New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide detailed documentation for each rule #127
Comments
+1 Thanks for the suggestion. Will add this to the backlog. |
Can this be given a higher priority? We currently have no idea if the issues reported by See |
Just as an update I've created the repository github.com/securego/securego.github.io and registered the securego.io domain for this purpose. I'm hoping to get some spare time to work on this soon. |
Yes, this is needed. It looks like some rules are too broad to flag. |
Indeed that's something I think would be great. It would be sooo useful if we have similar thing in Gosec. |
What's the status of this issue? Is there any (draft?) content written anywhere? Thanks! |
I am helping with the documentation. We have documentation for a small subset of the rules you can read more here: |
@MVrachev, excuse me, about "G304: Potential file inclusion via variable ", "ioutil.ReadFile(filename)", what is the right way? I don't find it in https://securego.io/, thanks very much. |
Yes, we need to work more on the documentation. |
@MVrachev @ping035627 HI, what is the right way to solve 'G304: Potential file inclusion via variable'? |
This comment was marked as abuse.
This comment was marked as abuse.
@MVrachev @gcmurphy What's the current status of the documentation? Some rules seem to have some guidelines https://securego.io/docs/rules/rule-intro.html. Are you actively working on adding more docs? |
I am slowly working on this when I have time. |
I would like this fixed too. I am having troubles figuring out how to actually fix G304 🙁 |
Googling G304 led me here. The answer is now added at https://securego.io/docs/rules/g304.html The fix appears to be "wrap your file path string in a call to - loadResult.loadCachedJSON(cacheFilePath)
+ loadResult.loadCachedJSON(filepath.Clean(cacheFilePath)) Thanks for |
G110 is missing at https://securego.io/docs/rules/g110.html |
It'd be great to have a shellcheck like wiki with some more info on each check, why its bad and what the possible fixes are. If this sounds like a good idea, I can start it off with the minimal info.
The text was updated successfully, but these errors were encountered: