 Merge pull request #136 from lanzafame/experimental 
output/formatter: Issue.Line was already a string
 2017-10-05 00:02:19 +10:00
Grant Murphy
6de76c9261 Merge pull request #135 from cosmincojocar/update_mondern_tls_chipers 
Add the CHACHA20 to good ciphers in modern tls check
 2017-10-05 00:01:47 +10:00
Adrian Lanzafame
5a1133682a remove commited binary 2017-10-01 10:31:51 +10:00
Adrian Lanzafame
9c959ca0a9 Issue.Line is already a string 2017-10-01 10:31:39 +10:00
Grant Murphy
3caf7c3154 Add test cases 2017-09-16 10:12:27 +10:00
Cosmin Cojocar
c36954f04a Add the CHACHA20 to good ciphers in modern tls check 2017-08-30 16:00:56 +02:00
Grant Murphy
f22c701483 Merge pull request #133 from awiens/master 
Adding Docker container and updating README
 2017-08-10 15:37:29 -04:00
Amber Wiens
b120a3ec3f Updating Dockerfile with requested changes 2017-08-09 13:00:19 -06:00
Amber Wiens
5f0f8f89a6 Adding Docker container and changing README 2017-08-03 11:50:58 -06:00
Grant Murphy
6943f9e5e4 Major rework of codebase 
- Get rid of 'core' and move CLI to cmd/gas directory
- Migrate (most) tests to use Ginkgo and testutils framework
- GAS now expects package to reside in $GOPATH
- GAS now can resolve dependencies for better type checking (if package
  on GOPATH)
- Simplified public API
 2017-07-19 15:17:00 -06:00
Grant Murphy
f4b705a864 Use glide to manage vendored dependencies 2017-05-09 21:59:12 -07:00
Grant Murphy
026fe4c534 Simplify analyzer and command line interface 
The analyzer now only handles packages rather than one off files. This
simplifies the CLI functionality significantly.
 2017-05-09 21:26:53 -07:00
Grant Murphy
65b18da711 Hack to address circular dependency in rulelist 2017-05-09 21:26:12 -07:00
Grant Murphy
5160048ba6 Move rule definitions into own file 2017-05-09 21:24:43 -07:00
Grant Murphy
50bbc53a34 Isolate import tracking functionality 2017-05-09 21:23:37 -07:00
Grant Murphy
bf78d027a9 Restructure and introduce a standalone config 2017-04-28 14:46:26 -07:00
Grant Murphy
cacf21f3c0 Restructure to focus on lib rather than cli 2017-04-26 08:08:46 -07:00
Grant Murphy
8df48f9769 Fix to reporting to use output formats 2017-04-25 17:57:12 -07:00
Grant Murphy
9b081744c9 Process via packages instead of files 
Initial commit to change GAS to process packages rather than standalone
files. This is to address issues with type resolution for external
dependencies.

Uses golang.org/x/tools/go/loader to prepare analyzer input rather than
finding the individual files.
 2017-04-25 16:01:28 -07:00
Grant Murphy
1beec25f77 Merge pull request #128 from cosmincojocar/improve_skip 
Add support for partial path match in the skip option
 2017-04-11 12:38:52 -07:00
Grant Murphy
e94e23200a Merge pull request #129 from cosmincojocar/big_exp 
Add a rule which audits the use of math/big.Int.Exp function call
 2017-04-11 12:36:57 -07:00