update gosec

Azure · Sep 5, 2024 · 641012e · 641012e
1 parent ee37f13
commit 641012e
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 5 deletions.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -24,11 +24,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Gosec Security Scanner
-        # This is due to https://github.com/securego/gosec/issues/1105
-        # Per https://github.com/securego/gosec/issues/1105#issuecomment-1948225619, the issue occurs since 2.19.0.
-        # The commit that updates the GH action to 2.19.0 is d13d7dac9b7e2b40e86be5b830d297816376f1db
-        # It's parent commit is 26e57d6b340778c2983cd61775bc7e8bb41d002a
-        uses: securego/gosec@26e57d6b340778c2983cd61775bc7e8bb41d002a
+        uses: securego/[email protected]
         with:
           args: './...'
 

diff --git a/flag.go b/flag.go
@@ -283,6 +283,7 @@ func initTelemetryClient(subscriptionId string) telemetry.Client {
 func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {
 	clientId := f.flagClientId
 	if path := f.flagClientIdFilePath; path != "" {
+		// #nosec G304
 		b, err := os.ReadFile(path)
 		if err != nil {
 			return nil, fmt.Errorf("reading Client ID from file %q: %v", path, err)
@@ -292,6 +293,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {
 
 	clientSecret := f.flagClientSecret
 	if path := f.flagClientSecretFilePath; path != "" {
+		// #nosec G304
 		b, err := os.ReadFile(path)
 		if err != nil {
 			return nil, fmt.Errorf("reading Client secret from file %q: %v", path, err)
@@ -301,6 +303,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {
 
 	clientCertEncoded := f.flagClientCertificate
 	if path := f.flagClientCertificatePath; path != "" {
+		// #nosec G304
 		b, err := os.ReadFile(path)
 		if err != nil {
 			return nil, fmt.Errorf("reading Client certificate from file %q: %v", path, err)
@@ -310,6 +313,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {
 
 	oidcToken := f.flagOIDCToken
 	if path := f.flagOIDCTokenFilePath; path != "" {
+		// #nosec G304
 		b, err := os.ReadFile(path)
 		if err != nil {
 			return nil, fmt.Errorf("reading OIDC token from file %q: %v", path, err)

diff --git a/internal/meta/base_meta.go b/internal/meta/base_meta.go
@@ -180,6 +180,7 @@ func NewBaseMeta(cfg config.CommonConfig) (*baseMeta, error) {
 	os.Setenv("AZURE_HTTP_USER_AGENT", cfg.AzureSDKClientOption.Telemetry.ApplicationID)
 
 	// Disable AzureRM provider's enahnced validation, which will cause RP listing, that is expensive.
+	// #nosec G104
 	os.Setenv("ARM_PROVIDER_ENHANCED_VALIDATION", "false")
 
 	outputFileNames := cfg.OutputFileNames

diff --git a/internal/ui/ui.go b/internal/ui/ui.go
@@ -265,6 +265,7 @@ func (m model) logoView() string {
 }
 
 func importErrorView(m model) string {
+	// #nosec G115
 	return m.importerrormsg.Item.TFResourceId + "\n\n" + common.ErrorMsgStyle.Render(wordwrap.WrapString(m.importerrormsg.Item.ImportError.Error(), uint(m.winsize.Width-indentLevel)))
 }
 
@@ -273,5 +274,6 @@ func summaryView(m model) string {
 }
 
 func errorView(m model) string {
+	// #nosec G115
 	return common.ErrorMsgStyle.Render(wordwrap.WrapString(m.err.Error(), uint(m.winsize.Width-indentLevel)))
 }
diff --git a/main.go b/main.go
@@ -512,6 +512,7 @@ func main() {
 						}
 
 						path := strings.TrimPrefix(arg, "@")
+						// #nosec G304
 						f, err := os.Open(path)
 						if err != nil {
 							return fmt.Errorf("failed to open file %q: %v", path, err)