Enable gosec in CI, takes ~50sec so make it separate job.

Signed-off-by: Bogdan Drutu <bogdandrutu@gmail.com>
open-telemetry · Mar 28, 2020 · 5ebb79f · 5ebb79f
1 parent f2ca459
commit 5ebb79f
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -47,6 +47,9 @@ workflows:
       - test:
           requires:
             - setup-and-lint
+      - test:
+          requires:
+            - setup-and-lint
       - coverage:
           requires:
             - setup-and-lint
@@ -143,6 +146,14 @@ jobs:
           command: make test
       - save_module_cache
 
+  gosec:
+    executor: golang
+    steps:
+      - attach_to_workspace
+      - run:
+          name: Golang Security Checker
+          command: make lint-gosec
+
   coverage:
     executor: golang
     steps:

diff --git a/Makefile b/Makefile
@@ -94,7 +94,8 @@ misspell-correction:
 
 .PHONY: lint-gosec
 lint-gosec:
-	$(GOSEC) -quiet -exclude=G104,G107 ./...
+	# TODO: Consider to use gosec from golangci-lint
+	time $(GOSEC) -quiet -exclude=G104 ./...
 
 .PHONY: lint-static-check
 lint-static-check:

diff --git a/exporter/otlpexporter/connection.go b/exporter/otlpexporter/connection.go
@@ -35,6 +35,7 @@ func (e *exporterImp) saveLastConnectError(err error) {
 	if err != nil {
 		errPtr = &err
 	}
+	// #nosec
 	atomic.StorePointer(&e.lastConnectErrPtr, unsafe.Pointer(errPtr))
 }
 

diff --git a/extension/pprofextension/pprofextension.go b/extension/pprofextension/pprofextension.go
@@ -17,7 +17,7 @@ package pprofextension
 import (
 	"net"
 	"net/http"
-	_ "net/http/pprof" // Needed to enable the performance profiler
+	_ "net/http/pprof" // #nosec Needed to enable the performance profiler
 	"os"
 	"runtime"
 	"runtime/pprof"

diff --git a/go.sum b/go.sum
@@ -969,6 +969,7 @@ github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2Ry
 github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M=
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada h1:WokF3GuxBeL+n4Lk4Fa8v9mbdjlrl7bHuneF4N1bk2I=
 github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=

diff --git a/processor/attributesprocessor/attribute_hasher.go b/processor/attributesprocessor/attribute_hasher.go
@@ -15,6 +15,7 @@
 package attributesprocessor
 
 import (
+	// #nosec
 	"crypto/sha1"
 	"encoding/binary"
 	"encoding/hex"
@@ -58,6 +59,7 @@ func SHA1AttributeHahser(attr *tracepb.AttributeValue) *tracepb.AttributeValue {
 
 	var hashed string
 	if len(val) > 0 {
+		// #nosec
 		h := sha1.New()
 		h.Write(val)
 		val = h.Sum(nil)

diff --git a/testbed/testbed/child_process.go b/testbed/testbed/child_process.go
@@ -146,6 +146,7 @@ func (cp *childProcess) start(params startParams) error {
 	log.Printf("Writing %s log to %s", cp.name, params.logFilePath)
 
 	// Prepare to start the process.
+	// #nosec
 	cp.cmd = exec.Command(params.cmd, params.cmdArgs...)
 
 	// Capture standard output and standard error.