From 4e8cdb081ad87abe5c9910aba25c948f28cee6e7 Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Wed, 29 Apr 2020 15:13:26 +0200 Subject: [PATCH 1/2] Fix a couple of typos and remove an unused constant. --- docs/rules/g104_unchecked_erros.md | 2 +- docs/rules/g107_url_arg_to_http_request_as_taint_input.md | 4 ++-- website/core/Footer.js | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/rules/g104_unchecked_erros.md b/docs/rules/g104_unchecked_erros.md index 6964193..c747db4 100644 --- a/docs/rules/g104_unchecked_erros.md +++ b/docs/rules/g104_unchecked_erros.md @@ -3,7 +3,7 @@ id: g104 title: G104: Audit errors not checked --- -Really useful feature of Golang is the ability to return a tuple of a result and an error value from a function. There is an unspoken rule in Golang that the result of a function is unsafe until you make check the error value. Many security exploits can be performed when the error value is not checked. +A really useful feature of Golang is the ability to return a tuple of a result and an error value from a function. There is an unspoken rule in Golang that the result of a function is unsafe until you make check the error value. Many security exploits can be performed when the error value is not checked. ## Example code: diff --git a/docs/rules/g107_url_arg_to_http_request_as_taint_input.md b/docs/rules/g107_url_arg_to_http_request_as_taint_input.md index 1dc80ae..011f39e 100644 --- a/docs/rules/g107_url_arg_to_http_request_as_taint_input.md +++ b/docs/rules/g107_url_arg_to_http_request_as_taint_input.md @@ -3,10 +3,10 @@ id: g107 title: G107: Url provided to HTTP request as taint input --- -Getting an URL from an untrusted source like user input gives the ability of an attacker to redirect your application to bad websites and perform additional attacks. +Getting a URL from an untrusted source like user input gives the ability of an attacker to redirect your application to bad websites and perform additional attacks. One of the examples is as shown below the [http.Get()](https://golang.org/pkg/net/http/#Client.Get) function issues a GET to the specified URL and if the result is appropriate GET will follow the redirect after calling Client's CheckRedirect function. That means that the attacker can send your application to various places. -This problem can be used to achieve [SSRF](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/) atttacks via http requests with variable url. +This problem can be used to achieve [SSRF](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/) attacks via http requests with variable url. ## Example problematic code: diff --git a/website/core/Footer.js b/website/core/Footer.js index f8cbff6..5fc4faa 100644 --- a/website/core/Footer.js +++ b/website/core/Footer.js @@ -19,7 +19,6 @@ class Footer extends React.Component { } render() { - const currentYear = new Date().getFullYear(); return (