DEVOPS-4242 Enable gosec (#30)

Dockerfile

@@ -5,6 +5,9 @@ FROM golang:1.12.7 AS builder
 ENV GO111MODULE on
 ENV BASE_DIR /go/src/data-go
 
+# Install gosec
+RUN wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/bin v2.3.0
+
 # Warming modules cache with project dependencies
 WORKDIR ${BASE_DIR}
 COPY go.mod go.sum ./
@@ -13,6 +16,9 @@ RUN go mod download
 # Copy project source code to WORKDIR
 COPY . .
 
+# Run gosec
+RUN gosec ./...
+
 # Run tests and build on success
 RUN go test -v ./...
 

pkg/clients/grpc_client/grpc_client.go

@@ -90,7 +90,7 @@ func (c *GrpcClient) SendEvents(iterator types.EventIterator) (confirmedCnt uint
 				}
 				if err != nil {
 					close(waitc)
-					stream.CloseSend()
+					_ = stream.CloseSend()
 					logger.Get().Errorf("Failed to receive GRPC server response: %v", err)
 					return
 				}
@@ -120,7 +120,7 @@ func (c *GrpcClient) SendEvents(iterator types.EventIterator) (confirmedCnt uint
 		if srcErr := iterator.Err(); srcErr != nil {
 			srcErr = types.NewErrClientRequest(srcErr.Error())
 		}
-		stream.CloseSend()
+		_ = stream.CloseSend()
 		<-waitc
 	}
 	logger.Get().Debugf("Finished streaming. Lines: %d, confirmedLines: %d, LastConfirmedOffset: %d, err: %s", cnt, confirmedCnt, lastConfirmedOffset, err)

pkg/event_selector/iterator.go

@@ -50,6 +50,7 @@ func (ei *EventIterator) Next() bool {
 		if ei.entry.Topic == es.TargetTopic {
 			continue
 		}
+		/* #nosec */
 		if checkEventSelection(message, &es) {
 			selectedEvent := &types.Event{}
 			*selectedEvent = *ei.entry

pkg/extra_fields/extra_fields.go

@@ -32,7 +32,7 @@ type ExtraFields struct {
 func (f *ExtraFields) GeoOrigin(req *http.Request) {
 	ip := GetIPAdress(req)
 
-	f.fromISP(req, ip)
+	_ = f.fromISP(req, ip)
 	if geoSet.Get(ip.String()) == "af" && IsCloudfront(req) == 1 {
 		return
 	}

pkg/extra_fields/helpers.go

@@ -96,7 +96,7 @@ func loadCityDB(panicOnFail bool) {
 		cityMux.Lock()
 		if cityDB != nil {
 			logger.Get().Debug("Closing old cityDB")
-			cityDB.Close()
+			_ = cityDB.Close()
 		}
 		cityDB = tmpDB
 		cityMux.Unlock()
@@ -115,7 +115,7 @@ func loadIspDB(panicOnFail bool) {
 		ispMux.Lock()
 		if ispDB != nil {
 			logger.Get().Debug("Closing old ispDB")
-			ispDB.Close()
+			_ = ispDB.Close()
 		}
 		ispDB = tmpDB
 		ispMux.Unlock()

pkg/file_watcher/watcher.go

@@ -28,7 +28,7 @@ func New(file string, callback func(file string)) (*T, error) {
 	if err != nil {
 		return nil, err
 	}
-	w.watcher.Add(filepath.Dir(absPath))
+	_ = w.watcher.Add(filepath.Dir(absPath))
 
 	if err != nil {
 		return nil, err

pkg/geo/geo.go

@@ -128,7 +128,7 @@ func (g *Geo) FromBytes(data []byte) *Geo {
 					logger.Get().Warnf("Could not parse IP from geo file %s: %s", g.GeoFile, recordParts[0])
 					continue
 				}
-				ranger.Insert(cidranger.NewBasicRangerEntry(*ipNet))
+				_ = ranger.Insert(cidranger.NewBasicRangerEntry(*ipNet))
 				rangers[string(recordParts[1])] = ranger
 			} else {
 				logger.Get().Warnf("Malformed geo record in %s: %s", g.GeoFile, ipline)
@@ -198,7 +198,7 @@ func ReadFile(filename string) (*[]byte, error) {
 		return nil, err
 	}
 
-	data, err := ioutil.ReadFile(filename)
+	data, err := ioutil.ReadFile(filepath.Clean(filename))
 
 	if err != nil {
 		return nil, err

pkg/gzip_hash_reader/gzip_hash_reader.go

@@ -2,7 +2,7 @@ package gzip_hash_reader
 
 import (
 	"compress/gzip"
-	"crypto/md5"
+	"crypto/md5" // #nosec
 	"github.com/anchorfree/data-go/pkg/logger"
 	"hash"
 	"io"
@@ -22,7 +22,7 @@ type GzipHashReader struct {
 func NewGzipHashReader(inp io.Reader) (r *GzipHashReader, err error) {
 	r = new(GzipHashReader)
 	r.bytesRead = 0
-	r.checksum = md5.New()
+	r.checksum = md5.New() // #nosec
 	r.pipeReader, r.pipeWriter = io.Pipe()
 	r.teeReader = io.TeeReader(inp, r.pipeWriter)
 	r.waitGroup.Add(1)
@@ -51,9 +51,9 @@ func (r *GzipHashReader) BytesRead() int64 {
 }
 
 func (r *GzipHashReader) Close() {
-	r.pipeWriter.Close()
-	r.pipeReader.Close()
-	r.gzipReader.Close()
+	_ = r.pipeWriter.Close()
+	_ = r.pipeReader.Close()
+	_ = r.gzipReader.Close()
 }
 
 func (r *GzipHashReader) Sum() [md5.Size]byte {

pkg/metricbuilder/metricbuilder.go

@@ -142,6 +142,7 @@ func isCountableTopic(topic string, mConfig *MetricProps) bool {
 
 func updateMetric(message []byte, topic string) {
 	for metricName, metricConf := range metricConfigs {
+		/* #nosec */
 		if !isCountableTopic(topic, &metricConf) {
 			continue
 		}