Skip to content

1.0.0
Compare
Choose a tag to compare
@ccojocar ccojocar released this 27 Jul 13:07
· 769 commits to master since this release
1.0.0
5fb530c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog

5fb530c Merge pull request #219 from ccojocar/goreleaser
a8edd07 Update locked dependencies
2a6e887 Use the goreleaser tool to perform releases
5ba6475 Merge pull request #211 from WillAbides/commandcontext
1f9d09d remove extra bracket from test source
6a156e2 Merge branch 'master' into commandcontext
2785f7a Merge pull request #217 from ccojocar/derive_pkg_from_files
4c6396b Derive the package from given files
3f2b814 Update README.md
138e6de Add slack community link (#215)
f254cec Merge pull request #216 from ccojocar/rename_gas_with_gosec
e6641c6 Replace gas with gosec in the README file
893b87b Replace gas with gosec everywhere in the project
da26f64 Rename github org (#214)
1923b6d Rule which detects a potential path traversal when extracting zip archives (#208)
d7ec2fc add CommandContext as subprocess launcher
4ae8c95 Add an option for Go build tags (#201)
7790709 Discard the logs messages if the quite flag is set (#200)
830cb81 Support package resolution and filepaths (#187)
b643ac2 Add rule ID to text output (#198)
c25269e Regenerate the TLS config (#199)
542d0c0 Fix up some mistakes in the README instructions (#195)
e809226 Build improvments (#179)
2115402 Add the rule ID to issues (#188)
a036755 Fix TLS config template (#191)
7116c4d fix fmt errors
ff2b30f Cleanup test output
66aea5c fix gofmt errors
15095a8 Merge branch 'jonmcclintock-nosec-specify-rule'
90fe5cb Port readfile rule to include ID and metadata
58a48c4 Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule
f3c8d59 Switch to valuespec instead of gendecl for hardcoded credential rule (#186)
e76b258 New Rule Tainted file (#183)
429ac07 Change the exclude syntax to be a part of #nosec
7bb6f00 Merge branch 'master' of https://github.com/GoASTScanner/gas into nosec-specify-rule
57dd25a Add an issue template to the project (#185)
1d9f816 Add support for YAML output format (#177)
18700c2 Style tweak
6b484e7 Run gofmt
105edba Leftover from merge.
48d59d2 Merge branch 'nosec-specify-rule' of github.com:jonmcclintock/gas into nosec-specify-rule
1429033 Add support for #excluding specific rules
3713168 Merge remote-tracking branch 'upstream/master'
c6183b4 Add nil pointer check to rule. (#181)
edb362f Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)
1c58cbd Make the folder permissions more permissive to avoid false positives (#175)
d48668e Merge pull request #170 from cosmincojocar/build_more_checks
777b706 Merge pull request #167 from cosmincojocar/sort_by_severity
7355f0a Fix some gas warnings
230d286 Fix gofmt formatting
e385ab8 Update the build file with more checks
e15c057 Update the build file to validate gas from go version 1.7 onward
84bfbbf Switch to sort Interface to be backward compatible with older go versions
d4ebb03 Sort the issues by severity in descending order before creating the report
6b28d5c Merge pull request #166 from cosmincojocar/fprint_whitelist
ac4622d Merge pull request #165 from cosmincojocar/fix_gas_warnings
a72a21b Merge pull request #164 from cosmincojocar/ssh_rule
6cd7a6d Add Fprint, Fprintf, Fprintln to NoErrorCheck whitelist
c2c2155 Fix some gas warnings
a7cdd9c Add ssh package to the build
179c178 Add some review fixes
f1b903f Update README
d3c3cd6 Add a rule to detect the usage of ssh InsecureIgnoreHostKey function
8b87505 Merge pull request #163 from wongherlung/fix-junit-failure-text
33fff95 Excape html string for junit output.
e92170b Merge pull request #160 from wongherlung/junit-xml-output
862295c Return err instead of panic.
187a711 Unused import
485bc31 Fix go vet errors in tests
f7c31f2 Using godep not glide for dependency management
846c9ff [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
a293098 Merge pull request #161 from jonmcclintock/allow-loader-errors
8125622 Merge pull request #162 from gcmurphy/bugfix
a97a196 Unused import
7c7fe75 Fix go vet errors in tests
b49fef7 Using godep not glide for dependency management
f111d5d [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
143df04 Fixed typo.
