From 5ebb79ff4fa7573cf2e103d23dd841886d6414e6 Mon Sep 17 00:00:00 2001 From: Bogdan Drutu Date: Sat, 28 Mar 2020 09:17:11 -0700 Subject: [PATCH] Enable gosec in CI, takes ~50sec so make it separate job. Signed-off-by: Bogdan Drutu --- .circleci/config.yml | 11 +++++++++++ Makefile | 3 ++- exporter/otlpexporter/connection.go | 1 + extension/pprofextension/pprofextension.go | 2 +- go.sum | 1 + processor/attributesprocessor/attribute_hasher.go | 2 ++ testbed/testbed/child_process.go | 1 + 7 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c0fb588b76b..de3dcc45349 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -47,6 +47,9 @@ workflows: - test: requires: - setup-and-lint + - test: + requires: + - setup-and-lint - coverage: requires: - setup-and-lint @@ -143,6 +146,14 @@ jobs: command: make test - save_module_cache + gosec: + executor: golang + steps: + - attach_to_workspace + - run: + name: Golang Security Checker + command: make lint-gosec + coverage: executor: golang steps: diff --git a/Makefile b/Makefile index 79ebc5bc771..5d4f0567950 100644 --- a/Makefile +++ b/Makefile @@ -94,7 +94,8 @@ misspell-correction: .PHONY: lint-gosec lint-gosec: - $(GOSEC) -quiet -exclude=G104,G107 ./... + # TODO: Consider to use gosec from golangci-lint + time $(GOSEC) -quiet -exclude=G104 ./... .PHONY: lint-static-check lint-static-check: diff --git a/exporter/otlpexporter/connection.go b/exporter/otlpexporter/connection.go index 3a14ebd68aa..f5e66f69635 100644 --- a/exporter/otlpexporter/connection.go +++ b/exporter/otlpexporter/connection.go @@ -35,6 +35,7 @@ func (e *exporterImp) saveLastConnectError(err error) { if err != nil { errPtr = &err } + // #nosec atomic.StorePointer(&e.lastConnectErrPtr, unsafe.Pointer(errPtr)) } diff --git a/extension/pprofextension/pprofextension.go b/extension/pprofextension/pprofextension.go index 4fa0818666c..d92845c7924 100644 --- a/extension/pprofextension/pprofextension.go +++ b/extension/pprofextension/pprofextension.go @@ -17,7 +17,7 @@ package pprofextension import ( "net" "net/http" - _ "net/http/pprof" // Needed to enable the performance profiler + _ "net/http/pprof" // #nosec Needed to enable the performance profiler "os" "runtime" "runtime/pprof" diff --git a/go.sum b/go.sum index 718209e9e7c..2775699f836 100644 --- a/go.sum +++ b/go.sum @@ -969,6 +969,7 @@ github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2Ry github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M= github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada h1:WokF3GuxBeL+n4Lk4Fa8v9mbdjlrl7bHuneF4N1bk2I= github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= diff --git a/processor/attributesprocessor/attribute_hasher.go b/processor/attributesprocessor/attribute_hasher.go index 14a1777c1e3..d84aefd2dcf 100644 --- a/processor/attributesprocessor/attribute_hasher.go +++ b/processor/attributesprocessor/attribute_hasher.go @@ -15,6 +15,7 @@ package attributesprocessor import ( + // #nosec "crypto/sha1" "encoding/binary" "encoding/hex" @@ -58,6 +59,7 @@ func SHA1AttributeHahser(attr *tracepb.AttributeValue) *tracepb.AttributeValue { var hashed string if len(val) > 0 { + // #nosec h := sha1.New() h.Write(val) val = h.Sum(nil) diff --git a/testbed/testbed/child_process.go b/testbed/testbed/child_process.go index 0ebc2aca2ea..e4e6100dca8 100644 --- a/testbed/testbed/child_process.go +++ b/testbed/testbed/child_process.go @@ -146,6 +146,7 @@ func (cp *childProcess) start(params startParams) error { log.Printf("Writing %s log to %s", cp.name, params.logFilePath) // Prepare to start the process. + // #nosec cp.cmd = exec.Command(params.cmd, params.cmdArgs...) // Capture standard output and standard error.