Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGSEGV: segmentation violation #174

Closed
ericwb opened this issue Feb 14, 2018 · 15 comments
Closed

SIGSEGV: segmentation violation #174

ericwb opened this issue Feb 14, 2018 · 15 comments

Comments

@ericwb
Copy link
Contributor

ericwb commented Feb 14, 2018

When using gas to scan golang.org/x/crypto/acme/autocert/autocert.go, I get the following segmentation violation:

[gas] 2018/02/13 16:08:38 Checking package: autocert
[gas] 2018/02/13 16:08:38 Checking file: /Users/browne/workspace/go/src/golang.org/x/crypto/acme/autocert/autocert.go
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x126a7ec]
goroutine 1 [running]:
github.com/GoASTScanner/gas/rules.(*insecureConfigTLS).Match(0xc42007d920, 0x1474fc0, 0xc420239ec0, 0xc420054400, 0x1, 0xdc0000c420c2cb48, 0xc42017a928)
	/Users/browne/go/src/github.com/GoASTScanner/gas/rules/tls.go:109 +0x7c
github.com/GoASTScanner/gas.(*Analyzer).Visit(0xc4200841e0, 0x1474fc0, 0xc420239ec0, 0x2, 0x14e2fe0)
	/Users/browne/go/src/github.com/GoASTScanner/gas/analyzer.go:171 +0x1c5
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1474fc0, 0xc420239ec0)
	/usr/local/go/src/go/ast/walk.go:52 +0x66
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1475940, 0xc420240e80)
	/usr/local/go/src/go/ast/walk.go:143 +0x15df
go/ast.walkExprList(0x1473980, 0xc4200841e0, 0xc4205a7e70, 0x1, 0x1)
	/usr/local/go/src/go/ast/walk.go:26 +0x81
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1474c40, 0xc420239f00)
	/usr/local/go/src/go/ast/walk.go:207 +0x211f
go/ast.walkStmtList(0x1473980, 0xc4200841e0, 0xc420244000, 0x3, 0x4)
	/usr/local/go/src/go/ast/walk.go:32 +0x81
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1474e80, 0xc420244040)
	/usr/local/go/src/go/ast/walk.go:238 +0x1e95
go/ast.walkStmtList(0x1473980, 0xc4200841e0, 0xc420244100, 0x3, 0x4)
	/usr/local/go/src/go/ast/walk.go:32 +0x81
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1474dc0, 0xc42023b350)
	/usr/local/go/src/go/ast/walk.go:224 +0x1b71
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1475900, 0xc42023b380)
	/usr/local/go/src/go/ast/walk.go:254 +0x1212
go/ast.walkStmtList(0x1473980, 0xc4200841e0, 0xc4205bc780, 0x5, 0x8)
	/usr/local/go/src/go/ast/walk.go:32 +0x81
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1474dc0, 0xc42023b560)
	/usr/local/go/src/go/ast/walk.go:224 +0x1b71
go/ast.Walk(0x1473980, 0xc4200841e0, 0x1475240, 0xc42023b590)
	/usr/local/go/src/go/ast/walk.go:344 +0xd83
go/ast.walkDeclList(0x1473980, 0xc4200841e0, 0xc42046d400, 0x2b, 0x40)
	/usr/local/go/src/go/ast/walk.go:38 +0x81
go/ast.Walk(0x1473980, 0xc4200841e0, 0x14751c0, 0xc4205bcf80)
	/usr/local/go/src/go/ast/walk.go:353 +0x266f
github.com/GoASTScanner/gas.(*Analyzer).Process(0xc4200841e0, 0xc42004a8d0, 0x1, 0x1, 0x1, 0xc42004a8d0)
	/Users/browne/go/src/github.com/GoASTScanner/gas/analyzer.go:141 +0x57d
main.main()
	/Users/browne/go/src/github.com/GoASTScanner/gas/cmd/gas/main.go:224 +0x459

To reproduce:

go get golang.org/x/crypto/ssh
cd /Users/browne/workspace/go/src/golang.org
gas x/crypto/acme/autocert/
@ccojocar
Copy link
Member

@ericwb I can reproduce the crash with the latest gas version. Please could you provide more info?

I tried this:

go get  golang.org/x/crypto/acme
cd $GOPATH/src/golang.org/x/crypto/acme

gas ./...

[gas] 2018/02/14 10:58:58 including rules: default
[gas] 2018/02/14 10:58:58 excluding rules: default
[gas] 2018/02/14 10:58:58 Searching directory: /Users/cosmin/go/src/golang.org/x/crypto/acme
[gas] 2018/02/14 10:58:58 Searching directory: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert
[gas] 2018/02/14 10:59:00 Checking package: acme
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/acme.go
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/jws.go
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/types.go
[gas] 2018/02/14 10:59:00 Checking package: autocert
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/cache.go
[gas] 2018/02/14 10:59:00 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/renewal.go
Results:

[/Users/cosmin/go/src/golang.org/x/crypto/acme/acme.go:149] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > json.NewDecoder(res.Body).Decode(&v)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/acme.go:457] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > res.Body.Close()


[/Users/cosmin/go/src/golang.org/x/crypto/acme/acme.go:465] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > res.Body.Close()


[/Users/cosmin/go/src/golang.org/x/crypto/acme/acme.go:729] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > b, _ := ioutil.ReadAll(resp.Body)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/jws.go:40] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > hash.Write([]byte(phead + "." + payload))


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:214] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.cachePut(name, cert)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:522] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.cachePut(name, cert)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:532] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.Cache.Delete(context.Background(), name)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/cache.go:126] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > f.Close()


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/renewal.go:106] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > dr.m.cachePut(dr.domain, tlscert)


Summary:
   Files: 6
   Lines: 2356
   Nosec: 0
  Issues: 10

@ericwb
Copy link
Contributor Author

ericwb commented Feb 14, 2018
edited
Loading

The error occurs specifically on the autocert package. So try:

gas x/crypto/acme/autocert/

@ccojocar
Copy link
Member

I still cannot reproduce it. Do you use the latest gas version from master? Which is your Go version and OS?

My Go version:

go version
go version go1.9 darwin/amd64

gas x/crypto/acme/autocert
[gas] 2018/02/15 09:25:47 including rules: default
[gas] 2018/02/15 09:25:47 excluding rules: default
[gas] 2018/02/15 09:25:47 Searching directory: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert
[gas] 2018/02/15 09:25:48 Checking package: autocert
[gas] 2018/02/15 09:25:48 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go
[gas] 2018/02/15 09:25:48 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/cache.go
[gas] 2018/02/15 09:25:48 Checking file: /Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/renewal.go
Results:

[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:214] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.cachePut(name, cert)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:522] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.cachePut(name, cert)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/autocert.go:532] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.Cache.Delete(context.Background(), name)


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/cache.go:126] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > f.Close()


[/Users/cosmin/go/src/golang.org/x/crypto/acme/autocert/renewal.go:106] - Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > dr.m.cachePut(dr.domain, tlscert)


Summary:
   Files: 3
   Lines: 1048
   Nosec: 0
  Issues: 5

@peyoh
Copy link

peyoh commented Feb 23, 2018
edited
Loading

Hello,
I also have such issue, but on another file - selected from a Hyperledger project.
It's definitely related to G402

go version
go version go1.9.4 linux/amd64

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x4a3333]

goroutine 1 [running]:
panic(0x6b6a60, 0xc42000e0d0)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/GoASTScanner/gas/rules.(*insecureConfigTLS).Match(0xc42000b1a0, 0x84eca0, 0xc42012ad40, 0xc42012a3c0, 0x1, 0x84ee00, 0xc420653048)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/rules/tls.go:111 +0x83
github.com/GoASTScanner/gas.(*Analyzer).Visit(0xc42004e140, 0x84eca0, 0xc42012ad40, 0x84d920, 0xc42004e140)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/analyzer.go:171 +0x1e2
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eca0, 0xc42012ad40)
        /usr/local/go/src/go/ast/walk.go:52 +0x63
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eee0, 0xc4203ba2a0)
        /usr/local/go/src/go/ast/walk.go:151 +0x43e
go/ast.walkExprList(0x84d920, 0xc42004e140, 0xc42012ad80, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:26 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eca0, 0xc42012adc0)
        /usr/local/go/src/go/ast/walk.go:104 +0x551
go/ast.walkExprList(0x84d920, 0xc42004e140, 0xc420082d80, 0x5, 0x8)
        /usr/local/go/src/go/ast/walk.go:26 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eca0, 0xc42012b140)
        /usr/local/go/src/go/ast/walk.go:104 +0x551
go/ast.walkExprList(0x84d920, 0xc42004e140, 0xc42012b480, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:26 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eba0, 0xc42012b4c0)
        /usr/local/go/src/go/ast/walk.go:137 +0x1233
go/ast.walkExprList(0x84d920, 0xc42004e140, 0xc420413920, 0x1, 0x1)
        /usr/local/go/src/go/ast/walk.go:26 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eaa0, 0xc42012b500)
        /usr/local/go/src/go/ast/walk.go:207 +0x2479
go/ast.walkStmtList(0x84d920, 0xc42004e140, 0xc42012b540, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:32 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eb60, 0xc4203baae0)
        /usr/local/go/src/go/ast/walk.go:224 +0x1d48
go/ast.Walk(0x84d920, 0xc42004e140, 0x7faeff464b10, 0xc4203bab10)
        /usr/local/go/src/go/ast/walk.go:344 +0xf03
go/ast.walkDeclList(0x84d920, 0xc42004e140, 0xc420082e80, 0x8, 0x8)
        /usr/local/go/src/go/ast/walk.go:38 +0x89
go/ast.Walk(0x84d920, 0xc42004e140, 0x84eda0, 0xc420082f00)
        /usr/local/go/src/go/ast/walk.go:353 +0x29e4
github.com/GoASTScanner/gas.(*Analyzer).Process(0xc42004e140, 0xc4204129d0, 0x1, 0x1, 0x1, 0xc4204129d0)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/analyzer.go:141 +0xb00
main.main()
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/cmd/gas/main.go:224 +0x437

Attached file is renamed to .txt

fsm.txt

P.P.
But file mentioned by @ericwb is verified without any problem.

@ccojocar ccojocar mentioned this issue Feb 23, 2018
Closed
@ccojocar
Copy link
Member

@peyoh Please could you check if the panic still occur with this fix? It would be great if you could point me to the package from where the attached code originates.

Somehow, I cannot reproduce it on my machine:

gas ./...
[gas] 2018/02/23 14:14:39 including rules: default
[gas] 2018/02/23 14:14:39 excluding rules: default
[gas] 2018/02/23 14:14:39 Searching directory: /home/cosmin/go/src/github.com/cosmincojocar/gas
/home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go:55:2: undeclared name: logger
/home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go:59:2: undeclared name: logger
/home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go:63:2: undeclared name: logger
/home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go:67:2: undeclared name: logger
/home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go:71:2: undeclared name: logger
[gas] 2018/02/23 14:14:40 Checking package: core
[gas] 2018/02/23 14:14:40 Checking file: /home/cosmin/go/src/github.com/cosmincojocar/gas/fsm.go
Results:

Summary:
   Files: 1
   Lines: 72
   Nosec: 0
  Issues: 0

@peyoh
Copy link

peyoh commented Feb 26, 2018

Hi @cosmincojocar ,

/fabric/core/fsm.go

The file is from a project:

Hyperledger fabric

@peyoh
Copy link

peyoh commented Feb 26, 2018

@cosmincojocar

It's quite possible, that something in the install process could be wrong.

  1. I've installed gas:
    go get github.com/GoASTScanner/gas/cmd/gas/...
  2. I've installed tls observatory:
    https://github.com/mozilla/tls-observatory.git
    cd tls-observatory/
    make

Because I'm not Golang developer,
can you tell me after some modifications in the gas code, how I can recompile the binary?
I need this in order to check if the fix in rules/tls.go works.

BRS/
Peyo

@ccojocar
Copy link
Member

@peyoh you can clone the repo, checkout the branch with the fix. And then run these commands in the root of the repository:

godep restore

go build -o gas ./cmd/gas/

You should have a local gas binary which you can use to analyze the code.

@peyoh
Copy link

peyoh commented Feb 26, 2018

@cosmincojocar
Nope.
The issue is somewhere there:

c.Info.TypeOf(complit.Type).String() == t.requiredType

@ccojocar
Copy link
Member

@peyoh Do I understand correctly? Is the fix effective?

@ericwb
Copy link
Contributor Author

ericwb commented Feb 27, 2018

Sorry for the late reply. This is my go version.

browne-m01:lookup_plugins browne$ go version
go version go1.9.4 darwin/amd64

@ericwb ericwb closed this as completed Feb 27, 2018
@ericwb ericwb reopened this Feb 27, 2018
gcmurphy added a commit to gcmurphy/gosec that referenced this issue Feb 27, 2018
@gcmurphy
Add nil pointer check to rule.
2aa90bf 
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Closes securego#174
@gcmurphy gcmurphy mentioned this issue Feb 27, 2018
Merged
@gcmurphy
Copy link
Member

I'm having problems reproducing either of these crashes using current version gas on master as well. Can you confirm the commit your built / running against like so:

➜  gas git:(master) ✗ cd $GOPATH/src/github.com/GoASTScanner/gas && git rev-parse HEAD        
edb362fc9d80dd292e27f32a8070494d52d66ed9

In any case I've identified one potential cause in #181. @cosmincojocar I think this is more likely the culprit than the context being nil as in #180 as the failure is too consistently in the TLS rule, and other rules will break if the context is nil.

@peyoh
Copy link

peyoh commented Feb 27, 2018
edited
Loading

Hello,
the issue is still here.

