merge #2
merge #2
37 new issues (0 max.) of at least minor severity.
Annotations
Check warning on line 9 in byteutil/byteutil.go
codacy-production / Codacy Static Code Analysis
byteutil/byteutil.go#L9
Do not use `math/rand`. Use `crypto/rand` instead.
Check warning on line 16 in byteutil/byteutil.go
codacy-production / Codacy Static Code Analysis
byteutil/byteutil.go#L16
Detected MD5 hash algorithm which is considered insecure.
Check failure on line 30 in byteutil/conv.go
codacy-production / Codacy Static Code Analysis
byteutil/conv.go#L30
The `unsafe` package in Go allows low-level access to memory management features.
Check failure on line 56 in cliutil/cmdline/parser.go
codacy-production / Codacy Static Code Analysis
cliutil/cmdline/parser.go#L56
Detected non-static command inside Command.
Check failure on line 56 in cliutil/cmdline/parser.go
codacy-production / Codacy Static Code Analysis
cliutil/cmdline/parser.go#L56
OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.
Check warning on line 3 in dump/_examples/go.mod
codacy-production / Codacy Static Code Analysis
dump/_examples/go.mod#L3
Insecure dependency [email protected] (CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header) (update to 1.18.4)
Check notice on line 3 in dump/_examples/go.mod
codacy-production / Codacy Static Code Analysis
dump/_examples/go.mod#L3
Insecure dependency [email protected] (CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add) (update to 1.18.3)
Check warning on line 107 in encodes/hashutil/hashutil.go
codacy-production / Codacy Static Code Analysis
encodes/hashutil/hashutil.go#L107
Detected SHA1 hash algorithm which is considered insecure.
Check warning on line 3 in go.mod
codacy-production / Codacy Static Code Analysis
go.mod#L3
Insecure dependency [email protected] (CVE-2022-41717: golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests) (update to 1.19.4)
Check failure on line 45 in internal/comfunc/sysfunc.go
codacy-production / Codacy Static Code Analysis
internal/comfunc/sysfunc.go#L45
Detected non-static command inside Command.
Check failure on line 45 in internal/comfunc/sysfunc.go
codacy-production / Codacy Static Code Analysis
internal/comfunc/sysfunc.go#L45
OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.
Check failure on line 133 in reflects/util.go
codacy-production / Codacy Static Code Analysis
reflects/util.go#L133
The `unsafe` package in Go allows low-level access to memory management features.
Check failure on line 150 in reflects/util.go
codacy-production / Codacy Static Code Analysis
reflects/util.go#L150
The `unsafe` package in Go allows low-level access to memory management features.
Check failure on line 341 in strutil/convert.go
codacy-production / Codacy Static Code Analysis
strutil/convert.go#L341
The `unsafe` package in Go allows low-level access to memory management features.
Check failure on line 353 in strutil/convert.go
codacy-production / Codacy Static Code Analysis
strutil/convert.go#L353
The `unsafe` package in Go allows low-level access to memory management features.
Check warning on line 5 in strutil/gensn.go
codacy-production / Codacy Static Code Analysis
strutil/gensn.go#L5
Do not use `math/rand`. Use `crypto/rand` instead.
Check warning on line 6 in strutil/random_nonwin.go
codacy-production / Codacy Static Code Analysis
strutil/random_nonwin.go#L6
Do not use `math/rand`. Use `crypto/rand` instead.
Check warning on line 7 in strutil/random_windows.go
codacy-production / Codacy Static Code Analysis
strutil/random_windows.go#L7
Do not use `math/rand`. Use `crypto/rand` instead.
Check failure on line 54 in strutil/random_windows.go
codacy-production / Codacy Static Code Analysis
strutil/random_windows.go#L54
The `unsafe` package in Go allows low-level access to memory management features.
Check failure on line 193 in sysutil/clipboard/clipboard.go
codacy-production / Codacy Static Code Analysis
sysutil/clipboard/clipboard.go#L193
Detected non-static command inside Command.
Check failure on line 193 in sysutil/clipboard/clipboard.go
codacy-production / Codacy Static Code Analysis
sysutil/clipboard/clipboard.go#L193
OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.
Check failure on line 50 in sysutil/cmdr/cmd.go
codacy-production / Codacy Static Code Analysis
sysutil/cmdr/cmd.go#L50
OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.
Check failure on line 57 in sysutil/cmdr/cmd.go
codacy-production / Codacy Static Code Analysis
sysutil/cmdr/cmd.go#L57
Detected non-static command inside Command.
Check failure on line 49 in sysutil/sysutil_unix.go
codacy-production / Codacy Static Code Analysis
sysutil/sysutil_unix.go#L49
Detected non-static command inside Command.
Check failure on line 49 in sysutil/sysutil_unix.go
codacy-production / Codacy Static Code Analysis
sysutil/sysutil_unix.go#L49
OS command injection is a critical vulnerability that can lead to a full system compromise as it may allow an adversary to pass in arbitrary commands or arguments to be executed.