Chore: Implement gosec (#16261)

See https://github.com/securego/gosec for more info. Disabled a lot of rules. I guess we should go through them and recheck if we really need to disable some Fixes #16204
2025-02-09 23:16:16 -06:00 · 2019-03-28 14:17:07 +01:00 · 2019-03-28 14:17:07 +01:00 · 1d955a8762
commit 1d955a8762
parent ad939b0583
2 changed files with 5 additions and 1 deletions
--- a/pkg/components/imguploader/gcsuploader.go
+++ b/pkg/components/imguploader/gcsuploader.go
@ -14,7 +14,7 @@ import (
 )

 const (
-	tokenUrl  string = "https://www.googleapis.com/auth/devstorage.read_write"
+	tokenUrl  string = "https://www.googleapis.com/auth/devstorage.read_write" // #nosec
 	uploadUrl string = "https://www.googleapis.com/upload/storage/v1/b/%s/o?uploadType=media&name=%s&predefinedAcl=publicRead"
 )

--- a/scripts/backend-lint.sh
+++ b/scripts/backend-lint.sh
@ -20,6 +20,7 @@ go get -u github.com/mdempsky/unconvert
 go get -u github.com/opennota/check/cmd/varcheck
 go get -u honnef.co/go/tools/cmd/staticcheck
 go get -u github.com/mgechev/revive
+go get -u github.com/securego/gosec/cmd/gosec/...

 exit_if_fail gometalinter --enable-gc --vendor --deadline 10m --disable-all \
  --enable=deadcode \
@ -33,3 +34,6 @@ exit_if_fail gometalinter --enable-gc --vendor --deadline 10m --disable-all \

 exit_if_fail go vet ./pkg/...
 exit_if_fail revive -formatter stylish -config ./conf/revive.toml
+
+# TODO recheck the rules and leave only necessary exclusions
+exit_if_fail gosec -quiet -exclude=G104,G107,G201,G202,G204,G301,G302,G304,G402,G501,G505,G401 ./pkg/...