Commit graph

577 commits

Author SHA1 Message Date
Cosmin Cojocar
f06a84ebaa
Merge pull request #227 from ccojocar/sha1
Add sha1 to weak crypto primitives
2018-08-09 09:34:49 +02:00
Cosmin Cojocar
8dfa8dc015 Update README 2018-08-08 16:41:34 +02:00
Cosmin Cojocar
fb0dc73a96 Add sha1 to weak crypto primitives 2018-08-08 16:38:57 +02:00
Cosmin Cojocar
90a1c1d625
Merge pull request #225 from jvmatl/jvmatl-patch-1
Document #nosec use with a list of rules
2018-08-03 10:02:42 +02:00
John Martinez
0d2e16dfa3
Document #nosec use with a list of rules
Extend the readme to document the ability to prevent some, but not all, rules from being enforced within an AST node.
2018-07-31 16:22:19 -04:00
Cosmin Cojocar
639987a295
Merge pull request #223 from ccojocar/fail_by_severity
Add a flag to specify the severity for which the scanning will be failed
2018-07-30 13:46:25 +02:00
Cosmin Cojocar
de10a7456f Fix the help message 2018-07-30 09:45:29 +02:00
Cosmin Cojocar
4702cc5da7 Add a flag to specify the severity for which the scanning will be failed 2018-07-30 09:43:41 +02:00
Cosmin Cojocar
c0db486820
Merge pull request #222 from ccojocar/vendor_folder_flag
Add a flag to turn on scanning on vendor folder
2018-07-30 09:23:52 +02:00
Cosmin Cojocar
6919d97188 Add a flag to turn on scanning on vendor folder 2018-07-30 09:11:23 +02:00
Cosmin Cojocar
f5b44b0740
Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
fix duplicated index issue in Less method
2018-07-30 08:44:30 +02:00
Cosmin Cojocar
7d767b4b66
Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
replace len(x)<=0 with len(x)==0
2018-07-30 08:43:44 +02:00
Iskander Sharipov
3c8707c6c4 fix duplicated index issue in Less method
Found using https://go-critic.github.io/overview#dupSubExpr-ref
2018-07-28 23:18:12 +03:00
Iskander Sharipov
2f61fad317 replace len(x)<=0 with len(x)==0
length can't be negative.

Found using https://go-critic.github.io/overview#sloppyLen-ref
2018-07-28 23:16:16 +03:00
Cosmin Cojocar
5fb530cda3
Merge pull request #219 from ccojocar/goreleaser
Use the goreleaser tool to perform releases
2018-07-27 14:59:25 +02:00
Cosmin Cojocar
a8edd07bf1 Update locked dependencies 2018-07-27 14:48:09 +02:00
Cosmin Cojocar
2a6e887167 Use the goreleaser tool to perform releases 2018-07-27 14:42:00 +02:00
Cosmin Cojocar
5ba647528a
Merge pull request #211 from WillAbides/commandcontext
Make G204 look for CommandContext calls
2018-07-26 16:48:42 +02:00
Will Roden
1f9d09d456 remove extra bracket from test source 2018-07-26 09:27:39 -05:00
Will Roden
6a156e2695 Merge branch 'master' into commandcontext 2018-07-26 09:13:43 -05:00
Cosmin Cojocar
2785f7aaf8
Merge pull request #217 from ccojocar/derive_pkg_from_files
Derive the package from given files
2018-07-23 15:29:24 +02:00
Cosmin Cojocar
4c6396b7d4 Derive the package from given files
Move some utility functions into the helper
2018-07-23 15:16:47 +02:00
Grant Murphy
3f2b81461f
Update README.md 2018-07-20 09:23:46 +10:00
Grant Murphy
138e6decee
Add slack community link (#215)
Add slack community link
2018-07-20 09:22:43 +10:00
Cosmin Cojocar
f254cec60b
Merge pull request #216 from ccojocar/rename_gas_with_gosec
Rename gas with gosec
2018-07-19 18:56:36 +02:00
Cosmin Cojocar
e6641c6265 Replace gas with gosec in the README file 2018-07-19 18:46:26 +02:00
Cosmin Cojocar
893b87b343 Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
Grant Murphy
da26f64208
Rename github org (#214) 2018-07-19 17:40:28 +10:00
Cosmin Cojocar
1923b6d18e Rule which detects a potential path traversal when extracting zip archives (#208)
* Add a rule which detects file path traversal when extracting zip archive

