Gosec rules 1
Integrating gosec rules. This MR relates to gitlab-org/gitlab#339865 (closed)
-
G101: Look for hard coded credentials -
G102: Bind to all interfaces -
G103: Audit the use of unsafe block -
G104: Audit errors not checked -
G106: Audit the use of ssh.InsecureIgnoreHostKey -
G107: Url provided to HTTP request as taint input -
G108: Profiling endpoint automatically exposed on /debug/pprof -
G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32 -
G110: Potential DoS vulnerability via decompression bomb -
G201: SQL query construction using format string -
G202: SQL query construction using string concatenation -
G203: Use of unescaped data in HTML templates -
G204: Audit use of command execution -
G301: Poor file permissions used when creating a directory -
G302: Poor file permissions used with chmod
Edited by Julian Thome