From 1f8d66a35178ce784f99050b07c3def4fc934049 Mon Sep 17 00:00:00 2001 From: Oleksandr Milushev Date: Fri, 12 Jun 2020 11:41:15 +0300 Subject: [PATCH] DEVOPS-4242 Enable gosec (#30) --- Dockerfile | 6 ++++++ pkg/clients/grpc_client/grpc_client.go | 4 ++-- pkg/event_selector/iterator.go | 1 + pkg/extra_fields/extra_fields.go | 2 +- pkg/extra_fields/helpers.go | 4 ++-- pkg/file_watcher/watcher.go | 2 +- pkg/geo/geo.go | 4 ++-- pkg/gzip_hash_reader/gzip_hash_reader.go | 10 +++++----- pkg/metricbuilder/metricbuilder.go | 1 + 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8627c9d..df913b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,9 @@ FROM golang:1.12.7 AS builder ENV GO111MODULE on ENV BASE_DIR /go/src/data-go +# Install gosec +RUN wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/bin v2.3.0 + # Warming modules cache with project dependencies WORKDIR ${BASE_DIR} COPY go.mod go.sum ./ @@ -13,6 +16,9 @@ RUN go mod download # Copy project source code to WORKDIR COPY . . +# Run gosec +RUN gosec ./... + # Run tests and build on success RUN go test -v ./... diff --git a/pkg/clients/grpc_client/grpc_client.go b/pkg/clients/grpc_client/grpc_client.go index 50b758f..01e7aa2 100644 --- a/pkg/clients/grpc_client/grpc_client.go +++ b/pkg/clients/grpc_client/grpc_client.go @@ -90,7 +90,7 @@ func (c *GrpcClient) SendEvents(iterator types.EventIterator) (confirmedCnt uint } if err != nil { close(waitc) - stream.CloseSend() + _ = stream.CloseSend() logger.Get().Errorf("Failed to receive GRPC server response: %v", err) return } @@ -120,7 +120,7 @@ func (c *GrpcClient) SendEvents(iterator types.EventIterator) (confirmedCnt uint if srcErr := iterator.Err(); srcErr != nil { srcErr = types.NewErrClientRequest(srcErr.Error()) } - stream.CloseSend() + _ = stream.CloseSend() <-waitc } logger.Get().Debugf("Finished streaming. Lines: %d, confirmedLines: %d, LastConfirmedOffset: %d, err: %s", cnt, confirmedCnt, lastConfirmedOffset, err) diff --git a/pkg/event_selector/iterator.go b/pkg/event_selector/iterator.go index 9aefc96..d409f0f 100644 --- a/pkg/event_selector/iterator.go +++ b/pkg/event_selector/iterator.go @@ -50,6 +50,7 @@ func (ei *EventIterator) Next() bool { if ei.entry.Topic == es.TargetTopic { continue } + /* #nosec */ if checkEventSelection(message, &es) { selectedEvent := &types.Event{} *selectedEvent = *ei.entry diff --git a/pkg/extra_fields/extra_fields.go b/pkg/extra_fields/extra_fields.go index 9e67534..8f91d38 100644 --- a/pkg/extra_fields/extra_fields.go +++ b/pkg/extra_fields/extra_fields.go @@ -32,7 +32,7 @@ type ExtraFields struct { func (f *ExtraFields) GeoOrigin(req *http.Request) { ip := GetIPAdress(req) - f.fromISP(req, ip) + _ = f.fromISP(req, ip) if geoSet.Get(ip.String()) == "af" && IsCloudfront(req) == 1 { return } diff --git a/pkg/extra_fields/helpers.go b/pkg/extra_fields/helpers.go index 74e3ece..2abfe87 100644 --- a/pkg/extra_fields/helpers.go +++ b/pkg/extra_fields/helpers.go @@ -96,7 +96,7 @@ func loadCityDB(panicOnFail bool) { cityMux.Lock() if cityDB != nil { logger.Get().Debug("Closing old cityDB") - cityDB.Close() + _ = cityDB.Close() } cityDB = tmpDB cityMux.Unlock() @@ -115,7 +115,7 @@ func loadIspDB(panicOnFail bool) { ispMux.Lock() if ispDB != nil { logger.Get().Debug("Closing old ispDB") - ispDB.Close() + _ = ispDB.Close() } ispDB = tmpDB ispMux.Unlock() diff --git a/pkg/file_watcher/watcher.go b/pkg/file_watcher/watcher.go index d1f7ed6..aa7f114 100644 --- a/pkg/file_watcher/watcher.go +++ b/pkg/file_watcher/watcher.go @@ -28,7 +28,7 @@ func New(file string, callback func(file string)) (*T, error) { if err != nil { return nil, err } - w.watcher.Add(filepath.Dir(absPath)) + _ = w.watcher.Add(filepath.Dir(absPath)) if err != nil { return nil, err diff --git a/pkg/geo/geo.go b/pkg/geo/geo.go index 3668bad..7fd0312 100644 --- a/pkg/geo/geo.go +++ b/pkg/geo/geo.go @@ -128,7 +128,7 @@ func (g *Geo) FromBytes(data []byte) *Geo { logger.Get().Warnf("Could not parse IP from geo file %s: %s", g.GeoFile, recordParts[0]) continue } - ranger.Insert(cidranger.NewBasicRangerEntry(*ipNet)) + _ = ranger.Insert(cidranger.NewBasicRangerEntry(*ipNet)) rangers[string(recordParts[1])] = ranger } else { logger.Get().Warnf("Malformed geo record in %s: %s", g.GeoFile, ipline) @@ -198,7 +198,7 @@ func ReadFile(filename string) (*[]byte, error) { return nil, err } - data, err := ioutil.ReadFile(filename) + data, err := ioutil.ReadFile(filepath.Clean(filename)) if err != nil { return nil, err diff --git a/pkg/gzip_hash_reader/gzip_hash_reader.go b/pkg/gzip_hash_reader/gzip_hash_reader.go index 2055a76..d4f626d 100644 --- a/pkg/gzip_hash_reader/gzip_hash_reader.go +++ b/pkg/gzip_hash_reader/gzip_hash_reader.go @@ -2,7 +2,7 @@ package gzip_hash_reader import ( "compress/gzip" - "crypto/md5" + "crypto/md5" // #nosec "github.com/anchorfree/data-go/pkg/logger" "hash" "io" @@ -22,7 +22,7 @@ type GzipHashReader struct { func NewGzipHashReader(inp io.Reader) (r *GzipHashReader, err error) { r = new(GzipHashReader) r.bytesRead = 0 - r.checksum = md5.New() + r.checksum = md5.New() // #nosec r.pipeReader, r.pipeWriter = io.Pipe() r.teeReader = io.TeeReader(inp, r.pipeWriter) r.waitGroup.Add(1) @@ -51,9 +51,9 @@ func (r *GzipHashReader) BytesRead() int64 { } func (r *GzipHashReader) Close() { - r.pipeWriter.Close() - r.pipeReader.Close() - r.gzipReader.Close() + _ = r.pipeWriter.Close() + _ = r.pipeReader.Close() + _ = r.gzipReader.Close() } func (r *GzipHashReader) Sum() [md5.Size]byte { diff --git a/pkg/metricbuilder/metricbuilder.go b/pkg/metricbuilder/metricbuilder.go index 462e86d..5a84dd4 100644 --- a/pkg/metricbuilder/metricbuilder.go +++ b/pkg/metricbuilder/metricbuilder.go @@ -142,6 +142,7 @@ func isCountableTopic(topic string, mConfig *MetricProps) bool { func updateMetric(message []byte, topic string) { for metricName, metricConf := range metricConfigs { + /* #nosec */ if !isCountableTopic(topic, &metricConf) { continue }