Changelog
a4746e1 Update all dependencies (#533)
6bd6e4b Use $(go env GOPATH) that works even when GOPATH is not set
aef335a Fix typo in README.md
0ce48a5 Reproducible junit report (#529)
868556b Update README with the correct path to tlsconfig command
13519fd Update the tls configuration generate to handle also the NSS alternative names
e351067 Update all dependencies
166e4f5 Update README file with some more details required to run successfully a scan with the docker image
f5cc32a Update the Go version to 1.15 in the Makefile
ea0fa28 Update the Github go action version to 1.6.0
feea8bb Fix the action tag
6688a97 Fix the github action for Go 1.15
7234349 Add Go 1.15 to the supported version and phase out the Go 1.12
a3895d5 Fix typo in README file
17c9555 Incorrect local installation instructions for v2
f13b8bc Add also filepath.Rel as a sanitization method for input argument in the G304 rule
047729a Fix the rule G304 to handle the case when the input is cleaned as a variable assignment
b60ddc2 feat: adds support for path.Join and for tar archives in G305
673a139 Update all dependencies
110b62b Add io.CopyBuffer function to rule G110
6bcd89a Mark all lines of a multi-line finding
4d4e594 Add some comments
d1467ac Extend the code snippet included in the issue and refactored how the code snippet is printed
37d1af0 Expand the arguments to a list of strings when they are provided as a single string
59cbe00 Update all dependencies
ade81d3 Rename file for consistency
03f12f3 Change naming rule from blacklist to blocklist
3784ffe Fix panic when reading the version from debug info in Go 1.13
55d368f Improve the TLS version checking
ad1cb7e Make sure some version information is set when no version was injected into the binary
1d2c951 Extend the rule G304 with os.OpenFile and add a test to cover it
0c1a71b Add more tests samples to increase coverage
fe07fcf Fix unit test when checking a mix of good and bad random functions
6bbf8f9 Extend the insecure random rule with more insecure random functions
af699f6 Exclude .git directory from scan (#485)
6202b38 Update all dependencies (#484)
6a130d5 Update the link pointing to issues to CWE mapping to use the master version (#483)
826db1c Fix the build tags propagation
7da9248 Change the issue test to verify that a multi-line finding contains a line range
7aedcc5 Remove print line from tests
30e93bf Improve the SQL strings concat rules to handle multiple string concatenation
68bce94 Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context
32be4a5 Make sure all rules are mapped to CWE numbers
8630c43 Add null pointer check in G601
1418b85 ondisk -> onDisk
b2cfc5d USERS.md type in the title fixed.
425b8f9 Display a sponsor button in the repository
0714a1e Update the users file with some more projects and companies
1b915dd Set up a gosec's users list
668512f Update bad_defer.go
ee3146e Rule which detects aliasing of values in RangeStmt
8662624 Update the build badge to ge the status from GitHub workflow
a5db4e1 Run mod tidy to clean up the dependencies
fb44007 Enhance the hardcoded credentials rule to check the equality and non-equality of strings
a2a40de Update the README with an example to configure the hard-coded credentials rule
802292c Fix the configuration parsing for hardcoded credentials
c58f356 Set the default color on only for text format
1a113d6 Turn the color always on when the text format is set
c4417de Use the latest color package to get the color working with tmux
656691b feature(formatter/text): Add color option on text format (#460)
51e4317 Automate the release process using a GitHub workflow
341059e Update the GitHub action name to be more desriptive
3b6c3f1 Update README with some instruction how to run gosec as a GitHub action
08202fe Add a GitHub action to run gosec
c6e10af Handle properly the gosec module version v2
e946c8c Update all dependencies
e030aa4 Remove the go 1.14 version from github action
ee176ff Fix the job names in the Github workflow
cabccc7 Add to GitHub workflow some jobs for go1.13 and go1.12
