Chris Smowton b9b306aade CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar ...

These can represent a username, method name or other non-sensitive component of an Authorization header. For greater precision we could split the query into one investigating Authorization headers and one investigating other sources of sensitive data that can't be sanitized by splitting this way.

2020-09-14 09:46:14 +01:00

..

CWE-020

IncompleteHostnameRegexp: Use a reluctant regexp

2020-02-19 13:04:16 -08:00

CWE-022

Fix unused variable in test.

2020-05-13 15:28:49 +01:00

CWE-078

Update data-flow libraries.

2019-12-06 12:14:53 +00:00

CWE-079

Reflected XSS query: exclude more uses of encoding/json.Marshal

2020-09-10 16:52:06 +01:00

CWE-089

Provide better strings for map and struct literals

2020-06-12 11:23:58 +01:00

CWE-190

Fix frontend errors in test.

2020-08-28 12:01:33 +01:00

CWE-295/DisabledCertificateCheck

Fix frontend errors in DisabledCertificateCheck tests.

2020-04-14 10:51:29 +01:00

CWE-312

CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar

2020-09-14 09:46:14 +01:00

CWE-322

Fix tests for InsecureHostKeyCallback.

2020-08-24 17:06:01 +01:00

CWE-327

Move CWE-327 out of experimental

2020-07-28 15:47:44 +01:00

CWE-352

Promote OAuth2 constant-state query to mainline

2020-09-02 15:05:22 +01:00

CWE-601

Add PostUpdateNodes for nested structs and arrays

2020-09-08 16:28:02 +01:00

CWE-640

Add test using hashing

2020-06-17 14:33:53 +01:00

CWE-643

Update dependency stubs

2020-05-13 10:07:14 -07:00

CWE-681

Address review comments 7

2020-08-13 18:22:58 +01:00

CWE-798

Autoformat.

2020-01-17 10:25:10 +00:00

CWE-918

Remove accidentally added binary

2020-05-20 09:19:42 -07:00