Currently there's possiblity to make "one-liner scan" of system using curl (https://vuls.io/docs/en/usage-server.html). Issue is, that received JSON can't be displayed nicely with application, because application always want's to get the data from vulnerability DB (even there's everything needed in the JSON returned by vul

I'm using OpenNTPD instead of the default ntp on my FreeBSD server - when lynis analyses the ntp settings it tries to query information with ntpq which is (to my knowledge) is not possible with OpenNTPD.

Lynis will slow down as ntpq takes a while fail.

OS: FreeBSD 10.4
Lynis: 2.6.1 (768446e4)

[ Lynis 2.6.1 ]

####################################################################

Is your feature request related to a problem? Please describe.

The sanitize_sql method signature is designed to receive an array with ["sql template", *values] that it uses for quoting and replacing placeholders.

When a string is passed instead of an array, sanitize_sql is a no-op, and the original string is returned unchanged.

Describe the solution you'd like

Queries lik

Tracking issue for enabling UBSAN for linux on syzbot.
Moved from the discussion on a patch:
https://groups.google.com/g/syzkaller/c/Ex_s_aokx0A/m/AfzioXHEAwAJ

Things we know we need:

1. panic_on_warn support would be nice to land, but not critical.

2. If we want to selectively enable checks, then we need to wait for CONFIG_UBSAN_MISC support. @kees proposed the following config:

CO

For instance, uber random works just fine without any sort of warnings which has to be replaced with suitable warnings.

• safety version: 1.8.5
• Python version: 3.6.7
• Operating System: Ubuntu 18.04

Description

safety skips package(s) with --hash inside requirements.txt

$ cat requirements.txt
flask==0.12.1 --hash=sha256:6c3130c8927109a08225993e4e503de4ac4f2678678ae211b33b519c622a7242

What I Did

$ safety check -r requirements.txt
│ REPORT                                 

The options should_remove_source_branch and merge_when_pipeline_succeeds are parsed from the configfile.

https://github.com/pyupio/pyup/blob/8178ca204ebbac71d94198e8a4ef89e828ef0908/pyup/config.py#L163

I can’t find anything about them (or any gitlab-specific config-options) in the documentation.

New test script idea

What TLS message this idea relates to?

ClientHello

What TLS extension this idea relates to?

signature_algorithms

What is the behaviour the test script should test?

RFC 8446, section B.3.1.3 and B.3.1.4 describe values, marked as obsolete_RESERVED that MUST NOT be offered or negotiated by TLS 1.3 implementations.

Check that presence of those