a111777 Change the GitHub workflow to use only the latest Go version
722acb6 Change the GitHub workflow to run the builds only on ubuntu-latest platform
5284f34 Change the GitHub workflow to use an action which install Go using a Go version from the matrix
8de5fb6 Migrate the build to GitHub Actions
7da9f46 Fix the call list info to handle selector expressions
cf25904 Fix the subproc rule to handle correctly the CommandContext check
f97f861 Update the subproc rule to detect the syscall.ForkExec and syscall.StartProces calls
c998389 re-generate install.sh with latest godownloader (#446)
7525fe4 Rule for defering methods which return errors (#441)
a2ac0bf Update all dependencies (#445)
a305f10 Fileperms (#442)
00363ed remove support for go 1.11 (#444)
d13bb6d Update all dependencies
17df5b3 Fix typos
3e069e7 Fix the errors rule whitelist to work on types methods
459e2d3 Modify rule for integer overflow to have more acurate results (#434)
a4d7b36 Add G110(Potential DoS vulnerability via decompression bomb)
3d5c97b Add a test sample for Cgo files
81e8278 Add the Cgo files to the analysed files and ingonre all non-Go files
a1969e2 Handle all errors in the formatter tests (#431)
9cb83e1 Add a rule which detects when there is potential integer overflow (#422)
f43a957 Check for both default and alternative nosec tags (#426)
79fbf3a Add golint format to output format (#428)
57c3788 Update all dependencies (#427)
5d61373 fix(docker) gcc and libc-dev required bindings
cb4f343 Update all dependencies (#417)
df484bf cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412)
b4c76d4 Update all dependencies (#410)
99170e0 Update the README with some details about the CWE mapping (#407)
53be8dd Add CWE rule mappings (#405)
28c1128 Add more tests to improve the coverage of resolve
d78f026 Format import to make codecov happy
50e1fe2 Improve the SSRF rule to report an issue for package scoped variables
07770ae Add a test for composite literals when trying to resolve an AST tree node
f413f14 Handle the ValueSpec when trying to resolve an AST tree node
c1970ff Handle the ValueSpec when trying to resolve an AST tree node
ea9faae Update the Go version to 1.13 in the Dockerfile (#403)
186dec7 Convert the global settings to correct type when reading them from file (#399)
e680875 Replace the deprecated load mode with more specific flags are recommended in the packages docs (#400)
ad375d3 Update golang.org/x/tools commit hash to 7c411de (#389)
607f240 reconfigure rennoavate bot (#395)
832d7bb Update README with CII Best Practicies badge
29341f6 Fix the rule G108/pporf to handle the case when the pporf import has not name
b504783 Change unit tests to check for one thing (#381)
7dbc65b Update golang.org/x/tools commit hash to 3ac2a5b (#387)
f3bd9fb Update golang.org/x/tools commit hash to 0f9bb8f
c6ac709 Update golang.org/x/net commit hash to aa69164
7a6460d Update golang.org/x/crypto commit hash to 9ee001b
d8f249a Update README with rule G108
9cee24c Add a rule which detects when pprof endpoint is automatically exposed
73fbc9b Update golang.org/x/net commit hash to 1a5e07d
124da07 Update golang.org/x/tools commit hash to 5eefd05 (#378)
915e9ee Update golang.org/x/sys commit hash to b4ddaad (#374)
e7b3ae9 Clarify and add new unit tests for rule G107 (#376)
f90efff Update golang.org/x/tools commit hash to 2dc213d (#375)
90e9759 Update golang.org/x/net commit hash to c858923 (#373)
709ed1b Change rule G204 to be less restrictive (#339)
98749b7 Update golang.org/x/net commit hash to 24e19bd (#372)
d8f6c4f Update golang.org/x/sys commit hash to c3b328c (#371)
3204194 Update golang.org/x/tools commit hash to 92af9d6 (#370)
140048b Update golang.org/x/sys commit hash to 7ad0cfa
a65402b Update golang.org/x/tools commit hash to 6bfd74c (#365)
b9c4c66 Expose analyzer API (#366)
29fddff turn on automerge for rennovate bot
bee7b5a Update golang.org/x/crypto commit hash to 227b76d (#363)
069c31f Update golang.org/x/tools commit hash to 16c5e0f (#362)
3e65f8f Update golang.org/x/sys commit hash to bbd1755 (#361)
