Closed expp121 closed 2 months ago
@expp121 There seems to be some lint warnings, please could you fix them. I think the test file needs to be formatted. Thanks
Thank you for the advice @ccojocar! I hope I've fixed (quite new to github actions) the issue with the most recent commit.
I would also like to ask whether the analyzer_test.go file, should contain a license of some sort?
I would also like to ask whether the analyzer_test.go file, should contain a license of some sort?
@expp121 Yeah, it should have the same Apache license header file like the other files with an updated year. Please could you add it? Thanks a lot
@expp121 I'll merge this. You can add the license header in a separate PR. Thanks
Currently, rule G401 is used both for encryption and hashing algorithms, this might result in wrong categorization of a weakness.
This pull request aims to solve that problem, by splitting the rule into two separate ones(G401, G405).
Rule G401 is now responsible for only checking hashing algorithms such as MD5 and SHA1. Code containing those algorithms is flagged with CWE-328.
And the new rule G405 is responsible for checking encryption algorithms such as DES and RC4. And it flags code containing them with CWE-327.
closes #1158