William Woodruff
William Woodruff
For inspiration: I don't know how GitHub did it, but the UI for modifying GHSA entries is incredibly nice. For example: https://github.com/advisories/GHSA-p6h9-gw49-rqm4/improve (I looks Markdown driven, but I'm not sure...
If you want to go the extra mile, IMO we should publish this on PyPI (`rattle` is already taken, but maybe `rattle-evm`?) and include the `pip install ...` instructions in...
Thanks @bonafideduck! I'll take a look at this in a bit.
Thanks for submitting this. I think we're going to pass on the `-d` functionality for now, at least until Winchecksec provides lower-maintenance APIs for implementing it. Otherwise, your changes look...
> I wish you would reconsider. Although visible in the json, statements like something not being possible on 64 bits in an easily readable format saves a lot of time....
@bonafideduck No problem! I'll raise this internally today and see if we can come up with a solution.
> Can the check be removed or at least have the documentation show a deprecated flag? Yeah, adding a deprecated note sounds good to me. I'm happy to accept a...
Something slightly annoying: GitHub's SARIF support requires `physicalLocation`, but `physicalLocation` is nonsense for Winchecksec: we're testing for compiler-introduced mitigations that don't exist anywhere in the source code.
I'm not sure I understand: does `winchecksec *.{exe,dll}` not work for you? We check every file passed into us, so a normal glob should work just fine. Could you make...
Could you make sure you ran the right glob? It needs to be `*.{exe,dll}` **not** `.{exe,dll}` -- the latter expands to `.exe .dll`, which probably won't match any real files....