f5d5e20 Update golang.org/x/tools commit hash to dd2b5c8 (#360)
a1c9c76 Remove the unused code to increase the test coverage
338b50d Remove rule G105 which detects the use of math/big#Int.Exp
43e3664 Build the tls config generator only with Go versions compatible with Go 1.12
81b6dc8 Regenerate the TLS configuration based on latest Mozilla's recommended ciphers
76ce9f0 Update to config struct to unmarshal the mozilla server-side TLS conf version 5
e050355 Update the TLS config generator to handle TLS version 1.3
c0510fc Update golang.org/x/tools commit hash to 0673112 (#359)
a57a033 Update golang.org/x/sys commit hash to f460065 (#356)
8063751 Update golang.org/x/crypto commit hash to 094676d (#355)
7851918 Add support to exclude arbitrary folders from scanning (#353)
1c35be8 Add renovate.json (#354)
fde1f82 Update the tag format in the release steps (#348)
992f173 Update README file with a note on dependencies (#351)
e442cf3 Add Go 1.13 to the tested version in the travis build file (#350)
4ecbe32 Update go modules to latest compatible version and removed unused dependencies (#349)
8932f70 Add flag to handle '#nosec' alternative (#346)
4b59c94 Prevent null pointer exception in Sonarqube (#334)
39f7e7b Display filtered number of issues instead of total in stats
e28a56a Merge pull request #330 from ccojocar/fix-whitelist-G104
63b44b6 Add some more tests to make codecov happy
1412357 Add some documentation for G104 whitelist configuration Signed-off-by: Cosmin Cojocar cosmin.cojocar@gmx.ch
f344524 Fix the whitelist on G104 rule and add a test
78a4949 Load rules on each code sample in order to reconfigure them
ed9934f Refactor the rules tests to be able to configure the analyzer config per test sample
36a82ea Merge pull request #328 from ccojocar/fix-sonarqute-report
020479a Support multiple root paths when generating the Sonarqube report
46e55b9 Fix the file path in the Sonarqube report
04dc713 One approach for fixing the false positive identified in #325.
196edd3 Add checksum clarification in README
0ebfa2f Rework analyzer unit test to pass the go tip version (#318)
9d9098f print version string (#317)
ee80733 Add a flag to filter issues by confidence (#316)
29cec13 Fix formatting in README, remove prerequisite and reworked the Makefile tests goals (#313)
b68ac76 Fix formatting
3e69a8c Append the package load errors to analyser's errors
aac9b00 Refactor properly the package error parsing and cover all test cases
625718d Refactor the test for Go build errors
3af4ae9 Fix some lint warnings
bac6f0f Add tests for an empty package without any test file
76b2c12 Add a test to cover the processing of empty packages
b04c1ce Fix error parsing from package
92b3644 Fix error parsing when the loaded package is empty
48e3932 Remove tests case from import tracker
25b5a1a Add tests to cover the import tracker from file
5ef2bee Track only the import from the file which is checked
f1ea7f6 Add tests for analyser test pacakge check
6e5135f Update README with some instructions to enable the tests and vendor folder scanning
b49c953 Add a flag which allows to scan also the tests files
f1d49a6 Remove unused code
ed2e0aa Update local install command in README file
4dfaf0a Refactor the analyzer to process one package at the time
adcfe94 Fix test for helpers
5ae5266 Add some tests that covers the helper function which list the package paths
e419eb8 Exclude correctly the vendor folder from the scanned packages
85eb8a5 Scan the go packages path recursively starting from a root folder
8522199 Improve logging in the analyser
ea16ff1 Remove GOPATH check to allow running gosec outside of GOPATH
6c174a6 Update README file
7935fd8 Rework the Dockerfile for Go modules
806908a Remove the dep tool installation from travis CI
950e84c Handle errors to fix lint warnings
ee73b9e Remove dep and Use only Go modules to manage dependencies
85d1808 Go modules support for 1.12 (#297)
eaba99d fix comment.
4cd14f9 remove panic
66e7c8d Extract to a constant
1b28d32 fix sonarIssues struct
8eab50e update README.md to add support of sonarqube.
