Cosmin Cojocar
Cosmin Cojocar
I think on a first look that we should detect this issue, but it seems that somehow the SQL rule doesn't. This looks like a bug to me.
SQL injections rule needs a revamp to catch more advanced issue. Closing this for now.
@TimonOmsk feel free to take on this issue. Thanks
This sounds interesting. I think that is valuable for auditing code. I will be happy to receive such a contribution.
Creating a file with execute permission can lead to a RCE if the attack is able to control the input. This is not the case in the example above since...
> Do you have any suggestions for an improvement? The first two ideas that came to my mind: > Expect WriteFile permissions to be a subset of 0600 > or:...
I would to cover standard library for now. Thanks
SQL injection rule needs a revamping. Closing this for now.
The nonsec directive was refactored to be more fined-grained instead of ignoring an entire AST node.
@adambkaplan It looks like an interesting suggestion. I am happy to accept any contribution if you can put a rule together. if you need any help, we can guide you....