* Detect if any argument is derived from zip.File

* Drop support for Go version 1.8
2018-07-18 22:31:07 +10:00
Will Roden
d7ec2fce7a add CommandContext as subprocess launcher 2018-06-03 16:43:28 -05:00
cosmincojocar
4ae8c95b40 Add an option for Go build tags (#201)
* Add an option for Go build tags

* Update README with a section for Go build tags
2018-04-20 09:45:03 +10:00
cosmincojocar
7790709b81 Discard the logs messages if the quite flag is set (#200) 2018-04-16 19:41:40 +10:00
Grant Murphy
830cb81b29
Support package resolution and filepaths (#187)
* Support package resolution and filepaths

This change introduces the logic to resolve packages using gotool
and build packages from filepaths. It assumes that the packages
being scanned are located within the GOPATH.

If the GOPATH environment variable is not set the GOPATH is derived
as $HOME/go.

Relates to #184

* Fix build error

* Address unhandled error

* Fix formatting error

* Handle multiple paths on GOPATH
2018-04-16 15:46:39 +10:00
Geoff Baskwill
b643ac26a4 Add rule ID to text output (#198) 2018-04-16 15:44:54 +10:00
cosmincojocar
c25269ef39 Regenerate the TLS config (#199) 2018-04-16 15:44:11 +10:00
Eric Brown
542d0c0e4f Fix up some mistakes in the README instructions (#195)
This fixes a couple issues found in the README in the development
section:
* There was no information provided on dependencies.  Both go/dep
  and golint are required to run make.
* To run the tests, the command 'make test' not 'make tests' has
  to be used.
2018-03-20 09:21:32 +10:00
cosmincojocar
e809226800 Build improvments (#179)
* Add a semantic version to the usage text

* Add a comment to the version function

* Inject the version, git tag and build date as build variables

* Update README

* Fix lint warnings

* Update README

* Manage dependencies with dep tool instead of godep

* Add a Makefile for common build tasks

* Update the build file to use the make tool

* Update Dockerfile

* Add docker entry point in to make the passing of arguments easy

* Update README

* Add missing tools to the build

* Drop 1.7 support and add 1.10

* Fix Go 1.10 according with the travis guidelines

https://docs.travis-ci.com/user/languages/go/

* Update the tls-observatory package

* Fix lint warnings

* Change the output of the tests to be more verbose

* Check if the are build errors before executing the rule test
2018-03-13 08:57:10 +10:00
jonmcclintock
2115402409 Add the rule ID to issues (#188) 2018-03-12 18:18:44 +10:00
cosmincojocar
a0367559a7 Fix TLS config template (#191)
* Fix TLS config template

* Update the log message for unavailable ciphers
2018-03-12 18:17:32 +10:00
Grant Murphy
7116c4d3a1 fix fmt errors 2018-03-09 15:36:31 +10:00
Grant Murphy
ff2b30ff5d Cleanup test output 2018-03-09 15:28:56 +10:00
Grant Murphy
66aea5cd99 fix gofmt errors 2018-03-09 12:49:01 +10:00
Grant Murphy
15095a8bef Merge branch 'jonmcclintock-nosec-specify-rule' 2018-03-09 11:31:05 +10:00
Grant Murphy
90fe5cb5ab Port readfile rule to include ID and metadata 2018-03-09 11:27:41 +10:00
Grant Murphy
58a48c471c Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule 2018-03-09 10:54:34 +10:00
andyleap
f3c8d59863 Switch to valuespec instead of gendecl for hardcoded credential rule (#186) 2018-03-09 09:49:49 +10:00
coredefend
e76b258456 New Rule Tainted file (#183)
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)

* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions

* Add nil pointer check to rule. (#181)

TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174

* Add support for YAML output format (#177)

* Add YAML output format

* Update README

* added rule to check for tainted file path

* added #nosec to main/issue.go

* updated test case import
2018-03-09 09:23:27 +10:00
Jon McClintock
429ac07bbd Change the exclude syntax to be a part of #nosec 2018-03-08 19:01:00 +00:00
Jon McClintock
7bb6f004ae Merge branch 'master' of https://github.com/GoASTScanner/gas into nosec-specify-rule 2018-03-08 18:52:11 +00:00
Eric Brown
57dd25a893 Add an issue template to the project (#185)
This patch adds a template for Issues opened against the
gas project. That way, minimum information is present to debug
the problem.

Signed-off-by: Eric Brown <browne@vmware.com>
2018-03-08 12:38:10 +10:00