Fixed several gosec lints

Signed-off-by: Yinuo Deng <i@dyn.im>

cmd/dist-receiver/main.go

@@ -25,6 +25,7 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
 	b64 "encoding/base64"
 
@@ -56,11 +57,18 @@ func main() {
 	stageNow = 0
 	sig = make(chan bool)
 
+	server := &http.Server{
+        Addr:         "0.0.0.0:4002",
+        ReadTimeout:  5 * time.Second,
+        WriteTimeout: 5 * time.Second,
+        IdleTimeout:  600 * time.Second,
+    }
+
 	http.HandleFunc("/stage", stage)
 	http.HandleFunc("/next", next)
 	http.HandleFunc("/connect", connect)
 	go func() {
-		if err := http.ListenAndServe("0.0.0.0:4002", nil); err != nil {
+		if err := server.ListenAndServe(); err != nil {
 			panic(fmt.Errorf("failed to spawn command receiver: %s", err))
 		}
 	}()
@@ -115,7 +123,8 @@ func main() {
 		panic(fmt.Errorf("failed to create target directory: %s", err))
 	}
 
-	cmd := exec.Command("tar", "-C", args[4], "-xzf", args[3])
+	// the following command needs variable aurgments anyway, which will cause G204 in gosec
+	cmd := exec.Command("tar", "-C", args[4], "-xzf", args[3]) // #nosec G204
 	_, err = cmd.Output()
 	if err != nil {
 		panic(fmt.Errorf("failed to uncompress resource file: %s", err))
@@ -125,7 +134,8 @@ func main() {
 
 	<-sig
 
-	exec.Command("rm", args[3])
+	// the following command needs variable aurgments anyway, which will cause G204 in gosec
+	exec.Command("rm", args[3]) // #nosec G204
 }
 
 func createNode(ctx context.Context, repoPath string) (*core.IpfsNode, error) {

pkg/imagedistributor/p2p_distributor.go

@@ -412,7 +412,8 @@ func tarGzDirectory(sourceDir string) (string, error) {
 
 	filename := fmt.Sprintf("%s.tar.gz", name)
 
-	cmd := exec.Command("tar", "-C", sourceDir, "-czf", filename, ".")
+	// the following command needs variable aurgments anyway, which will cause G204 in gosec
+	cmd := exec.Command("tar", "-C", sourceDir, "-czf", filename, ".") // #nosec G204
 	_, err := cmd.Output()
 	if err != nil {
 		return "", fmt.Errorf("failed to compress %s: %s", sourceDir, err)

pkg/infradriver/ssh_infradriver.go

@@ -94,12 +94,12 @@ func NewInfraDriver(cluster *v2.Cluster) (InfraDriver, error) {
 	}
 
 	// initialize sshConfigs field
-	for _, host := range cluster.Spec.Hosts {
-		if err = mergo.Merge(&host.SSH, &cluster.Spec.SSH); err != nil {
+	for i, host := range cluster.Spec.Hosts {
+		if err = mergo.Merge(&cluster.Spec.Hosts[i].SSH, &cluster.Spec.SSH); err != nil {
 			return nil, err
 		}
 		for _, ip := range host.IPS {
-			ret.sshConfigs[ip.String()] = ssh.NewSSHClient(&host.SSH, true)
+			ret.sshConfigs[ip.String()] = ssh.NewSSHClient(&cluster.Spec.Hosts[i].SSH, true)
 		}
 	}
 

utils/ssh/ssh.go

@@ -88,13 +88,13 @@ func NewSSHClient(ssh *v1.SSH, alsoToStdout bool) Interface {
 
 // GetHostSSHClient is used to executed bash command and no std out to be printed.
 func GetHostSSHClient(hostIP net.IP, cluster *v2.Cluster) (Interface, error) {
-	for _, host := range cluster.Spec.Hosts {
+	for i, host := range cluster.Spec.Hosts {
 		for _, ip := range host.IPS {
 			if hostIP.Equal(ip) {
-				if err := mergo.Merge(&host.SSH, &cluster.Spec.SSH); err != nil {
+				if err := mergo.Merge(&cluster.Spec.Hosts[i].SSH, &cluster.Spec.SSH); err != nil {
 					return nil, err
 				}
-				return NewSSHClient(&host.SSH, false), nil
+				return NewSSHClient(&cluster.Spec.Hosts[i].SSH, false), nil
 			}
 		}
 	}
@@ -103,13 +103,13 @@ func GetHostSSHClient(hostIP net.IP, cluster *v2.Cluster) (Interface, error) {
 
 // NewStdoutSSHClient is used to show std out when execute bash command.
 func NewStdoutSSHClient(hostIP net.IP, cluster *v2.Cluster) (Interface, error) {
-	for _, host := range cluster.Spec.Hosts {
+	for i, host := range cluster.Spec.Hosts {
 		for _, ip := range host.IPS {
 			if hostIP.Equal(ip) {
-				if err := mergo.Merge(&host.SSH, &cluster.Spec.SSH); err != nil {
+				if err := mergo.Merge(&cluster.Spec.Hosts[i].SSH, &cluster.Spec.SSH); err != nil {
 					return nil, err
 				}
-				return NewSSHClient(&host.SSH, true), nil
+				return NewSSHClient(&cluster.Spec.Hosts[i].SSH, true), nil
 			}
 		}
 	}