actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gosec/rules
History
Martin Vrachev 709ed1ba65 Change rule G204 to be less restrictive (#339) 
Currently, rule G204 warns you about every single use of the
functions syscall.Exec, os.exec.CommandContext and os.Exec.Command.
This can create false positives and it's not accurate because you can
use those functions with perfectly secure arguments like hardcoded
strings for example.

With this change, G204 will warn you in 3 cases when passing arguments
to a function which starts a new process the arguments:
1) are variables initialized by calling another function
2) are functions
3) are command-line arguments or environmental variables

Closes: https://github.com/securego/gosec/issues/338

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-09-16 16:15:06 +02:00
..
archive.go Allow quoted strings to be used to format SQL queries (#240) 2018-09-25 10:40:05 +03:00
bind.go Extend the bind rule to handle the case when the net.Listen address in provided from a const 2018-12-04 09:22:06 +01:00
blacklist.go Add sha1 to weak crypto primitives 2018-08-08 16:38:57 +02:00
errors.go Fix the whitelist on G104 rule and add a test 2019-06-25 11:15:11 +02:00
fileperms.go Fix some lint warnings 2019-05-01 08:52:23 +02:00
hardcoded_credentials.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
rand.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
readfile.go Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
rsa.go Allow quoted strings to be used to format SQL queries (#240) 2018-09-25 10:40:05 +03:00
rulelist.go Remove rule G105 which detects the use of math/big#Int.Exp 2019-09-10 11:59:05 +10:00
rules_suite_test.go Major rework of codebase 2017-07-19 15:17:00 -06:00
rules_test.go Remove rule G105 which detects the use of math/big#Int.Exp 2019-09-10 11:59:05 +10:00
sql.go One approach for fixing the false positive identified in #325. 2019-06-13 08:22:48 +10:00
ssh.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
ssrf.go Allow quoted strings to be used to format SQL queries (#240) 2018-09-25 10:40:05 +03:00
subproc.go Change rule G204 to be less restrictive (#339) 2019-09-16 16:15:06 +02:00
tempfiles.go Allow quoted strings to be used to format SQL queries (#240) 2018-09-25 10:40:05 +03:00
templates.go Fix typos in comments and rulelist (#256) 2018-10-11 14:45:31 +02:00
tls.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
tls_config.go Regenerate the TLS configuration based on latest Mozilla's recommended ciphers 2019-09-10 11:57:18 +10:00
unsafe.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00
weakcrypto.go Add sha1 to weak crypto primitives 2018-08-08 16:38:57 +02:00