Gosec rules 1

Julian Thome requested to merge gosec-rules into main Sep 13, 2021

Integrating gosec rules. This MR relates to gitlab-org/gitlab#339865 (closed)

G101: Look for hard coded credentials
G102: Bind to all interfaces
G103: Audit the use of unsafe block
G104: Audit errors not checked
G106: Audit the use of ssh.InsecureIgnoreHostKey
G107: Url provided to HTTP request as taint input
G108: Profiling endpoint automatically exposed on /debug/pprof
G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32
G110: Potential DoS vulnerability via decompression bomb
G201: SQL query construction using format string
G202: SQL query construction using string concatenation
G203: Use of unescaped data in HTML templates
G204: Audit use of command execution
G301: Poor file permissions used when creating a directory
G302: Poor file permissions used with chmod

Edited Sep 16, 2021 by Julian Thome

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking