Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / cosmos/gosec issues and pull requests
#70 - disable map check
Pull Request -
State: closed - Opened by tac0turtle over 1 year ago
#69 - Deadlock between gosec and golint
Issue -
State: open - Opened by kocubinski over 1 year ago
#68 - rules/sdk: exempt "core", "runtime" from map iteration checks
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#67 - rules/sdk/blocklist: permit depinject to import unsafe
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#66 - rules/sdk: allow hash.Hash.Write et al to ignore errors since contract permits
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
- 1 comment
#65 - analyzer: parallelize (*Analyzer).Process for better CPU use
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
- 2 comments
#64 - rules/sdk: allow packages with */crypto/* to import unsafe
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#63 - rules/sdk: G702: Blocklisted import crypto/rand should not flag for crypto related code
Issue -
State: closed - Opened by odeke-em over 1 year ago
#62 - rules/sdk: G703 errors not propagated should obey hash.Hash.Write not returning an error
Issue -
State: open - Opened by odeke-em over 1 year ago
#61 - analyzer: skip over files under /tests
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#60 - rules: skip over directories under /tests/ and testutil
Issue -
State: closed - Opened by odeke-em over 1 year ago
#59 - Enhancement: check use of Quo functions occurring before Mul
Issue -
State: open - Opened by johnsaigle over 1 year ago
- 1 comment
#58 - rules/sdk: intelligently flag overflowing uint*->uint* + int*->int* conversions
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
- 2 comments
#57 - rules/sdk: just aliasing an integer type prevents it from being checked
Issue -
State: closed - Opened by odeke-em over 1 year ago
Labels: bug
#56 - rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive
Issue -
State: closed - Opened by odeke-em over 1 year ago
- 1 comment
Labels: bug
#55 - rules/sdk: more accurately determine overflow for *int*(len(...)) by type & 32/64-bit architectures
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#54 - rules/sdk: potential integer flow: do not flag any value with uint(,32,64)(len(...)) depending on bitsize because by the spec len can never be negative but even int will always fit inside uint, uint32, uint64
Issue -
State: closed - Opened by odeke-em over 1 year ago
Labels: bug, enhancement
#53 - (*Analyzer).Check: skip analyzing files within */testutil/*
Pull Request -
State: closed - Opened by odeke-em over 1 year ago
#52 - all: exclude traversing the "*/testutil/*" directory from checks
Issue -
State: closed - Opened by odeke-em over 1 year ago
#51 - rules/sdk: exclude "testutil" from map ranging checks
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
- 1 comment
#50 - rules/sdk: skip map iteration checks for testutil code
Issue -
State: closed - Opened by odeke-em almost 2 years ago
Labels: bug
#49 - rules/errors: allow hash.Hash.Write to not return an error as its Go contract holds
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
- 1 comment
#48 - .github/workflows/ci: test on Go1.17,1.18,1.19
Pull Request -
State: open - Opened by odeke-em almost 2 years ago
#47 - all: fix tests by migrating to github.com/onsi/ginkgo/v2
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
- 1 comment
#46 - rules/sdk: sdk allow unsafe+*/rand in specific packages
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
- 1 comment
#45 - errors: do not report a unhandled error on hash.Hash.Write code which by contract WILL NEVER return an error
Issue -
State: closed - Opened by odeke-em almost 2 years ago
Labels: bug, ux
#44 - rules/sdk: ignore unsafe imports inside any simapp or simulation, cryptographic, testing related code
Issue -
State: closed - Opened by odeke-em almost 2 years ago
Labels: enhancement, ux
#43 - rules/sdk: flag methods inside sort comparators to avoid quadratic worst case time & memory consumption: instead recommend O(n) computations and memoization of results
Issue -
State: open - Opened by odeke-em almost 2 years ago
Labels: enhancement
#42 - Suggestions for improving install process
Issue -
State: open - Opened by johnsaigle almost 2 years ago
#41 - analyzer: move generated file filtering to ast.Walk phase not in package building
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
#40 - analyzer: do not analyze generated go files
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
#39 - output: fix sarif formatting
Pull Request -
State: closed - Opened by kirbyquerby almost 2 years ago
#38 - Generated SARIF file is not valid SARIF
Issue -
State: closed - Opened by v-homsi almost 2 years ago
- 5 comments
#37 - all: alter/remove references to securego
Pull Request -
State: closed - Opened by kirbyquerby almost 2 years ago
- 1 comment
#36 - rules/sdk: flag panics in BeginBlock/Endblock
Issue -
State: open - Opened by odeke-em almost 2 years ago
#35 - .github: add actions to build and release docker image on ghcr
Pull Request -
State: closed - Opened by kirbyquerby almost 2 years ago
- 3 comments
#34 - go.mod: fix go vet go.sum complaints
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
#33 - all: migrate from github.com/informalsystems/* to github.com/cosmos/*
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
#32 - gosec docker image has been removed, which breaks github actions
Issue -
State: closed - Opened by asalzmann almost 2 years ago
- 11 comments
#31 - all: update Docker image and built to use Informal Systems
Pull Request -
State: closed - Opened by odeke-em almost 2 years ago
#30 - rules/sdk: iterate over maps should suppress protobuf related code and auto-generated code in pb.go and pb.*.go files
Issue -
State: closed - Opened by odeke-em almost 2 years ago
- 3 comments
#29 - rules/sdk: permit additional map copying format
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 3 comments
#28 - rules/sdk: permit map copying in G705
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 1 comment
#27 - rules/sdk: add check for missing .IsNil check before deference after being cast from an interface{} to avoid nil pointer dereferences
Issue -
State: open - Opened by odeke-em about 2 years ago
- 1 comment
Labels: enhancement
#26 - build docker image and use it in action.yml
Issue -
State: closed - Opened by kirbyquerby about 2 years ago
- 7 comments
#25 - rules/sdk: use ctx.Info.TypeOf() to get types
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 1 comment
#24 - rules/sdk: G705 should allow map copying
Issue -
State: closed - Opened by kirbyquerby about 2 years ago
- 1 comment
#23 - analyzer.go: add support for nested go modules
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 1 comment
#22 - .github: upgrade to actions/go + add go mod caching
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
#21 - all: fix/suppress remaining warnings
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 2 comments
#20 - rules/sdk: handle two integer overflow edge cases
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
- 3 comments
#19 - rules/sdk: fix errors related to iterate_over_maps rule
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
#18 - all: rename imports from securego/gosec -> informalsystems/gosec
Pull Request -
State: closed - Opened by kirbyquerby about 2 years ago
#17 - Consider how this tool compares to codeql
Issue -
State: open - Opened by ebuchman about 2 years ago
#16 - Update go.mod
Pull Request -
State: closed - Opened by faddat over 2 years ago
#15 - all: reverse conditional refactor to reduce nesting
Pull Request -
State: closed - Opened by odeke-em over 2 years ago
#14 - rules/sdk: G701 IntegerCast invalid warnings casting int to int64
Issue -
State: open - Opened by odeke-em over 2 years ago
Labels: bug
#13 - rules/sdk: improve maps iteration check with more statement handling
Pull Request -
State: closed - Opened by odeke-em over 2 years ago
#12 - rules/sdk: add pass to reject time.Now()
Pull Request -
State: open - Opened by odeke-em over 2 years ago
#11 - rename to cosmsec
Issue -
State: open - Opened by faddat over 2 years ago
- 3 comments
#10 - Update ci.yml
Pull Request -
State: closed - Opened by faddat over 2 years ago
#9 - Update Makefile
Pull Request -
State: closed - Opened by faddat over 2 years ago
#8 - Update to go 1.17
Pull Request -
State: closed - Opened by faddat over 2 years ago
#7 - Update README.md
Pull Request -
State: closed - Opened by faddat over 2 years ago
- 1 comment
#6 - rules/sdk: add a README
Pull Request -
State: closed - Opened by odeke-em over 2 years ago
#5 - rules/sdk: implement pass to only permit key iteration over maps, not value
Pull Request -
State: closed - Opened by odeke-em over 2 years ago
#4 - rules/sdk: detect overflowing bitsize in strconv.ParseUint in cast to int*
Pull Request -
State: closed - Opened by odeke-em over 2 years ago
- 2 comments
#3 - rules/sdk: add pass to detect overflowing with bitsize from strconv.ParseUint when cast into an int*
Issue -
State: closed - Opened by odeke-em over 2 years ago
#2 - rules/sdk: is it pedantic to reject reflect, runtime, math/rand, crypto/rand?
Issue -
State: open - Opened by odeke-em over 2 years ago
- 3 comments
#1 - Static Analyzer for the SDK
Issue -
State: open - Opened by ebuchman over 2 years ago
- 6 comments