From 641012e8e2c793bc9c77a8dafc7d3fc0ad4d50e6 Mon Sep 17 00:00:00 2001 From: magodo Date: Thu, 5 Sep 2024 10:01:34 +0800 Subject: [PATCH] update gosec --- .github/workflows/pr.yaml | 6 +----- flag.go | 4 ++++ internal/meta/base_meta.go | 1 + internal/ui/ui.go | 2 ++ main.go | 1 + 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 796c41c..dbfb08c 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -24,11 +24,7 @@ jobs: uses: actions/checkout@v3 - name: Run Gosec Security Scanner - # This is due to https://github.com/securego/gosec/issues/1105 - # Per https://github.com/securego/gosec/issues/1105#issuecomment-1948225619, the issue occurs since 2.19.0. - # The commit that updates the GH action to 2.19.0 is d13d7dac9b7e2b40e86be5b830d297816376f1db - # It's parent commit is 26e57d6b340778c2983cd61775bc7e8bb41d002a - uses: securego/gosec@26e57d6b340778c2983cd61775bc7e8bb41d002a + uses: securego/gosec@v2.21.1 with: args: './...' diff --git a/flag.go b/flag.go index 0a79ffb..dc40eca 100644 --- a/flag.go +++ b/flag.go @@ -283,6 +283,7 @@ func initTelemetryClient(subscriptionId string) telemetry.Client { func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) { clientId := f.flagClientId if path := f.flagClientIdFilePath; path != "" { + // #nosec G304 b, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("reading Client ID from file %q: %v", path, err) @@ -292,6 +293,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) { clientSecret := f.flagClientSecret if path := f.flagClientSecretFilePath; path != "" { + // #nosec G304 b, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("reading Client secret from file %q: %v", path, err) @@ -301,6 +303,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) { clientCertEncoded := f.flagClientCertificate if path := f.flagClientCertificatePath; path != "" { + // #nosec G304 b, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("reading Client certificate from file %q: %v", path, err) @@ -310,6 +313,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) { oidcToken := f.flagOIDCToken if path := f.flagOIDCTokenFilePath; path != "" { + // #nosec G304 b, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("reading OIDC token from file %q: %v", path, err) diff --git a/internal/meta/base_meta.go b/internal/meta/base_meta.go index 45dc1f8..dd4d316 100644 --- a/internal/meta/base_meta.go +++ b/internal/meta/base_meta.go @@ -180,6 +180,7 @@ func NewBaseMeta(cfg config.CommonConfig) (*baseMeta, error) { os.Setenv("AZURE_HTTP_USER_AGENT", cfg.AzureSDKClientOption.Telemetry.ApplicationID) // Disable AzureRM provider's enahnced validation, which will cause RP listing, that is expensive. + // #nosec G104 os.Setenv("ARM_PROVIDER_ENHANCED_VALIDATION", "false") outputFileNames := cfg.OutputFileNames diff --git a/internal/ui/ui.go b/internal/ui/ui.go index 3a235be..2f7fde8 100644 --- a/internal/ui/ui.go +++ b/internal/ui/ui.go @@ -265,6 +265,7 @@ func (m model) logoView() string { } func importErrorView(m model) string { + // #nosec G115 return m.importerrormsg.Item.TFResourceId + "\n\n" + common.ErrorMsgStyle.Render(wordwrap.WrapString(m.importerrormsg.Item.ImportError.Error(), uint(m.winsize.Width-indentLevel))) } @@ -273,5 +274,6 @@ func summaryView(m model) string { } func errorView(m model) string { + // #nosec G115 return common.ErrorMsgStyle.Render(wordwrap.WrapString(m.err.Error(), uint(m.winsize.Width-indentLevel))) } diff --git a/main.go b/main.go index 58045f3..41881b7 100644 --- a/main.go +++ b/main.go @@ -512,6 +512,7 @@ func main() { } path := strings.TrimPrefix(arg, "@") + // #nosec G304 f, err := os.Open(path) if err != nil { return fmt.Errorf("failed to open file %q: %v", path, err)