remove global exclusion for G108,G114 and add nosec in code (#404)

aws · Apr 5, 2024 · 46e5466 · 46e5466
1 parent c899086
commit 46e5466
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 5 deletions.
diff --git a/.github/workflows/presubmit.yaml b/.github/workflows/presubmit.yaml
@@ -67,5 +67,5 @@ jobs:
       - name: Install `gosec`
         run: go install github.com/securego/gosec/v2/cmd/gosec@latest
       - name: Run Gosec Security Scanner
-        run: ~/go/bin/gosec -exclude-dir test -exclude-generated -severity medium -exclude=G108,G114 ./...
+        run: ~/go/bin/gosec -exclude-dir test -exclude-generated -severity medium ./...
 
diff --git a/main.go b/main.go
@@ -17,7 +17,7 @@ import (
 	"flag"
 	"fmt"
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" // #nosec G108
 	"os"
 	"time"
 
@@ -194,8 +194,7 @@ func main() {
 	if enableProfiling {
 		// To use the profiler - https://golang.org/pkg/net/http/pprof/
 		go func() {
-			setupLog.Info("starting profiler",
-				"error", http.ListenAndServe("localhost:6060", nil))
+			setupLog.Info("starting profiler", "error", http.ListenAndServe("localhost:6060", nil)) // #nosec G114
 		}()
 	}
 

diff --git a/pkg/resource/introspect.go b/pkg/resource/introspect.go
@@ -46,7 +46,7 @@ func (i *IntrospectHandler) Start(_ context.Context) error {
 	mux.HandleFunc(GetResourcesSummaryPath, i.ResourceSummaryHandler)
 
 	// Should this be a fatal error?
-	err := http.ListenAndServe(i.BindAddress, mux)
+	err := http.ListenAndServe(i.BindAddress, mux) // #nosec G114
 	if err != nil {
 		i.Log.Error(err, "failed to run introspect API")
 	}