5b91afe Unexport junit xml structs and some further refactoring.
fdc78c0 Changed failure text from json to plaintext.
4059fac Pretty print xml result for better viewing.
1346bd3 Edited README and help text.
2c1a0b8 Refactored code.
7539b37 Added xml header format.
b8cdc32 Working version of xml result format.
07a2eec Merge pull request #156 from gcmurphy/bugfix
5361949 Sending log messages to multiple streams
51b4a4d Merge pull request #138 from jonmcclintock/sqli-format-whitelist
bc2a61b Merge branch 'sqli-format-whitelist' of github.com:jonmcclintock/gas into sqli-format-whitelist
1ca3350 Rebase to master
8eb9cc0 Adjust SQL format-string rules to ignore inherently safe formats
a0fc089 Merge pull request #154 from GoASTScanner/issue/153
806c1d0 Add install instructions
b068284 Merge pull request #152 from ashanbrown/one-build
22dc893 Do a single build for all packages.
085e0f6 Merge pull request #150 from GoASTScanner/experimental
aecbc87 Use explicit packages in call lists
9a2bec1 Merge pull request #149 from GoASTScanner/experimental
b6f85d5 Fix nil pointer dereference in complit types
3520a5a Merge pull request #146 from GoASTScanner/experimental
867d300 Fix lint issues
d452dcb Fix ginko invocation
4c49716 move utils to separate executable
e925d3c Migrated old test cases.
25d74c6 address review comments
af25ac1 fix golint errors picked up by hound-ci
cfa4327 fix hound-ci errors
97cde35 update travis-ci to use ginkgo tests
e3b6fd9 update readme to provide info regarding package level scans
02901b9 actually skip tests until implementation exists
d4311c9 make it clear that these tests have not been implemented yet
67dc432 use godep instead of glide
2b2999b Add tests for excludes with comments
37cada1 Add support for #excluding specific rules
7dfebaf Adjust SQL format-string rules to ignore inherently safe formats
27b2fd9 Merge pull request #136 from lanzafame/experimental
6de76c9 Merge pull request #135 from cosmincojocar/update_mondern_tls_chipers
5a11336 remove commited binary
9c959ca Issue.Line is already a string
3caf7c3 Add test cases
c36954f Add the CHACHA20 to good ciphers in modern tls check
f22c701 Merge pull request #133 from awiens/master
b120a3e Updating Dockerfile with requested changes
5f0f8f8 Adding Docker container and changing README
6943f9e Major rework of codebase
f4b705a Use glide to manage vendored dependencies
026fe4c Simplify analyzer and command line interface
65b18da Hack to address circular dependency in rulelist
5160048 Move rule definitions into own file
50bbc53 Isolate import tracking functionality
bf78d02 Restructure and introduce a standalone config
cacf21f Restructure to focus on lib rather than cli
8df48f9 Fix to reporting to use output formats
9b08174 Process via packages instead of files
1beec25 Merge pull request #128 from cosmincojocar/improve_skip
e94e232 Merge pull request #129 from cosmincojocar/big_exp
7dc4638 Update the README
5b71c2b Add a test for math/big.Int.Exp rule
65b8e74 Add a rule for big.Exp function call
3ae2762 Add support for partial path match in the skip option
0573847 Merge pull request #125 from mockturtl/patch-1
b74c83e BindsToAllNetworkInterfaces should check TLS also
177fa7d Merge pull request #122 from GoASTScanner/testfixes
622440f Correct bad test cases and intermitent failure
5c302fb Merge pull request #121 from cosmincojocar/tls
2262f5d Add a check for PreferServerCipherSuites flag of tls.Config
1c8e7ff Merge pull request #118 from GoASTScanner/issue/117
1c99e45 Fix recursive case on Windows platforms
72caf3d Merge pull request #115 from GoASTScanner/bugfix
3e9b66a Temporarily disable typechecker fatal error
f6aeaa8 Merge pull request #114 from GoASTScanner/feature
4099783 Go 1.5 does not support width precision specifier
4b70300 Exclude vendor directory from go vet
aaddac5 Add the zxcvbn library to vendor list
9bc0239 Introduce entropy checking of string
cc52ef5 Merge pull request #112 from GoASTScanner/bugfix
a7ec9cc Backport test case for 1.5
f9868aa Fix additional test case
ab4867b Fix test cases with invalid sample code
d3f0a08 Report a failure and exit if type checking fails
bc21a39 Merge pull request #110 from GoASTScanner/bugfix
d1303fe Improve specitivity of error message for GenDecl
0545d13 Merge pull request #109 from GoASTScanner/bugfix
1e736c8 Fix test case (invalid sample code)
d1e67fc Ensure hardcoded credentials only examines strings
d4f9b88 Merge pull request #104 from endophage/help_fix
5f1c2df updating skip cli help and readme description
c68ed64 Merge pull request #102 from GoASTScanner/bugfix
94ac200 Tests broken if logger is not initialized
1ba8b93 Reduce logging messages a tad
465338b Merge pull request #101 from GoASTScanner/bugfix
191750f Recreate fileset each time we process a file
b5308ff Merge pull request #98 from endophage/recursive
365e9f6 Merge pull request #99 from mcpeak/fix-nosec
1a481fa adding support for arbitrary paths with ...
