Commit graph

208 commits

Author SHA1 Message Date
Grant Murphy
b659538aa8 Merge pull request #26 from HewlettPackard/fix_annotations
Fixing annotations
2016-07-29 07:24:05 -07:00
Tim Kelsey
68aac2539a Fixing annotations
The logic around annotations (nosec) was broken, meaning they were
ignored by default and would not skip sub-blocks. This fixes the
problem and also adds a test to make sure it wont be broken in the
future. Closes #25
2016-07-29 10:34:19 +01:00
Grant Murphy
28f0f1abe8 Merge pull request #23 from csstaub/cs/detect-math-rand
Detect use of rand.Read from math/rand
2016-07-28 13:20:38 -07:00
Cedric Staub
c53af75658
Detect use of rand.Read from math/rand 2016-07-28 11:26:34 -07:00
Cedric Staub
3cd0ebee96 Smarter hard-coded credentials check
Check right-hand side expr for literals when looking for hard-coded
credentials. This is to avoid issuing warnings for cases where a
password, token, etc. is read from a file or a terminal.
2016-07-27 22:51:34 -07:00
Tim Kelsey
3e4d96ef3e Better SQLi testing
This prevents the string concat tests flagging a false positive if
joining two literal strings (eg "SELECT * FROM " + " table" ... )
or with a constant (eg const tab = "name"; "SELECT * from " + tab)
2016-07-27 15:47:07 +01:00
Tim Kelsey
361593394e Adding check for httpoxy
Go code running under CGI is vulnerable to httpoxy attack. See
https://httpoxy.org/ this checks for an import of net/http/cgi
that might indicate code may be run under CGI.

closes #1
2016-07-21 16:30:09 +01:00
Tim Kelsey
4f3d620d37 Initial public release 2016-07-20 15:56:32 +01:00