Chore: revise some of the gosec rules (#16713)

pkg/cmd/grafana-cli/commands/install_command.go

@@ -144,7 +144,7 @@ func downloadFile(pluginName, filePath, url string) (err error) {
 		}
 	}()
 
-	resp, err := http.Get(url)
+	resp, err := http.Get(url) // #nosec
 	if err != nil {
 		return err
 	}
@@ -167,7 +167,7 @@ func extractFiles(body []byte, pluginName string, filePath string) error {
 		newFile := path.Join(filePath, RemoveGitBuildFromName(pluginName, zf.Name))
 
 		if zf.FileInfo().IsDir() {
-			err := os.Mkdir(newFile, 0777)
+			err := os.Mkdir(newFile, 0755)
 			if permissionsError(err) {
 				return fmt.Errorf(permissionsDeniedMessage, newFile)
 			}

pkg/services/notifications/codes.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/Unknwon/com"
+
 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 )

scripts/backend-lint.sh

@@ -39,4 +39,7 @@ exit_if_fail go vet ./pkg/...
 exit_if_fail revive -formatter stylish -config ./scripts/revive.toml
 
 # TODO recheck the rules and leave only necessary exclusions
-#exit_if_fail gosec -quiet -exclude=G104,G107,G201,G202,G204,G301,G302,G304,G402,G501,G505,G401 ./pkg/...
+# exit_if_fail gosec -quiet \
+#  -exclude=G104,G107,G201,G202,G204,G301,G304,G401,G402,G501 \
+#  -conf=./scripts/gosec.json \
+#  ./pkg/...

scripts/gosec.json

@@ -0,0 +1,4 @@
+{
+  "G302": "0660",
+  "G301": "0755"
+}