989eb3f Update Hound errors
ddfe54d Add sonarqube output
c5e6c4a fix no-fail flag logic
2bd007e Update README
8b27d1c Update go version to 1.11.5 in the docker file
9cd538f Fix README typo
62b5195 Report for Golang errors (#284)
9cdfec4 Change test
8048b15 Add more badges in the README file
e2752bc revert to default GOPATH if necessary (#279)
04ce7ba add a no-fail flag
a966ff7 Fix -conf example in README.md
b662615 Fix typo
5d33e6e Update the README with some details about the configuration file
f87af5f Detect the unhandled errors even though they are explicitly ignored if the 'audit: enabled' setting is defined in the global configuration (#274)
14ed63d Do not flag the unhandled errors which are explicitly ignored
12400f9 Update README with the code coverage batch
72e95e8 Geneate and upload the test coverage report to codecove.io
24e3094 Extend the bind rule to handle the case when the net.Listen address in provided from a const
9b32fca Fix the bind rule to handle the case when the arguments of the net.Listen are returned by a function call
f14f17f Add a helper function which extracts the string parameters values of a call expression
2695567 Build the code sample for string builder only fron Go 1.10 onwards
ae82798 Fix the WriteSring test by handling the error
adb4222 whitelist strings.Builder method in rule G104
9b966a4 add test case for strings.Builder G104 whitelist inclusion
4180994 Make G201 ignore CallExpr with no args (#262)
443f84f Fix golint link (#263)
3116b07 Fix typos in comments and rulelist (#256)
e0a150b Merge pull request #254 from kishaningithub/253
97bc137 Add CI Installation steps and correct markdown lint errors
8c09a83 Add install.sh script
d032909 Merge pull request #251 from NeverOddOrEven/fix-html-template
027dc2b This fixes the html template when using '-fmt=html' - resolves HTML escaping issues within the template - resolves reference issues to reportInfo struct i.e. issues -> Issues, metrics -> Stats
f9b4187 Merge pull request #249 from andrewhsu/go
1ecd47e bump Dockerfile golang from 1.10 to 1.11
2cc6838 Merge pull request #248 from ccojocar/code-samples-multiple-files
64d58c2 Refactor the test code sample to support multiple files per sample
d3f1980 Fix false positives for SQL string concatenation with constants from another file (#247)
5f98926 Refactor Dockerfile (#245)
7f6509a Update README.md (#246)
762ff3a Allow quoted strings to be used to format SQL queries (#240)
ec32ce6 Support Go 1.11 (#239)
145f1a0 Removed wrapping feature (#238)
419c929 G107 - SSRF (#236)
63b25c1 Fix typo in README (#235)
7fd9446 update to G304 which adds binary expressions and file joining (#233)
e4ba96a Update README
ec0f8ec Set the GOROOT and GOPATH env variables in Dockerfile
247828c Update docker base image to 1.10.3-alpine3.8
b689199 Add Fprintf to Rule G201
a7cff91 Small update to G201 and added ConcatString Function (#228)
1c438e3 Tweak makefile to match up with docker repo (#231)
9577fd0 Update README
e543f46 Use the Linux build for Docker image
dbd0f8f Use the make build goal when creeating the docker image
f06a84e Merge pull request #227 from ccojocar/sha1
8dfa8dc Update README
fb0dc73 Add sha1 to weak crypto primitives
90a1c1d Merge pull request #225 from jvmatl/jvmatl-patch-1
0d2e16d Document #nosec use with a list of rules
639987a Merge pull request #223 from ccojocar/fail_by_severity
de10a74 Fix the help message
4702cc5 Add a flag to specify the severity for which the scanning will be failed
c0db486 Merge pull request #222 from ccojocar/vendor_folder_flag
6919d97 Add a flag to turn on scanning on vendor folder
f5b44b0 Merge pull request #221 from Quasilyte/quasilyte/dupSubExpr
7d767b4 Merge pull request #220 from Quasilyte/quasilyte/sloppyLen
3c8707c fix duplicated index issue in Less method
2f61fad replace len(x)<=0 with len(x)==0
5fb530c Merge pull request #219 from ccojocar/goreleaser
a8edd07 Update locked dependencies
2a6e887 Use the goreleaser tool to perform releases
5ba6475 Merge pull request #211 from WillAbides/commandcontext
1f9d09d remove extra bracket from test source
6a156e2 Merge branch 'master' into commandcontext
