[CI] Enable gosec linter (#979)

* fix tee append
* convert DB table names from var to const
* fixed file modes
* ignored gosec where relevant and safe
This commit is contained in:
James Elliott 2020-05-05 17:57:30 +10:00 committed by GitHub
parent 87053c9312
commit c13196a86e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 22 additions and 12 deletions

View File

@ -21,6 +21,7 @@ linters:
- gofmt
- goimports
- golint
- gosec
- interfacer
- maligned
- misspell

View File

@ -57,7 +57,7 @@ func runCommand(cmd string, args ...string) {
func checkCommandExist(cmd string) {
fmt.Print("Checking if '" + cmd + "' command is installed...")
command := exec.Command("bash", "-c", "command -v "+cmd)
command := exec.Command("bash", "-c", "command -v "+cmd) //nolint:gosec // Used only in development.
err := command.Run()
if err != nil {
@ -127,15 +127,24 @@ func prepareHostsFile() {
modified = true
}
err = ioutil.WriteFile("/tmp/authelia/hosts", []byte(strings.Join(lines, "\n")), 0644)
fd, err := ioutil.TempFile("/tmp/authelia/", "hosts")
if err != nil {
panic(err)
}
_, err = fd.Write([]byte(strings.Join(lines, "\n")))
if err != nil {
panic(err)
}
if modified {
bootstrapPrintln("/etc/hosts needs to be updated")
shell("cat /tmp/authelia/hosts | sudo tee -a /etc/hosts > /dev/null")
shell(fmt.Sprintf("cat %s | sudo tee /etc/hosts > /dev/null", fd.Name()))
}
err = fd.Close()
if err != nil {
panic(err)
}
}

View File

@ -61,7 +61,7 @@ func main() {
}
func createRunningSuiteFile(suite string) error {
return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0644)
return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0600)
}
func removeRunningSuiteFile() error {

View File

@ -166,7 +166,7 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
p.lock.Unlock()
return err
}
err = ioutil.WriteFile(p.configuration.Path, b, 0644)
err = ioutil.WriteFile(p.configuration.Path, b, 0644) //nolint:gosec // Fixed in future PR.
p.lock.Unlock()
return err
}

View File

@ -3,11 +3,11 @@ package storage
import "fmt"
// Keep table names in lower case because some DB does not support upper case.
var preferencesTableName = "user_preferences"
var identityVerificationTokensTableName = "identity_verification_tokens"
var totpSecretsTableName = "totp_secrets"
var u2fDeviceHandlesTableName = "u2f_devices"
var authenticationLogsTableName = "authentication_logs"
const preferencesTableName = "user_preferences"
const identityVerificationTokensTableName = "identity_verification_tokens"
const totpSecretsTableName = "totp_secrets"
const u2fDeviceHandlesTableName = "u2f_devices"
const authenticationLogsTableName = "authentication_logs"
// SQLCreateUserPreferencesTable common SQL query to create user_preferences table.
var SQLCreateUserPreferencesTable = fmt.Sprintf(`

View File

@ -9,7 +9,7 @@ import (
func NewHTTPClient() *http.Client {
tr := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
InsecureSkipVerify: true, //nolint:gosec // Needs to be enabled in suites. Not used in production.
},
}
return &http.Client{

View File

@ -25,7 +25,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
s.Assert().NoError(err)
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec // Needs to be enabled in suites. Not used in production.
}
client := &http.Client{
Transport: tr,