NeverOddOrEven
027dc2b8a7
This fixes the html template when using '-fmt=html'
...
- resolves HTML escaping issues within the template
- resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats
2018-10-03 13:31:59 -05:00
Cosmin Cojocar
f9b41874b1
Merge pull request #249 from andrewhsu/go
...
bump Dockerfile golang from 1.10 to 1.11
2018-10-03 08:35:47 +02:00
Andrew Hsu
1ecd47e007
bump Dockerfile golang from 1.10 to 1.11
...
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-10-03 00:28:39 +00:00
Cosmin Cojocar
2cc6838ca3
Merge pull request #248 from ccojocar/code-samples-multiple-files
...
Refactor the test code sample to support multiple files per sample
2018-09-28 11:52:04 +03:00
Cosmin Cojocar
64d58c2e51
Refactor the test code sample to support multiple files per sample
2018-09-28 11:42:25 +03:00
Delon Wong Her Laang
d3f1980e7a
Fix false positives for SQL string concatenation with constants from another file ( #247 )
...
* Allow for SQL concatenation of nodes that resolve to literals
If node.Y resolves to a literal, it will not be considered as an issue.
* Fix typo in comment.
* Go through all files in package to resolve that identifier
* Refactor code and added comments.
* Changed checking to not var or func.
* Allow for supporting code for test cases.
* Resolve merge conflict changes.
2018-09-28 10:46:59 +03:00
Andrew Hsu
5f98926a7b
Refactor Dockerfile ( #245 )
...
* ignore the temporary image file used for builds
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOPATH in the Dockerfile
It is already set in the golang:1.10.3-alpine3.8 image.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* no need for GOROOT in Dockerfile
The correct value is embedded in the go tool.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* bump Dockerfile golang to 1.10.4
The latest golang version thus far.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* replace docker-entrypoint.sh with the gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* git ignore gosec binary
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* refactor Dockerfile into multi-stage
First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
* fix the image execution example in README.md
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-09-26 08:09:20 +03:00
Grant Murphy
7f6509a916
Update README.md ( #246 )
...
Add logo to README.md
2018-09-25 19:44:53 +10:00
Dale Hui
762ff3a709
Allow quoted strings to be used to format SQL queries ( #240 )
...
* Support stripping vendor paths when matching calls
* Factor out matching of formatter string
* Quoted strings are safe to use with SQL str formatted strings
* Add test for allowing quoted strings with string formatters
* Install the pq package for tests to pass
2018-09-25 10:40:05 +03:00
Dale Hui
ec32ce68d8
Support Go 1.11 ( #239 )
...
* Test with the latest minor version of each major Go version
* Support Go 1.11 and modules
2018-09-10 09:09:12 +02:00
cschoenduve-splunk
145f1a0bf4
Removed wrapping feature ( #238 )
2018-09-04 18:08:37 +02:00
cschoenduve-splunk
419c9292c8
G107 - SSRF ( #236 )
...
* Initial SSRF Rule
* Added Selector evaluation
* Added source code tests
* Fixed spacing issues
* Fixed Spacingv2
* Removed resty test
2018-09-04 08:55:03 +02:00
Dom Udall 改善
63b25c147f
Fix typo in README ( #235 )
...
`PORJECT` -> `PROJECT`
2018-09-03 09:39:31 +02:00
cschoenduve-splunk
7fd94463ed
update to G304 which adds binary expressions and file joining ( #233 )
...
* Added features to G304
* Linted
* Added path selectors
* Used better solution
* removed debugging lines
* fixed comments
* Added test code
* fixed a spacing change
2018-08-28 14:34:07 +10:00
Cosmin Cojocar
e4ba96adc3
Update README
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
ec0f8ec9d6
Set the GOROOT and GOPATH env variables in Dockerfile
2018-08-21 11:15:14 +02:00
Cosmin Cojocar
247828cfa5
Update docker base image to 1.10.3-alpine3.8
2018-08-21 11:15:14 +02:00
cschoenduve-splunk
b6891998ce
Add Fprintf to Rule G201
2018-08-21 09:31:38 +02:00
cschoenduve-splunk
a7cff91312
Small update to G201 and added ConcatString Function ( #228 )
2018-08-19 19:57:36 +02:00
Grant Murphy
1c438e36af
Tweak makefile to match up with docker repo ( #231 )
2018-08-19 10:28:17 +10:00
Cosmin Cojocar
9577fd0b44
Update README
2018-08-15 09:58:26 +02:00
Cosmin Cojocar
e543f4662c
Use the Linux build for Docker image
2018-08-15 09:53:33 +02:00
Cosmin Cojocar
dbd0f8f511
Use the make build goal when creeating the docker image
2018-08-15 09:45:37 +02:00
Cosmin Cojocar
f06a84ebaa
Merge pull request #227 from ccojocar/sha1
...