2785f7a Merge pull request #217 from ccojocar/derive_pkg_from_files
4c6396b Derive the package from given files
3f2b814 Update README.md
138e6de Add slack community link (#215)
f254cec Merge pull request #216 from ccojocar/rename_gas_with_gosec
e6641c6 Replace gas with gosec in the README file
893b87b Replace gas with gosec everywhere in the project
da26f64 Rename github org (#214)
1923b6d Rule which detects a potential path traversal when extracting zip archives (#208)
d7ec2fc add CommandContext as subprocess launcher
4ae8c95 Add an option for Go build tags (#201)
7790709 Discard the logs messages if the quite flag is set (#200)
830cb81 Support package resolution and filepaths (#187)
b643ac2 Add rule ID to text output (#198)
c25269e Regenerate the TLS config (#199)
542d0c0 Fix up some mistakes in the README instructions (#195)
e809226 Build improvments (#179)
2115402 Add the rule ID to issues (#188)
a036755 Fix TLS config template (#191)
7116c4d fix fmt errors
ff2b30f Cleanup test output
66aea5c fix gofmt errors
15095a8 Merge branch 'jonmcclintock-nosec-specify-rule'
90fe5cb Port readfile rule to include ID and metadata
58a48c4 Merge branch 'nosec-specify-rule' of git://github.com/jonmcclintock/gas into jonmcclintock-nosec-specify-rule
f3c8d59 Switch to valuespec instead of gendecl for hardcoded credential rule (#186)
e76b258 New Rule Tainted file (#183)
429ac07 Change the exclude syntax to be a part of #nosec
7bb6f00 Merge branch 'master' of https://github.com/GoASTScanner/gas into nosec-specify-rule
57dd25a Add an issue template to the project (#185)
1d9f816 Add support for YAML output format (#177)
18700c2 Style tweak
6b484e7 Run gofmt
105edba Leftover from merge.
48d59d2 Merge branch 'nosec-specify-rule' of github.com:jonmcclintock/gas into nosec-specify-rule
1429033 Add support for #excluding specific rules
3713168 Merge remote-tracking branch 'upstream/master'
c6183b4 Add nil pointer check to rule. (#181)
edb362f Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)
1c58cbd Make the folder permissions more permissive to avoid false positives (#175)
d48668e Merge pull request #170 from cosmincojocar/build_more_checks
777b706 Merge pull request #167 from cosmincojocar/sort_by_severity
7355f0a Fix some gas warnings
230d286 Fix gofmt formatting
e385ab8 Update the build file with more checks
e15c057 Update the build file to validate gas from go version 1.7 onward
84bfbbf Switch to sort Interface to be backward compatible with older go versions
d4ebb03 Sort the issues by severity in descending order before creating the report
6b28d5c Merge pull request #166 from cosmincojocar/fprint_whitelist
ac4622d Merge pull request #165 from cosmincojocar/fix_gas_warnings
a72a21b Merge pull request #164 from cosmincojocar/ssh_rule
6cd7a6d Add Fprint, Fprintf, Fprintln to NoErrorCheck whitelist
c2c2155 Fix some gas warnings
a7cdd9c Add ssh package to the build
179c178 Add some review fixes
f1b903f Update README
d3c3cd6 Add a rule to detect the usage of ssh InsecureIgnoreHostKey function
8b87505 Merge pull request #163 from wongherlung/fix-junit-failure-text
33fff95 Excape html string for junit output.
e92170b Merge pull request #160 from wongherlung/junit-xml-output
862295c Return err instead of panic.
187a711 Unused import
485bc31 Fix go vet errors in tests
f7c31f2 Using godep not glide for dependency management
846c9ff [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
a293098 Merge pull request #161 from jonmcclintock/allow-loader-errors
8125622 Merge pull request #162 from gcmurphy/bugfix
a97a196 Unused import
7c7fe75 Fix go vet errors in tests
b49fef7 Using godep not glide for dependency management
f111d5d [Issue 159] Allow loader errors so that processing continues if there's a package loading problem.
143df04 Fixed typo.
5b91afe Unexport junit xml structs and some further refactoring.
fdc78c0 Changed failure text from json to plaintext.
4059fac Pretty print xml result for better viewing.
1346bd3 Edited README and help text.
2c1a0b8 Refactored code.
7539b37 Added xml header format.
b8cdc32 Working version of xml result format.
