Skip to content

Releases: ccojocar/gosec

1.0.0

27 Jul 13:03
@ccojocar ccojocar
1.0.0
2785f7a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0 Latest
Latest

Changelog

5fb530c Merge pull request securego#219 from ccojocar/goreleaser
a8edd07 Update locked dependencies
2a6e887 Use the goreleaser tool to perform releases
5ba6475 Merge pull request securego#211 from WillAbides/commandcontext
1f9d09d remove extra bracket from test source
6a156e2 Merge branch 'master' into commandcontext
2785f7a Merge pull request securego#217 from ccojocar/derive_pkg_from_files
4c6396b Derive the package from given files
3f2b814 Update README.md
138e6de Add slack community link (securego#215)
f254cec Merge pull request securego#216 from ccojocar/rename_gas_with_gosec
e6641c6 Replace gas with gosec in the README file
893b87b Replace gas with gosec everywhere in the project
da26f64 Rename github org (securego#214)
1923b6d Rule which detects a potential path traversal when extracting zip archives (securego#208)
d7ec2fc add CommandContext as subprocess launcher
4ae8c95 Add an option for Go build tags (securego#201)
7790709 Discard the logs messages if the quite flag is set (securego#200)
830cb81 Support package resolution and filepaths (securego#187)
b643ac2 Add rule ID to text output (securego#198)
c25269e Regenerate the TLS config (securego#199)
542d0c0 Fix up some mistakes in the README instructions (securego#195)
e809226 Build improvments (securego#179)
2115402 Add the rule ID to issues (securego#188)
a036755 Fix TLS config template (securego#191)
7116c4d fix fmt errors
ff2b30f Cleanup test output
66aea5c fix gofmt errors
15095a8 Merge branch 'jonmcclintock-nosec-specify-rule'
90fe5cb Port readfile rule to include ID and metadata
58a48c4 Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule
f3c8d59 Switch to valuespec instead of gendecl for hardcoded credential rule (securego#186)
e76b258 New Rule Tainted file (securego#183)
429ac07 Change the exclude syntax to be a part of #nosec
7bb6f00 Merge branch 'master' of https://github.com/GoASTScanner/gas into nosec-specify-rule
57dd25a Add an issue template to the project (securego#185)
1d9f816 Add support for YAML output format (securego#177)
18700c2 Style tweak
6b484e7 Run gofmt
105edba Leftover from merge.
48d59d2 Merge branch 'nosec-specify-rule' of github.com:jonmcclintock/gas into nosec-specify-rule
1429033 Add support for #excluding specific rules
3713168 Merge remote-tracking branch 'upstream/master'
c6183b4 Add nil pointer check to rule. (securego#181)
edb362f Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (securego#178)
1c58cbd Make the folder permissions more permissive to avoid false positives (securego#175)
d48668e Merge pull request securego#170 from cosmincojocar/build_more_checks
777b706 Merge pull request securego#167 from cosmincojocar/sort_by_severity
7355f0a Fix some gas warnings
230d286 Fix gofmt formatting
e385ab8 Update the build file with more checks
e15c057 Update the build file to validate gas from go version 1.7 onward
84bfbbf Switch to sort Interface to be backward compatible with older go versions
d4ebb03 Sort the issues by severity in descending order before creating the report
6b28d5c Merge pull request securego#166 from cosmincojocar/fprint_whitelist
ac4622d Merge pull request securego#165 from cosmincojocar/fix_gas_warnings
a72a21b Merge pull request securego#164 from cosmincojocar/ssh_rule
6cd7a6d Add Fprint, Fprintf, Fprintln to NoErrorCheck whitelist
c2c2155 Fix some gas warnings
a7cdd9c Add ssh package to the build
179c178 Add some review fixes
f1b903f Update README
d3c3cd6 Add a rule to detect the usage of ssh InsecureIgnoreHostKey function
8b87505 Merge pull request securego#163 from wongherlung/fix-junit-failure-text
33fff95 Excape html string for junit output.
e92170b Merge pull request securego#160 from wongherlung/junit-xml-output
862295c Return err instead of panic.
187a711 Unused import
485bc31 Fix go vet errors in tests
f7c31f2 Using godep not glide for dependency management
846c9ff [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
a293098 Merge pull request securego#161 from jonmcclintock/allow-loader-errors
8125622 Merge pull request securego#162 from gcmurphy/bugfix
a97a196 Unused import
7c7fe75 Fix go vet errors in tests
b49fef7 Using godep not glide for dependency management
f111d5d [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
143df04 Fixed typo.
5b91afe Unexport junit xml structs and some further refactoring.
fdc78c0 Changed failure text from json to plaintext.
4059fac Pretty print xml result for better viewing.
1346bd3 Edited README and help text.
2c1a0b8 Refactored code.
7539b37 Added xml header format.
b8cdc32 Working version of xml result format.
07a2eec Merge pull request securego#156 from gcmurphy/bugfix
5361949 Sending log messages to multiple streams
51b4a4d Merge pull request securego#138 from jonmcclintock/sqli-format-whitelist
bc2a61b Merge branch 'sqli-format-whitelist' of github.com:jonmcclintock/gas into sqli-format-whitelist
1ca3350 Rebase to master
8eb9cc0 Adjust SQL format-string rules to ignore inherently safe formats
a0fc089 Merge pull request securego#154 from GoASTScanner/issue/153
806c1d0 Add install instructions