Add sha1 to weak crypto primitives
2018-08-09 09:34:49 +02:00
Cosmin Cojocar
8dfa8dc015
Update README
2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96
Add sha1 to weak crypto primitives
2018-08-08 16:38:57 +02:00
Cosmin Cojocar
90a1c1d625
Merge pull request #225 from jvmatl/jvmatl-patch-1
...
Document #nosec use with a list of rules
2018-08-03 10:02:42 +02:00
John Martinez
0d2e16dfa3
Document #nosec use with a list of rules
...
Extend the readme to document the ability to prevent some, but not all, rules from being enforced within an AST node.
2018-07-31 16:22:19 -04:00
Cosmin Cojocar
639987a295
Merge pull request #223 from ccojocar/fail_by_severity
...
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 13:46:25 +02:00
Cosmin Cojocar
de10a7456f
Fix the help message
2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 09:43:41 +02:00
Cosmin Cojocar
c0db486820
Merge pull request #222 from ccojocar/vendor_folder_flag
...
Add a flag to turn on scanning on vendor folder
2018-07-30 09:23:52 +02:00
Cosmin Cojocar
6919d97188
Add a flag to turn on scanning on vendor folder
2018-07-30 09:11:23 +02:00
Cosmin Cojocar
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
...
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
Cosmin Cojocar
7d767b4b66
Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
...
replace len(x)<=0 with len(x)==0
2018-07-30 08:43:44 +02:00
Iskander Sharipov
3c8707c6c4
fix duplicated index issue in Less method
...
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
Iskander Sharipov
2f61fad317
replace len(x)<=0 with len(x)==0
...
length can't be negative.
Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
Cosmin Cojocar
5fb530cda3
Merge pull request #219 from ccojocar/goreleaser
...
Use the goreleaser tool to perform releases
2018-07-27 14:59:25 +02:00
Cosmin Cojocar
a8edd07bf1
Update locked dependencies
2018-07-27 14:48:09 +02:00
Cosmin Cojocar
2a6e887167
Use the goreleaser tool to perform releases
2018-07-27 14:42:00 +02:00
Cosmin Cojocar
5ba647528a
Merge pull request #211 from WillAbides/commandcontext
...
Make G204 look for CommandContext calls
2018-07-26 16:48:42 +02:00
Will Roden
1f9d09d456
remove extra bracket from test source
2018-07-26 09:27:39 -05:00
Will Roden
6a156e2695
Merge branch 'master' into commandcontext
2018-07-26 09:13:43 -05:00
Cosmin Cojocar
2785f7aaf8
Merge pull request #217 from ccojocar/derive_pkg_from_files
...
Derive the package from given files
2018-07-23 15:29:24 +02:00
Cosmin Cojocar
4c6396b7d4
Derive the package from given files
...
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
Grant Murphy
3f2b81461f
Update README.md
2018-07-20 09:23:46 +10:00
Grant Murphy
138e6decee
Add slack community link ( #215 )
...
Add slack community link
2018-07-20 09:22:43 +10:00
Cosmin Cojocar
f254cec60b
Merge pull request #216 from ccojocar/rename_gas_with_gosec
...
Rename gas with gosec
2018-07-19 18:56:36 +02:00
Cosmin Cojocar
e6641c6265
Replace gas with gosec in the README file
2018-07-19 18:46:26 +02:00
Cosmin Cojocar
893b87b343
Replace gas with gosec everywhere in the project
2018-07-19 18:42:25 +02:00