Andrew Hsu
5f98926a7b
Refactor Dockerfile ( #245 )
...
* ignore the temporary image file used for builds
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOPATH in the Dockerfile
It is already set in the golang:1.10.3-alpine3.8 image.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOROOT in Dockerfile
The correct value is embedded in the go tool.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* bump Dockerfile golang to 1.10.4
The latest golang version thus far.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* replace docker-entrypoint.sh with the gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* git ignore gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* refactor Dockerfile into multi-stage
First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* fix the image execution example in README.md
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-09-26 08:09:20 +03:00
Grant Murphy
7f6509a916
Update README.md ( #246 )
...
Add logo to README.md
2018-09-25 19:44:53 +10:00
Dale Hui
762ff3a709
Allow quoted strings to be used to format SQL queries ( #240 )
...
* Support stripping vendor paths when matching calls
* Factor out matching of formatter string
* Quoted strings are safe to use with SQL str formatted strings
* Add test for allowing quoted strings with string formatters
* Install the pq package for tests to pass
2018-09-25 10:40:05 +03:00
Dale Hui
ec32ce68d8
Support Go 1.11 ( #239 )
...
* Test with the latest minor version of each major Go version
* Support Go 1.11 and modules
2018-09-10 09:09:12 +02:00
cschoenduve-splunk
145f1a0bf4
Removed wrapping feature ( #238 )
2018-09-04 18:08:37 +02:00
cschoenduve-splunk
419c9292c8
G107 - SSRF ( #236 )
...
* Initial SSRF Rule
* Added Selector evaluation
* Added source code tests
* Fixed spacing issues
* Fixed Spacingv2
* Removed resty test
2018-09-04 08:55:03 +02:00
Dom Udall 改善
63b25c147f
Fix typo in README ( #235 )
...
`PORJECT` -> `PROJECT`
2018-09-03 09:39:31 +02:00
cschoenduve-splunk
7fd94463ed
update to G304 which adds binary expressions and file joining ( #233 )
...
* Added features to G304
* Linted
* Added path selectors
* Used better solution
* removed debugging lines
* fixed comments
* Added test code
* fixed a spacing change
2018-08-28 14:34:07 +10:00
Cosmin Cojocar
e4ba96adc3
Update README
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
ec0f8ec9d6
Set the GOROOT and GOPATH env variables in Dockerfile
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
247828cfa5
Update docker base image to 1.10.3-alpine3.8
2018-08-21 11:15:14 +02:00
cschoenduve-splunk
b6891998ce
Add Fprintf to Rule G201
2018-08-21 09:31:38 +02:00
cschoenduve-splunk
a7cff91312
Small update to G201 and added ConcatString Function ( #228 )
2018-08-19 19:57:36 +02:00
Grant Murphy
1c438e36af
Tweak makefile to match up with docker repo ( #231 )
2018-08-19 10:28:17 +10:00
Cosmin Cojocar
9577fd0b44
Update README
2018-08-15 09:58:26 +02:00
Cosmin Cojocar
e543f4662c
Use the Linux build for Docker image
2018-08-15 09:53:33 +02:00
Cosmin Cojocar
dbd0f8f511
Use the make build goal when creeating the docker image
2018-08-15 09:45:37 +02:00
Cosmin Cojocar
f06a84ebaa
Merge pull request #227 from ccojocar/sha1
...
Add sha1 to weak crypto primitives
2018-08-09 09:34:49 +02:00
Cosmin Cojocar
8dfa8dc015
Update README
2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96
Add sha1 to weak crypto primitives
2018-08-08 16:38:57 +02:00
Cosmin Cojocar
90a1c1d625
Merge pull request #225 from jvmatl/jvmatl-patch-1
...
Document #nosec use with a list of rules
2018-08-03 10:02:42 +02:00
John Martinez
0d2e16dfa3
Document #nosec use with a list of rules
...
Extend the readme to document the ability to prevent some, but not all, rules from being enforced within an AST node.
