actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gosec/testutils
History
Martin Vrachev 709ed1ba65 Change rule G204 to be less restrictive (#339) 
Currently, rule G204 warns you about every single use of the
functions syscall.Exec, os.exec.CommandContext and os.Exec.Command.
This can create false positives and it's not accurate because you can
use those functions with perfectly secure arguments like hardcoded
strings for example.

With this change, G204 will warn you in 3 cases when passing arguments
to a function which starts a new process the arguments:
1) are variables initialized by calling another function
2) are functions
3) are command-line arguments or environmental variables

Closes: https://github.com/securego/gosec/issues/338

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2019-09-16 16:15:06 +02:00
..
log.go Major rework of codebase 2017-07-19 15:17:00 -06:00
pkg.go Fix some lint warnings 2019-05-01 08:52:23 +02:00
source.go Change rule G204 to be less restrictive (#339) 2019-09-16 16:15:06 +02:00
visitor.go Replace gas with gosec everywhere in the project 2018-07-19 18:42:25 +02:00