Cosmin Cojocar
Cosmin Cojocar
### Summary Write a package which implements various primitives for data flow analysis. This package can be used by the rules to perform taint analysis, or other security checks. [godoctor/analysis](https://github.com/godoctor/godoctor/tree/master/analysis)...
### Summary There is a recent vulnerability which was reported in encoding/xml package. See https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ and https://github.com/mattermost/xml-roundtrip-validator/tree/master/advisories for more details. It doesn't seem to be entirely mitigated in the upcoming...
### Summary Create a rule to detect the usage of insecure tmplate.HTML, CSS, HTMLAttr, JS, JSStr, Sercset types. They are documented as a security risk. See https://golang.org/pkg/html/template/#HTML. Also see this...
### Summary Some imports are currently blocked-listed by hard-coding them in various blockedlist rules. https://github.com/securego/gosec/blob/36a82ea85e59163446547798563e24ee8d5a27c7/rules/blacklist.go#L50 https://github.com/securego/gosec/blob/36a82ea85e59163446547798563e24ee8d5a27c7/rules/rulelist.go#L90 I think that it would be nice to define a generic blocklist rule which...
#### What would you like to be added: In a more security restricted environment, there is a requirement to remove the permissions for `admissionregistration.k8s.io` from `security-profile-operator` cluster role in order...
**Description** ``` $docker login Authenticating with existing credentials... Login Succeeded Logging in with your password grants your terminal complete access to your account. For better security, log in with a...
The gosec supports now besides AST based rule also [SSA analyzers](https://github.com/securego/gosec/blob/2ae137abcf405533ad6e549e9363e58e4f6e8b7d/analyzer.go#L190). The SSA code representation can be leveraged to build a taint analysis engine which can uncover more complex security...
#### What type of PR is this? /kind feature #### What this PR does / why we need it: It integrates the eBPF based AppArmor profile recorder into the API....
#### What would you like to be added: We should write a user guide for recording and installing security profiles based on use cases. This will improve the user experience...
#### What would you like to be added: It would be nice to extend the spoc CLI to install apparmor profiles into the local system. The CLI is able to...