Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more 'signatures' to the lintList #1

Open
automatesecurity opened this issue Jul 13, 2017 · 1 comment
Open

Add more 'signatures' to the lintList #1

automatesecurity opened this issue Jul 13, 2017 · 1 comment
Assignees
@automatesecurity

Comments

@automatesecurity
Copy link
Owner

The lintList is very basic right now and doesn't add much value. We need to expand the list so the script can identify more potential strings that can be interpreted as potentially risky methods.
@automatesecurity automatesecurity self-assigned this Jul 13, 2017
@automatesecurity
Copy link
Owner Author

Ideas for additional signature candidates include warnings around:

  • setenv UID, USER, and HOME usage
  • symbolic linking
  • hardcoded secrets
  • use of tmp instead of mktemp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@automatesecurity automatesecurity

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@automatesecurity