942f40a Fix nosec to work as documented
3911321 Merge pull request #97 from GoASTScanner/experimental
6ace60b Address unhandled error conditions
8f78248 Merge pull request #92 from GoASTScanner/experimental
e1e435c Merge pull request #93 from GoASTScanner/bugfix
dcfd97c Remove ast.Print debug message from tryresolve
129be15 Update error test case
5242a2c Extend helpers and call list
d29c648 Add match call by type
d30c5cd Merge pull request #91 from GoASTScanner/experimental
63e8b1a Update unsafe rule to match package explicitly
b26f5cf Merge pull request #90 from GoASTScanner/experimental
39b18a1 Remove debug print messages
5b3192b Merge pull request #88 from GoASTScanner/experimental
ca42de2 Initialize fresh import info for each file
6ef59ba Merge pull request #86 from GoASTScanner/experimental
c7bb2dd Fix additional crash condition
5012c34 Handle inbalanced declaration of constants
9301684 Merge pull request #83 from GoASTScanner/experimental
a3fcd96 Update hardcoded credentials rule for GenDecls
bf103da Allow rules to register against multiple ast nodes
c6587df Merge pull request #82 from GoASTScanner/experimental
1d732b8 Ensure os.OpenFile file permissions are checked
423a303 Merge pull request #81 from GoASTScanner/experimental
97dcc72 Incorrect rule mapping in rulelist
7dd3032 Merge pull request #76 from GoASTScanner/experimental
be96ef2 Fix alias logic
c833bfa Merge branch 'tam7t-rand-pkg-helper'
e0db3f4 Merge branch 'rand-pkg-helper' of git://github.com/tam7t/gas into tam7t-rand-pkg-helper
9f54d25 Merge pull request #75 from GoASTScanner/experimental
20f2a98 Ensure initialization only imports are ignored
7a275fd MatchCallByPackage updated to avoid GetCallObject
d163260 Merge pull request #71 from GoASTScanner/call_list
238d1e0 Merge pull request #73 from GoASTScanner/tools
b02c0fa Add imports dumper
2c9d8fc Skip files if they don't exist
d205060 Update to dump specific context information
d8bf436 Merge pull request #72 from GoASTScanner/tools
14e6635 Add tool to inspect call objects in file
0bc4d48 Add an experimental way to whitelist calls
afb84ff rand: use a MatchCallByPackage helper
8a473c7 Merge pull request #69 from GoASTScanner/helpers
0fef3ad Split out MatchCallByObject into two functions
ce2c328 Merge pull request #68 from GoASTScanner/command_line_fixes
f71ade6 Update usage to indicate html is supported
d72cee8 Add quiet mode
9fa0b72 Merge pull request #67 from GoASTScanner/use_types
c405754 Add MatchCall helper that utilizes type checker
9e2abd5 Merge pull request #66 from csstaub/cs/html-output
aadcf8d Merge pull request #60 from tam7t/fix-rand
4ff5915 rand: refactor to use types package
75e0e1a rand: resolve math/rand package
068e8a8 Merge pull request #65 from GoASTScanner/sql_fix
d60a2b4 Confirmed correct behavior for SQL tests
853b097 Merge pull request #63 from GoASTScanner/travis_ci
686927c Address go vet failure in SQL rule
344ebd1 Add go vet to travis-ci
65d572f Merge pull request #62 from GoASTScanner/correct_imports
74b6633 Updated imports to new repository location.