2018-07-31 16:22:19 -04:00
Cosmin Cojocar
639987a295
Merge pull request #223 from ccojocar/fail_by_severity
...
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 13:46:25 +02:00
Cosmin Cojocar
de10a7456f
Fix the help message
2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 09:43:41 +02:00
Cosmin Cojocar
c0db486820
Merge pull request #222 from ccojocar/vendor_folder_flag
...
Add a flag to turn on scanning on vendor folder
2018-07-30 09:23:52 +02:00
Cosmin Cojocar
6919d97188
Add a flag to turn on scanning on vendor folder
2018-07-30 09:11:23 +02:00
Cosmin Cojocar
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
...
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
Cosmin Cojocar
7d767b4b66
Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
...
replace len(x)<=0 with len(x)==0
2018-07-30 08:43:44 +02:00
Iskander Sharipov
3c8707c6c4
fix duplicated index issue in Less method
...
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
Iskander Sharipov
2f61fad317
replace len(x)<=0 with len(x)==0
...
length can't be negative.
Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
Cosmin Cojocar
5fb530cda3
Merge pull request #219 from ccojocar/goreleaser
...
Use the goreleaser tool to perform releases
2018-07-27 14:59:25 +02:00
Cosmin Cojocar
a8edd07bf1
Update locked dependencies
2018-07-27 14:48:09 +02:00
Cosmin Cojocar
2a6e887167
Use the goreleaser tool to perform releases
2018-07-27 14:42:00 +02:00
Cosmin Cojocar
5ba647528a
Merge pull request #211 from WillAbides/commandcontext
...
Make G204 look for CommandContext calls
2018-07-26 16:48:42 +02:00
Will Roden
1f9d09d456
remove extra bracket from test source
2018-07-26 09:27:39 -05:00
Will Roden
6a156e2695
Merge branch 'master' into commandcontext
2018-07-26 09:13:43 -05:00
Cosmin Cojocar
2785f7aaf8
Merge pull request #217 from ccojocar/derive_pkg_from_files
...
Derive the package from given files
2018-07-23 15:29:24 +02:00
Cosmin Cojocar
4c6396b7d4
Derive the package from given files
...
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
Grant Murphy
3f2b81461f
Update README.md
2018-07-20 09:23:46 +10:00
Grant Murphy
138e6decee
Add slack community link ( #215 )
...
Add slack community link
2018-07-20 09:22:43 +10:00
Cosmin Cojocar
f254cec60b
Merge pull request #216 from ccojocar/rename_gas_with_gosec
...
Rename gas with gosec
2018-07-19 18:56:36 +02:00
Cosmin Cojocar
e6641c6265
Replace gas with gosec in the README file
2018-07-19 18:46:26 +02:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org ( #214 )
2018-07-19 17:40:28 +10:00
Cosmin Cojocar
1923b6d18e
Rule which detects a potential path traversal when extracting zip archives ( #208 )
...
* Add a rule which detects file path traversal when extracting zip archive
* Detect if any argument is derived from zip.File
* Drop support for Go version 1.8
2018-07-18 22:31:07 +10:00
Will Roden
d7ec2fce7a
add CommandContext as subprocess launcher
2018-06-03 16:43:28 -05:00
cosmincojocar
4ae8c95b40
Add an option for Go build tags ( #201 )
...
* Add an option for Go build tags
* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
cosmincojocar
7790709b81
Discard the logs messages if the quite flag is set ( #200 )
2018-04-16 19:41:40 +10:00
Grant Murphy
830cb81b29
Support package resolution and filepaths ( #187 )
...
* Support package resolution and filepaths
This change introduces the logic to resolve packages using gotool
and build packages from filepaths. It assumes that the packages
being scanned are located within the GOPATH.
If the GOPATH environment variable is not set the GOPATH is derived
as $HOME/go.
Relates to #184
* Fix build error
* Address unhandled error
* Fix formatting error
* Handle multiple paths on GOPATH
2018-04-16 15:46:39 +10:00