07a2eec Merge pull request #156 from gcmurphy/bugfix
5361949 Sending log messages to multiple streams
51b4a4d Merge pull request #138 from jonmcclintock/sqli-format-whitelist
bc2a61b Merge branch 'sqli-format-whitelist' of github.com:jonmcclintock/gas into sqli-format-whitelist
1ca3350 Rebase to master
8eb9cc0 Adjust SQL format-string rules to ignore inherently safe formats
a0fc089 Merge pull request #154 from GoASTScanner/issue/153
806c1d0 Add install instructions
b068284 Merge pull request #152 from ashanbrown/one-build
22dc893 Do a single build for all packages.
085e0f6 Merge pull request #150 from GoASTScanner/experimental
aecbc87 Use explicit packages in call lists
9a2bec1 Merge pull request #149 from GoASTScanner/experimental
b6f85d5 Fix nil pointer dereference in complit types
3520a5a Merge pull request #146 from GoASTScanner/experimental
867d300 Fix lint issues
d452dcb Fix ginko invocation
4c49716 move utils to separate executable
e925d3c Migrated old test cases.
25d74c6 address review comments
af25ac1 fix golint errors picked up by hound-ci
cfa4327 fix hound-ci errors
97cde35 update travis-ci to use ginkgo tests
e3b6fd9 update readme to provide info regarding package level scans
02901b9 actually skip tests until implementation exists
d4311c9 make it clear that these tests have not been implemented yet
67dc432 use godep instead of glide
2b2999b Add tests for excludes with comments
37cada1 Add support for #excluding specific rules
7dfebaf Adjust SQL format-string rules to ignore inherently safe formats
27b2fd9 Merge pull request #136 from lanzafame/experimental
6de76c9 Merge pull request #135 from cosmincojocar/update_mondern_tls_chipers
5a11336 remove commited binary
9c959ca Issue.Line is already a string
3caf7c3 Add test cases
c36954f Add the CHACHA20 to good ciphers in modern tls check
f22c701 Merge pull request #133 from awiens/master
b120a3e Updating Dockerfile with requested changes
5f0f8f8 Adding Docker container and changing README
6943f9e Major rework of codebase
f4b705a Use glide to manage vendored dependencies
026fe4c Simplify analyzer and command line interface
65b18da Hack to address circular dependency in rulelist
5160048 Move rule definitions into own file
50bbc53 Isolate import tracking functionality
bf78d02 Restructure and introduce a standalone config
cacf21f Restructure to focus on lib rather than cli
8df48f9 Fix to reporting to use output formats
9b08174 Process via packages instead of files
1beec25 Merge pull request #128 from cosmincojocar/improve_skip
e94e232 Merge pull request #129 from cosmincojocar/big_exp
7dc4638 Update the README
5b71c2b Add a test for math/big.Int.Exp rule
65b8e74 Add a rule for big.Exp function call
3ae2762 Add support for partial path match in the skip option
0573847 Merge pull request #125 from mockturtl/patch-1
b74c83e BindsToAllNetworkInterfaces should check TLS also
177fa7d Merge pull request #122 from GoASTScanner/testfixes
622440f Correct bad test cases and intermitent failure
5c302fb Merge pull request #121 from cosmincojocar/tls
2262f5d Add a check for PreferServerCipherSuites flag of tls.Config
1c8e7ff Merge pull request #118 from GoASTScanner/issue/117
1c99e45 Fix recursive case on Windows platforms
72caf3d Merge pull request #115 from GoASTScanner/bugfix
3e9b66a Temporarily disable typechecker fatal error
f6aeaa8 Merge pull request #114 from GoASTScanner/feature
4099783 Go 1.5 does not support width precision specifier
4b70300 Exclude vendor directory from go vet
aaddac5 Add the zxcvbn library to vendor list
9bc0239 Introduce entropy checking of string
cc52ef5 Merge pull request #112 from GoASTScanner/bugfix
a7ec9cc Backport test case for 1.5
f9868aa Fix additional test case
ab4867b Fix test cases with invalid sample code
d3f0a08 Report a failure and exit if type checking fails
bc21a39 Merge pull request #110 from GoASTScanner/bugfix
d1303fe Improve specitivity of error message for GenDecl
0545d13 Merge pull request #109 from GoASTScanner/bugfix
1e736c8 Fix test case (invalid sample code)
d1e67fc Ensure hardcoded credentials only examines strings
d4f9b88 Merge pull request #104 from endophage/help_fix
5f1c2df updating skip cli help and readme description
c68ed64 Merge pull request #102 from GoASTScanner/bugfix
94ac200 Tests broken if logger is not initialized
1ba8b93 Reduce logging messages a tad
465338b Merge pull request #101 from GoASTScanner/bugfix
191750f Recreate fileset each time we process a file
b5308ff Merge pull request #98 from endophage/recursive
365e9f6 Merge pull request #99 from mcpeak/fix-nosec
1a481fa adding support for arbitrary paths with ...
