Skip to content

feat: added gosec G104#3610

Closed
amarps wants to merge 5 commits intostackrox:masterfrom
amarps:add_gosec_g104
Closed

feat: added gosec G104#3610
amarps wants to merge 5 commits intostackrox:masterfrom
amarps:add_gosec_g104

Conversation

@amarps
Copy link

@amarps amarps commented Oct 28, 2022
edited
Loading

Description

Related to #3545, added gosec G104

Checklist

  • Investigated and inspected CI test results
  • Unit test and regression tests added
  • Evaluated and added CHANGELOG entry if required
  • Determined and documented upgrade steps
  • Documented user facing changes (create PR based on openshift/openshift-docs and merge into rhacs-docs)

If any of these don't apply, please comment below.

@openshift-ci
Copy link

openshift-ci bot commented Oct 28, 2022

Hi @amarps. Thanks for your PR.

I'm waiting for a stackrox member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@github-actions github-actions bot added the external-contributor To put on issues and PRs from external contributors label Oct 28, 2022
@janisz
Copy link
Contributor

janisz commented Oct 28, 2022

/ok-to-test

@janisz janisz mentioned this pull request Oct 28, 2022
Open
34 tasks
janisz
janisz requested changes Oct 28, 2022
View reviewed changes
Copy link
Contributor

@janisz janisz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is failing

@ghost
Copy link

ghost commented Oct 28, 2022
edited by ghost
Loading

Images are ready for the commit at b6e2b1c.

To use with deploy scripts, first export MAIN_IMAGE_TAG=3.72.x-450-gb6e2b1c11e.

@amarps
Copy link
Author

amarps commented Oct 30, 2022

i can't run golangci-lint run locally on this project. im using go version go1.19.2 windows/amd64

level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\fsutils\\utils.go:30:19: Statfs_t not declared by package syscall"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\fsutils\\utils.go:31:20: Statfs not declared by package syscall"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\globaldb\\v2backuprestore\\backup\\generators\\dbs\\bolt.go:9:2: could not import github.com/stackrox/rox/pkg/odirect (-: build constraints exclude all Go files in C:\\code\\opensources\\stackrox\\pkg\\odirect)"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\globaldb\\export\\restore.go:17:2: could not import github.com/stackrox/rox/pkg/odirect (-: build constraints exclude all Go files in C:\\code\\opensources\\stackrox\\pkg\\odirect)"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\globaldb\\v2backuprestore\\formats\\roxdbv1\\bolt.go:10:2: could not import github.com/stackrox/rox/pkg/odirect (-: build constraints exclude all Go files in C:\\code\\opensources\\stackrox\\pkg\\odirect)"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\main.go:417:21: Kill not declared by package syscall"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\compliance\\collection\\file\\file.go:220:28: Stat_t not declared by package syscall"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\compliance\\collection\\file\\file.go:221:28: Stat_t not declared by package syscall"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\migrator\\compact\\compact.go:117:20: undeclared name: mmapFlags"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\sensor\\admission-control\\main.go:49:27: SIGTERM not declared by package unix"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\sensor\\admission-control\\main.go:49:41: SIGINT not declared by package unix"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\sensor\\admission-control\\main.go:122:19: SIGTERM not declared by package unix"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\sensor\\kubernetes\\main.go:38:41: SIGTERM not declared by package unix"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\cluster\\datastore\\datastore_impl.go:514:14: invalid operation: cannot compare ds.cm != nil (operator != not defined on untyped nil)"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\compliance\\datastore\\test\\datastore_test.go:40:12: undeclared name: DataStore"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\central\\compliance\\datastore\\test\\datastore_test.go:153:12: undeclared name: DataStore"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\dackbox\\tests\\cached_search_test.go:103:15: undeclared name: NewCachedSearcher"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\dackbox\\tests\\cached_search_test.go:120:15: undeclared name: NewCachedSearcher"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\dackbox\\tests\\cached_search_test.go:137:15: undeclared name: NewCachedSearcher"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\rocksdb\\rocksdb.go:22:8: could not import C (cgo preprocessing failed)"
level=error msg="[linters_context] typechecking error: C:\\code\\opensources\\stackrox\\pkg\\rocksdb\\close_test.go:36:17: db.Get undefined (type *RocksDB has no field or method Get)"
level=error msg="[linters_context] typechecking error: C:\\Program Files\\Go\\src\\runtime\\cgo\\cgo.go:33:8: could not import C (cgo preprocessing failed)"
level=warning msg="[runner] Can't run linter goanalysis_metalinter: buildir: failed to load package gorocksdb: could not load export data: no export data for \"github.com/tecbot/gorocksdb\""
level=error msg="Running error: 1 error occurred:\n\t* can't run linter goanalysis_metalinter: buildir: failed to load package gorocksdb: could not load export data: no export data for \"github.com/tecbot/gorocksdb\"\n\n"```

@amarps amarps requested review from a team as code owners October 30, 2022 11:22
@amarps
Copy link
Author

amarps commented Nov 1, 2022

/retest

1 similar comment
@janisz
Copy link
Contributor

janisz commented Nov 2, 2022

/retest

janisz
janisz reviewed Nov 2, 2022
View reviewed changes
central/activecomponent/updater/updater_impl.go

result, ok := u.executableCache.Get(update.ImageID)
if !ok {
//#nosec G104
Copy link
Contributor

@janisz janisz Nov 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should have a follow up PR to replace utils.Should with function that does not return error. Adding #nosec directives makes no sense

Copy link
Contributor

@parametalol parametalol Nov 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are tens of places where the return value is used. So there are two options: either implement two functions (Should without return value and ShouldErr with return value), or change the occurrences in this PR to _ = utils.Should(... instead of the comments.

@janisz janisz requested review from a team and parametalol November 2, 2022 11:02
@openshift-ci
Copy link

openshift-ci bot commented Nov 2, 2022

@amarps: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-postgres-upgrade-tests b6e2b1c link false /test gke-postgres-upgrade-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

janisz
janisz requested changes Nov 7, 2022
View reviewed changes
Copy link
Contributor

@janisz janisz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is failing

@parametalol parametalol mentioned this pull request Nov 16, 2022
Merged
5 tasks
@parametalol
Copy link
Contributor

parametalol commented Nov 16, 2022

Please rebase to master as #3830 has been merged.

@parametalol parametalol mentioned this pull request Nov 29, 2022
Merged
5 tasks
@janisz
Copy link
Contributor

janisz commented Nov 29, 2022

Fixed by #3936

@janisz janisz closed this Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janisz janisz janisz requested changes

@parametalol parametalol Awaiting requested review from parametalol

Assignees

No one assigned

Labels

external-contributor To put on issues and PRs from external contributors hacktoberfest-accepted ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amarps @janisz @parametalol