gosec
gosec copied to clipboard
cosmos
See https://github.com/crypto-com/cosmos-sdk-codeql which attempts to catch similar patterns like: ``` - query: src/bech32-constants.ql - query: src/beginendblock-panic.ql - query: src/floating-point-ops.ql - query: src/map-iteration.ql - query: src/sensitive-import.ql - query: src/system-time.ql ```
### Summary We should rename the repository cosmosec or cosmossec or csec (short is nice I suppose) and then break the "fork" and make a release, so that we can...
I've just seen this report for G701 for code already in the rules themselbves ```shell [/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:39] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)...
The purpose of this issue is to ask if we are being pedantic about some of these imports: If we look at https://github.com/informalsystems/gosec/blob/a284576b08668f2835734b359b27faea587a98b1/rules/sdk/blocklist.go#L71-L78 we can see a bunch of critical...