diff --git a/docs/rules/g104_unchecked_erros.md b/docs/rules/g104_unchecked_erros.md index 6964193..c747db4 100644 --- a/docs/rules/g104_unchecked_erros.md +++ b/docs/rules/g104_unchecked_erros.md @@ -3,7 +3,7 @@ id: g104 title: G104: Audit errors not checked --- -Really useful feature of Golang is the ability to return a tuple of a result and an error value from a function. There is an unspoken rule in Golang that the result of a function is unsafe until you make check the error value. Many security exploits can be performed when the error value is not checked. +A really useful feature of Golang is the ability to return a tuple of a result and an error value from a function. There is an unspoken rule in Golang that the result of a function is unsafe until you make check the error value. Many security exploits can be performed when the error value is not checked. ## Example code: diff --git a/docs/rules/g107_url_arg_to_http_request_as_taint_input.md b/docs/rules/g107_url_arg_to_http_request_as_taint_input.md index 1dc80ae..011f39e 100644 --- a/docs/rules/g107_url_arg_to_http_request_as_taint_input.md +++ b/docs/rules/g107_url_arg_to_http_request_as_taint_input.md @@ -3,10 +3,10 @@ id: g107 title: G107: Url provided to HTTP request as taint input --- -Getting an URL from an untrusted source like user input gives the ability of an attacker to redirect your application to bad websites and perform additional attacks. +Getting a URL from an untrusted source like user input gives the ability of an attacker to redirect your application to bad websites and perform additional attacks. One of the examples is as shown below the [http.Get()](https://golang.org/pkg/net/http/#Client.Get) function issues a GET to the specified URL and if the result is appropriate GET will follow the redirect after calling Client's CheckRedirect function. That means that the attacker can send your application to various places. -This problem can be used to achieve [SSRF](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/) atttacks via http requests with variable url. +This problem can be used to achieve [SSRF](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/) attacks via http requests with variable url. ## Example problematic code: diff --git a/docs/rules/g304_file-path_provided_as_taint_input.md b/docs/rules/g304_file-path_provided_as_taint_input.md index 3271ee4..7a5423c 100644 --- a/docs/rules/g304_file-path_provided_as_taint_input.md +++ b/docs/rules/g304_file-path_provided_as_taint_input.md @@ -3,7 +3,7 @@ id: g304 title: G304: File path provided as taint input --- -Trying to open a file provided as an input in a variable. The content of this variable might be controlled by an attacker who could change it to hold unauthorised file paths form the system. In this way, it is possible to exfiltrate confidential information or such. +Trying to open a file provided as an input in a variable. The content of this variable might be controlled by an attacker who could change it to hold unauthorised file paths from the system. In this way, it is possible to exfiltrate confidential information or such. ## Example problematic code: diff --git a/website/core/Footer.js b/website/core/Footer.js index f8cbff6..5fc4faa 100644 --- a/website/core/Footer.js +++ b/website/core/Footer.js @@ -19,7 +19,6 @@ class Footer extends React.Component { } render() { - const currentYear = new Date().getFullYear(); return (