b068284 Merge pull request securego#152 from ashanbrown/one-build
22dc893 Do a single build for all packages.
085e0f6 Merge pull request securego#150 from GoASTScanner/experimental
aecbc87 Use explicit packages in call lists
9a2bec1 Merge pull request securego#149 from GoASTScanner/experimental
b6f85d5 Fix nil pointer dereference in complit types
3520a5a Merge pull request securego#146 from GoASTScanner/experimental
867d300 Fix lint issues
d452dcb Fix ginko invocation
4c49716 move utils to separate executable
e925d3c Migrated old test cases.
25d74c6 address review comments
af25ac1 fix golint errors picked up by hound-ci
cfa4327 fix hound-ci errors
97cde35 update travis-ci to use ginkgo tests
e3b6fd9 update readme to provide info regarding package level scans
02901b9 actually skip tests until implementation exists
d4311c9 make it clear that these tests have not been implemented yet
67dc432 use godep instead of glide
2b2999b Add tests for excludes with comments
37cada1 Add support for #excluding specific rules
7dfebaf Adjust SQL format-string rules to ignore inherently safe formats
27b2fd9 Merge pull request securego#136 from lanzafame/experimental
6de76c9 Merge pull request securego#135 from cosmincojocar/update_mondern_tls_chipers
5a11336 remove commited binary
9c959ca Issue.Line is already a string
3caf7c3 Add test cases
c36954f Add the CHACHA20 to good ciphers in modern tls check
f22c701 Merge pull request securego#133 from awiens/master
b120a3e Updating Dockerfile with requested changes
5f0f8f8 Adding Docker container and changing README
6943f9e Major rework of codebase
f4b705a Use glide to manage vendored dependencies
026fe4c Simplify analyzer and command line interface
65b18da Hack to address circular dependency in rulelist
5160048 Move rule definitions into own file
50bbc53 Isolate import tracking functionality
bf78d02 Restructure and introduce a standalone config
cacf21f Restructure to focus on lib rather than cli
8df48f9 Fix to reporting to use output formats
9b08174 Process via packages instead of files
1beec25 Merge pull request securego#128 from cosmincojocar/improve_skip
e94e232 Merge pull request securego#129 from cosmincojocar/big_exp
7dc4638 Update the README
5b71c2b Add a test for math/big.Int.Exp rule
65b8e74 Add a rule for big.Exp function call
3ae2762 Add support for partial path match in the skip option
0573847 Merge pull request securego#125 from mockturtl/patch-1
b74c83e BindsToAllNetworkInterfaces should check TLS also
177fa7d Merge pull request securego#122 from GoASTScanner/testfixes
622440f Correct bad test cases and intermitent failure
5c302fb Merge pull request securego#121 from cosmincojocar/tls
2262f5d Add a check for PreferServerCipherSuites flag of tls.Config
1c8e7ff Merge pull request securego#118 from GoASTScanner/issue/117
1c99e45 Fix recursive case on Windows platforms
72caf3d Merge pull request securego#115 from GoASTScanner/bugfix
3e9b66a Temporarily disable typechecker fatal error
f6aeaa8 Merge pull request securego#114 from GoASTScanner/feature
4099783 Go 1.5 does not support width precision specifier
4b70300 Exclude vendor directory from go vet
aaddac5 Add the zxcvbn library to vendor list
9bc0239 Introduce entropy checking of string
cc52ef5 Merge pull request securego#112 from GoASTScanner/bugfix
a7ec9cc Backport test case for 1.5
f9868aa Fix additional test case
ab4867b Fix test cases with invalid sample code
d3f0a08 Report a failure and exit if type checking fails
bc21a39 Merge pull request securego#110 from GoASTScanner/bugfix
d1303fe Improve specitivity of error message for GenDecl
0545d13 Merge pull request securego#109 from GoASTScanner/bugfix
1e736c8 Fix test case (invalid sample code)
d1e67fc Ensure hardcoded credentials only examines strings
d4f9b88 Merge pull request securego#104 from endophage/help_fix
5f1c2df updating skip cli help and readme description
c68ed64 Merge pull request securego#102 from GoASTScanner/bugfix
94ac200 Tests broken if logger is not initialized
1ba8b93 Reduce logging messages a tad
465338b Merge pull request securego#101 from GoASTScanner/bugfix
191750f Recreate fileset each time we process a file
b5308ff Merge pull request securego#98 from endophage/recursive
365e9f6 Merge pull request securego#99 from mcpeak/fix-nosec
1a481fa adding support for arbitrary paths with ...
942f40a Fix nosec to work as documented
3911321 Merge pull request securego#97 from GoASTScanner/experimental
6ace60b Address unhandled error conditions
8f78248 Merge pull request securego#92 from GoASTScanner/experimental
e1e435c Merge pull request securego#93 from GoASTScanner/bugfix
dcfd97c Remove ast.Print debug message from tryresolve
129be15 Update error test case
5242a2c Extend helpers and call list
d29c648 Add match call by type
d30c5cd Merge pull request securego#91 from GoASTScanner/experimental
63e8b1a Update unsafe rule to match package explicitly
b26f5cf Merge pull request securego#90 from GoASTScanner/experimental
39b18a1 Remove debug print messages
5b3192b Merge pull request securego#88 from GoASTScanner/experimental
ca42de2 Initialize fresh import info for each file
6ef59ba Merge pull request securego#86 from GoASTScanner/experimental
c7bb2dd Fix additional crash condition
5012c34 Handle inbalanced declaration of ...

Read more
Assets 6