942f40a Fix nosec to work as documented
3911321 Merge pull request #97 from GoASTScanner/experimental
6ace60b Address unhandled error conditions
8f78248 Merge pull request #92 from GoASTScanner/experimental
e1e435c Merge pull request #93 from GoASTScanner/bugfix
dcfd97c Remove ast.Print debug message from tryresolve
129be15 Update error test case
5242a2c Extend helpers and call list
d29c648 Add match call by type
d30c5cd Merge pull request #91 from GoASTScanner/experimental
63e8b1a Update unsafe rule to match package explicitly
b26f5cf Merge pull request #90 from GoASTScanner/experimental
39b18a1 Remove debug print messages
5b3192b Merge pull request #88 from GoASTScanner/experimental
ca42de2 Initialize fresh import info for each file
6ef59ba Merge pull request #86 from GoASTScanner/experimental
c7bb2dd Fix additional crash condition
5012c34 Handle inbalanced declaration of constants
9301684 Merge pull request #83 from GoASTScanner/experimental
a3fcd96 Update hardcoded credentials rule for GenDecls
bf103da Allow rules to register against multiple ast nodes
c6587df Merge pull request #82 from GoASTScanner/experimental
1d732b8 Ensure os.OpenFile file permissions are checked
423a303 Merge pull request #81 from GoASTScanner/experimental
97dcc72 Incorrect rule mapping in rulelist
7dd3032 Merge pull request #76 from GoASTScanner/experimental
be96ef2 Fix alias logic
c833bfa Merge branch 'tam7t-rand-pkg-helper'
e0db3f4 Merge branch 'rand-pkg-helper' of git://github.com/tam7t/gas into tam7t-rand-pkg-helper
9f54d25 Merge pull request #75 from GoASTScanner/experimental
20f2a98 Ensure initialization only imports are ignored
7a275fd MatchCallByPackage updated to avoid GetCallObject
d163260 Merge pull request #71 from GoASTScanner/call_list
238d1e0 Merge pull request #73 from GoASTScanner/tools
b02c0fa Add imports dumper
2c9d8fc Skip files if they don't exist
d205060 Update to dump specific context information
d8bf436 Merge pull request #72 from GoASTScanner/tools
14e6635 Add tool to inspect call objects in file
0bc4d48 Add an experimental way to whitelist calls
afb84ff rand: use a MatchCallByPackage helper
8a473c7 Merge pull request #69 from GoASTScanner/helpers
0fef3ad Split out MatchCallByObject into two functions
ce2c328 Merge pull request #68 from GoASTScanner/command_line_fixes
f71ade6 Update usage to indicate html is supported
d72cee8 Add quiet mode
9fa0b72 Merge pull request #67 from GoASTScanner/use_types
c405754 Add MatchCall helper that utilizes type checker
9e2abd5 Merge pull request #66 from csstaub/cs/html-output
aadcf8d Merge pull request #60 from tam7t/fix-rand
4ff5915 rand: refactor to use types package
75e0e1a rand: resolve math/rand package
068e8a8 Merge pull request #65 from GoASTScanner/sql_fix
d60a2b4 Confirmed correct behavior for SQL tests
853b097 Merge pull request #63 from GoASTScanner/travis_ci
686927c Address go vet failure in SQL rule
344ebd1 Add go vet to travis-ci
65d572f Merge pull request #62 from GoASTScanner/correct_imports
74b6633 Updated imports to new repository location.
