Граф коммитов

6 Коммитов

Автор SHA1 Сообщение Дата
Dan Fiedler 7e034094d0
Add content for rule guidance containing "TO DO"s. (#617)
* Add guidance for weak random rule

* Add guidance for outdated TLS protocol

* Add guidance for XXE rule

* Add guidance for weak cipher mode rule

* Point disabled cert validation rules at complete guidance

* Add guidance for DPAPI entropy rule

* Use existing HTTPS guidance for Ruby rule

* Add guidance for strncat rule

* Add guidance for strncpy rule

* Add guidance for 3DES rule

* Add guidance for C gets rule

* Add guidance for C strcat rule

* Add guidance for C strcpy rule

* Add guidance for C malloc rule

* Add guidance for banned C function rule

* Add guidance for InitializeSecurityContext rule

* Add guidance for PowerShell restricted function rule

* Add guidance for NOT implementing MD5/SHA1 rule

* Add guidance for objective-c format string rule

* Add guidance for memcpy rule

* Point C++ TLS version rule to existing guidance

* Point .NET outdated SSL rule to general guidance

* Add guidance for seeding RNG with time rule

* Add guidance for mcrypt rules

* Add guidance for debug rule

* Add guidance for iOS uniqueIdentifier rule

* Add guidance for obj-c xss rule

* Add guidance for eval XSS rule

* Add guidance for hardcoded secret rule

* Add guidance for C FILE copy rule

* Add guidance for PHP file include rule

* Add guidance for ASPNET Controller rule

* Add guidance for iOS NSUserDefaults rule

* Add guidance for hashing time rule

* Remove optional encryption rule (applies to unknown tech?)

* Add test condition that guidance must have content

* Update changelog for guidance changes
2024-06-07 13:13:30 -04:00
Dan Fiedler 3e6a87ec8e
Add tests to identify rules with missing or incomplete guidance (#613)
* Add tests to identify rules with missing or incomplete guidance

* Also consider guidance with "TO DO" incomplete

* Point DES rules at same guidance

* Add guidance for .NET TLS config

* Add guidance for .NET Framework 4.7.2 rule

* Add guidance for .NET Core advisory 4021279

* Add guidance for Microsoft.IdentityModel.Tokens rule

* Add guidance for unsafe keyword rule

* Add guidance for JS setTimeout rule

* Add guidance for weak/broken hash algo rule

* Add guidance for disabling cert validation rule

* Add guidance for avoid $_REQUEST rule

* Add guidance for PHP XSS rule

* Add guidance for strlen rule

* Add guidance for Python datetime rule

* Add changelog for guidance changes

* Add debug info to guidance tests to troubleshoot CI

* Fix finding guidance for DevSkim CLI in CI
2024-05-23 16:12:31 -04:00
Cristián Rojas bfae7d8554
Guidance completion: DS126858 (#569) 2023-07-24 13:15:27 -07:00
Gabe Stocco a9d40bb6e1 Redo directory structure. 2020-01-30 18:06:29 -08:00
David Alcantar fa88618d4d Changed file structure, added extension projects 2020-01-22 16:36:25 -08:00
Josh Brown-White f585b415c3 Initial guidance checkin
Just template MDs for now, with name and summary pulled from rules
2016-12-11 17:08:44 -08:00