Enable static-check and add gosec (not enabled)

[bogdandrutu]

Updates #672

Need to understand how badly are the errors for gosec:

[/Users/lazy/github/opentelemetry-collector/extension/pprofextension/pprofextension.go:20] - G108 (CWE-): Profiling endpoint is automatically exposed on /debug/pprof (Confidence: HIGH, Severity: HIGH)
  > _ "net/http/pprof"


[/Users/lazy/github/opentelemetry-collector/config/test_helpers.go:30] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
  > os.Open(fileName)


[/Users/lazy/github/opentelemetry-collector/testbed/tests/scenarios.go:134] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
  > defer file.Close()


[/Users/lazy/github/opentelemetry-collector/exporter/fileexporter/factory.go:70] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
  > os.OpenFile(cfg.Path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)


[/Users/lazy/github/opentelemetry-collector/internal/data_generator/main.go:36] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
  > defer f.Close()


[/Users/lazy/github/opentelemetry-collector/testbed/testbed/child_process.go:149] - G204 (CWE-78): Subprocess launched with function call as argument or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
  > exec.Command(params.cmd, params.cmdArgs...)


[/Users/lazy/github/opentelemetry-collector/processor/attributesprocessor/attribute_hasher.go:18] - G505 (CWE-327): Blacklisted import crypto/sha1: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/sha1"


[/Users/lazy/github/opentelemetry-collector/processor/attributesprocessor/attribute_hasher.go:61] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > sha1.New()

[bogdandrutu]

Had to change this because strict-check does not like error messages that start with upper-case.

[codecov-io]

Codecov Report

Merging #677 into master will increase coverage by 0.03%.
The diff coverage is 75.00%.

@@            Coverage Diff             @@
##           master     #677      +/-   ##
==========================================
+ Coverage   75.27%   75.30%   +0.03%     
==========================================
  Files         156      156              
  Lines       11086    11084       -2     
==========================================
+ Hits         8345     8347       +2     
+ Misses       2335     2332       -3     
+ Partials      406      405       -1     

Impacted Files	Coverage Δ
exporter/exportertest/sink_exporter.go	69.23% <ø> (ø)
internal/data/common.go	53.75% <0.00%> (ø)
internal/data/metric.go	85.31% <ø> (+0.67%)	⬆️
receiver/jaegerreceiver/factory.go	98.38% <100.00%> (ø)
translator/internaldata/traces_to_oc.go	89.39% <100.00%> (ø)
translator/metrics/otlp_to_oc.go	45.83% <100.00%> (ø)
translator/internaldata/resource_to_oc.go	70.14% <0.00%> (+2.98%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6d97b82...4571d9b. Read the comment docs.

[owais]

Nice!

[tigrannajaryan]

This is great!
Please file issues for each security issue found and we will have a look.

[bogdandrutu]

@tigrannajaryan will start fixing some easy once then file issues for the remaining. I don't know what is happening with Travis the build is finished but does not update the status.

[bogdandrutu]

https://travis-ci.org/github/open-telemetry/opentelemetry-collector/builds/666494318?utm_source=github_status&utm_medium=notification