b8ce40e Remove debugging println
4cd269f Merge pull request #58 from levigross/master
9c3c102 Fixed comment
b92fa02 Make sure to exit 1 if we find an issue
fadc6d4 Merge pull request #52 from gcmurphy/use_glob
b8e78c6 Merge pull request #56 from s7v7nislands/fix_unsafe
eedb0c2 fix fmt
92dda9c fix unsafe check
911c696 Add support for HTML output
59fbf74 Refactor path matching logic
a4fd848 Merge pull request #49 from gcmurphy/master
7f4bdd5 Merge pull request #48 from gcmurphy/godoc
d05a241 MatcMatchCompLit should be MatchCompList
b5a98c1 Add godocs.org bagdge
9ca975d Add gas to .gitignore
0ee8e1b Merge pull request #47 from gcmurphy/readme
0bce177 Fix typos in godocs
bb42840 Merge pull request #42 from HewlettPackard/code_docs
e4b1e28 Merge pull request #46 from drewwells/feature/exclusions
a2b7f3e Add LICENSE information to README.md
929edb4 Update README.md to use rule ID's
365ae31 prefix patterns with **/ to match subdirectories
223cded Adding some inline documentation for godoc
37205e9 Merge pull request #41 from HewlettPackard/usage
df373b8 Fix usage information
82947bb Merge pull request #39 from HewlettPackard/rule_selection
713949f Rule selection rules
51ffe1b Merge pull request #40 from dragonndev/master
b29e45f Merge pull request #38 from HewlettPackard/cli_docs
5b867f2 Clarified output format options.
6d831c0 Updating docs for new CLI "skip" option
235308f Merge pull request #35 from HewlettPackard/config_cli
e3b1d33 Configuration
4e30ca3 Merge pull request #37 from HewlettPackard/travis_ci
9521472 Add build status to README.md
58e6823 Merge pull request #36 from HewlettPackard/travis_ci
f36388a Merge pull request #34 from HewlettPackard/blacklist
9bd62d1 Add travis ci profile
45f3b5f Creating blacklist import rules
7e1d7ee Merge pull request #33 from HewlettPackard/config_fix
da55fd1 Fixing config
84f0162 Merge pull request #32 from HewlettPackard/resolve_1
d2d49f1 Try to resolve all elements in an expression to a known const
12d370b Merge pull request #31 from HewlettPackard/config
d4367de Adding a config block to the analyzer, parsed from JSON
8261ee5 Merge pull request #29 from HewlettPackard/fix_regexp
cee5fad Fix incorrect regexp matches
0bf1ece Merge pull request #27 from cwkuo/fix-windows-file-contains
0737ea6 Fix os.IsExist() condition in filelist.Contains()
b659538 Merge pull request #26 from HewlettPackard/fix_annotations
68aac25 Fixing annotations
28f0f1a Merge pull request #23 from csstaub/cs/detect-math-rand
c53af75 Detect use of rand.Read from math/rand
c5d2715 Merge pull request #24 from csstaub/cs/smarter-creds-check
e86addb Merge pull request #22 from csstaub/cs/csv
3cd0ebe Smarter hard-coded credentials check
2ec102c Use encoding/csv for CSV output
81b5e98 Merge pull request #21 from HewlettPackard/better_sql
3e4d96e Better SQLi testing
2d0a26d Merge pull request #18 from HewlettPackard/issue16
48910f5 Merge pull request #20 from hyakuhei/Fix_Readme
9651a40 Fixed-up some language in README.md
0dd7ec9 Merge pull request #19 from HewlettPackard/issue17
1cff726 Fix exclude documentation
a7ebf35 Expand cases accepted by -exclude
debb1f5 Merge pull request #14 from csstaub/cs/fix-json
271cff1 Use encoding/json for -fmt json output
50fb7f4 Merge pull request #10 from HewlettPackard/issue9
37cc56d Merge pull request #11 from csstaub/cs/fix-json
c6e25a9 Make sure -fmt json produces valid output
2f84b67 Handle import error rather than panic on failure
9ce14dc Disclaimer about project status
f9bf428 Merge pull request #6 from HewlettPackard/tools
0bd254c Check input files and handle panic condition
e2caa92 Merge pull request #5 from HewlettPackard/docs
2cac390 Update the README to include newer rules
59deedb Merge pull request #4 from HewlettPackard/httpoxy
3615933 Adding check for httpoxy
4f3d620 Initial public release