#uname -na
Linux  3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
#go version
#go version go1.9.4 linux/amd64
#git rev-parse HEAD edb362fc9d80dd292e27f32a8070494d52d66ed9
#git checkout
#go build -o gas ./cmd/gas/
# cd /home/test/fabric/core
# gas -include=G402 ./...

[gas] 2018/02/27 14:46:34 Checking file: /home/test/hyper/fabric/core/fsm.go
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x66cfbc]

goroutine 1 [running]:
github.com/GoASTScanner/gas/rules.(*insecureConfigTLS).Match(0xc42000eff0, 0x87a020, 0xc4202bfc40, 0xc420054400, 0x879d01, 0xc42e2e6a08, 0x513b4e)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/rules/tls.go:111 +0x7c
github.com/GoASTScanner/gas.(*Analyzer).Visit(0xc4200841e0, 0x87a020, 0xc4202bfc40, 0x8789a0, 0xc4200841e0)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/analyzer.go:171 +0x1c5
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a020, 0xc4202bfc40)
        /usr/local/go/src/go/ast/walk.go:52 +0x66
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a560, 0xc42023a5d0)
        /usr/local/go/src/go/ast/walk.go:151 +0x3b5
go/ast.walkExprList(0x8789a0, 0xc4200841e0, 0xc4202bfc80, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:26 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a020, 0xc4202bfcc0)
        /usr/local/go/src/go/ast/walk.go:104 +0x43e
go/ast.walkExprList(0x8789a0, 0xc4200841e0, 0xc420ce3200, 0x5, 0x8)
        /usr/local/go/src/go/ast/walk.go:26 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a020, 0xc420272040)
        /usr/local/go/src/go/ast/walk.go:104 +0x43e
go/ast.walkExprList(0x8789a0, 0xc4200841e0, 0xc420272380, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:26 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x879ea0, 0xc4202723c0)
        /usr/local/go/src/go/ast/walk.go:137 +0x1082
go/ast.walkExprList(0x8789a0, 0xc4200841e0, 0xc420cc6e50, 0x1, 0x1)
        /usr/local/go/src/go/ast/walk.go:26 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x879ca0, 0xc420272400)
        /usr/local/go/src/go/ast/walk.go:207 +0x211f
go/ast.walkStmtList(0x8789a0, 0xc4200841e0, 0xc420272440, 0x3, 0x4)
        /usr/local/go/src/go/ast/walk.go:32 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x879e20, 0xc42023ae10)
        /usr/local/go/src/go/ast/walk.go:224 +0x1b71
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a2a0, 0xc42023ae40)
        /usr/local/go/src/go/ast/walk.go:344 +0xd83
go/ast.walkDeclList(0x8789a0, 0xc4200841e0, 0xc420ce3300, 0x8, 0x8)
        /usr/local/go/src/go/ast/walk.go:38 +0x81
go/ast.Walk(0x8789a0, 0xc4200841e0, 0x87a220, 0xc420ce3380)
        /usr/local/go/src/go/ast/walk.go:353 +0x266f
github.com/GoASTScanner/gas.(*Analyzer).Process(0xc4200841e0, 0xc420d50800, 0x5c, 0x80, 0x41, 0xc420d50800)
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/analyzer.go:141 +0x57d
main.main()
        /home/peyo/test/hyper/projects/src/src/github.com/GoASTScanner/gas/cmd/gas/main.go:224 +0x459

gcmurphy added a commit that referenced this issue Feb 27, 2018
@gcmurphy
Add nil pointer check to rule. (#181)
c6183b4 
TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174
@gcmurphy gcmurphy reopened this Feb 27, 2018
@gcmurphy
Copy link
Member

@peyoh Thanks for your help to debunk this. I've just merged a change that hopefully will address this problem for you. Can you retry with the #181 ?

@gcmurphy
Copy link
Member

gcmurphy commented Mar 5, 2018

I'm going to close this for now. I think #181 is the correct fix for this bug. If anybody hits it again please re-open.

@gcmurphy gcmurphy closed this as completed Mar 5, 2018
gcmurphy pushed a commit that referenced this issue Mar 8, 2018
@wileystar @gcmurphy
New Rule Tainted file (#183)
e76b258 
* Add a tool to generate the TLS configuration form Mozilla's ciphers recommendation (#178)

* Add a tool which generates the TLS rule configuration from Mozilla server side
TLS configuration

* Update README

* Remove trailing space in README

* Update dependencies

* Fix the commends of the generated functions

* Add nil pointer check to rule. (#181)

TypeOf returns the type of expression e, or nil if not found. We are
calling .String() on a value that may be nil in this clause.

Relates to #174

* Add support for YAML output format (#177)

* Add YAML output format

* Update README

* added rule to check for tainted file path

* added #nosec to main/issue.go

* updated test case import
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gcmurphy @ccojocar @ericwb @peyoh