Security: Add gosec G304 auditing annotations (#29578)

* Security: Add gosec G304 auditing annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* add G304 auditing comment

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* space

Signed-off-by: bergquist <carl.bergquist@gmail.com>

* Add gosec annotations

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: bergquist <carl.bergquist@gmail.com>

pkg/components/imguploader/azureblobuploader.go

@@ -45,6 +45,9 @@ func (az *AzureBlobUploader) Upload(ctx context.Context, imageDiskPath string) (
 	// setup client
 	blob := NewStorageClient(az.account_name, az.account_key)
 
+	// We can ignore the gosec G304 warning on this one because `imageDiskPath` comes
+	// from alert notifiers and is only used to upload images generated by alerting.
+	// nolint:gosec
 	file, err := os.Open(imageDiskPath)
 	if err != nil {
 		return "", err

pkg/components/imguploader/gcs/gcsuploader.go

@@ -149,6 +149,10 @@ func (u *Uploader) uploadFile(
 	key string,
 ) error {
 	u.log.Debug("Opening image file", "path", imageDiskPath)
+
+	// We can ignore the gosec G304 warning on this one because `imageDiskPath` comes
+	// from alert notifiers and is only used to upload images generated by alerting.
+	// nolint:gosec
 	fileReader, err := os.Open(imageDiskPath)
 	if err != nil {
 		return err

pkg/components/imguploader/s3uploader.go

@@ -76,6 +76,9 @@ func (u *S3Uploader) Upload(ctx context.Context, imageDiskPath string) (string,
 	key := u.path + rand + pngExt
 	log.Debugf("Uploading image to s3. bucket = %s, path = %s", u.bucket, key)
 
+	// We can ignore the gosec G304 warning on this one because `imageDiskPath` comes
+	// from alert notifiers and is only used to upload images generated by alerting.
+	// nolint:gosec
 	file, err := os.Open(imageDiskPath)
 	if err != nil {
 		return "", err

pkg/components/imguploader/webdavuploader.go

@@ -45,7 +45,7 @@ func (u *WebdavUploader) PublicURL(filename string) string {
 	return publicURL.String()
 }
 
-func (u *WebdavUploader) Upload(ctx context.Context, pa string) (string, error) {
+func (u *WebdavUploader) Upload(ctx context.Context, imgToUpload string) (string, error) {
 	url, _ := url.Parse(u.url)
 	filename, err := util.GetRandomString(20)
 	if err != nil {
@@ -55,7 +55,10 @@ func (u *WebdavUploader) Upload(ctx context.Context, pa string) (string, error)
 	filename += pngExt
 	url.Path = path.Join(url.Path, filename)
 
-	imgData, err := ioutil.ReadFile(pa)
+	// We can ignore the gosec G304 warning on this one because `imgToUpload` comes
+	// from alert notifiers and is only used to upload images generated by alerting.
+	// nolint:gosec
+	imgData, err := ioutil.ReadFile(imgToUpload)
 	if err != nil {
 		return "", err
 	}