b8ce40e Remove debugging println
4cd269f Merge pull request #58 from levigross/master
9c3c102 Fixed comment
b92fa02 Make sure to exit 1 if we find an issue
fadc6d4 Merge pull request #52 from gcmurphy/use_glob
b8e78c6 Merge pull request #56 from s7v7nislands/fix_unsafe
eedb0c2 fix fmt
92dda9c fix unsafe check
911c696 Add support for HTML output
59fbf74 Refactor path matching logic
a4fd848 Merge pull request #49 from gcmurphy/master
7f4bdd5 Merge pull request #48 from gcmurphy/godoc
d05a241 MatcMatchCompLit should be MatchCompList
b5a98c1 Add godocs.org bagdge
9ca975d Add gas to .gitignore
0ee8e1b Merge pull request #47 from gcmurphy/readme
0bce177 Fix typos in godocs
bb42840 Merge pull request #42 from HewlettPackard/code_docs
e4b1e28 Merge pull request #46 from drewwells/feature/exclusions
a2b7f3e Add LICENSE information to README.md
929edb4 Update README.md to use rule ID's
365ae31 prefix patterns with **/ to match subdirectories
223cded Adding some inline documentation for godoc
37205e9 Merge pull request #41 from HewlettPackard/usage
df373b8 Fix usage information
82947bb Merge pull request #39 from HewlettPackard/rule_selection
713949f Rule selection rules
51ffe1b Merge pull request #40 from dragonndev/master
b29e45f Merge pull request #38 from HewlettPackard/cli_docs
5b867f2 Clarified output format options.
6d831c0 Updating docs for new CLI "skip" option
235308f Merge pull request #35 from HewlettPackard/config_cli
e3b1d33 Configuration
4e30ca3 Merge pull request #37 from HewlettPackard/travis_ci
9521472 Add build status to README.md
58e6823 Merge pull request #36 from HewlettPackard/travis_ci
f36388a Merge pull request #34 from HewlettPackard/blacklist
9bd62d1 Add travis ci profile
45f3b5f Creating blacklist import rules
7e1d7ee Merge pull request #33 from HewlettPackard/config_fix
da55fd1 Fixing config
84f0162 Merge pull request #32 from HewlettPackard/resolve_1
d2d49f1 Try to resolve all elements in an expression to a known const
12d370b Merge pull request #31 from HewlettPackard/config
d4367de Adding a config block to the analyzer, parsed from JSON
8261ee5 Merge pull request #29 from HewlettPackard/fix_regexp
cee5fad Fix incorrect regexp matches
0bf1ece Merge pull request #27 from cwkuo/fix-windows-file-contains
0737ea6 Fix os.IsExist() condition in filelist.Contains()
b659538 Merge pull request #26 from HewlettPackard/fix_annotations
68aac25 Fixing annotations
28f0f1a Merge pull request #23 from csstaub/cs/detect-math-rand
c53af75 Detect use of rand.Read from math/rand
c5d2715 Merge pull request #24 from csstaub/cs/smarter-creds-check
e86addb Merge pull request #22 from csstaub/cs/csv
3cd0ebe Smarter hard-coded credentials check
2ec102c Use encoding/csv for CSV output
81b5e98 Merge pull request #21 from HewlettPackard/better_sql
3e4d96e Better SQLi testing
2d0a26d Merge pull request #18 from HewlettPackard/issue16
48910f5 Merge pull request #20 from hyakuhei/Fix_Readme
9651a40 Fixed-up some language in README.md
0dd7ec9 Merge pull request #19 from HewlettPackard/issue17
1cff726 Fix exclude documentation
a7ebf35 Expand cases accepted by -exclude
debb1f5 Merge pull request #14 from csstaub/cs/fix-json
271cff1 Use encoding/json for -fmt json output
50fb7f4 Merge pull request #10 from HewlettPackard/issue9
37cc56d Merge pull request #11 from csstaub/cs/fix-json
c6e25a9 Make sure -fmt json produces valid output
2f84b67 Handle import error rather than panic on failure
9ce14dc Disclaimer about project status
f9bf428 Merge pull request #6 from HewlettPackard/tools
0bd254c Check input files and handle panic condition
e2caa92 Merge pull request #5 from HewlettPackard/docs
2cac390 Update the README to include newer rules
59deedb Merge pull request #4 from HewlettPackard/httpoxy
3615933 Adding check for httpoxy
4f3d620 Initial public release

Assets 6
Loading