Skip to content

Commit

Permalink
Add Security Scanners (#171)
Browse files Browse the repository at this point in the history
  • Loading branch information
milkrage authored Jun 27, 2024
1 parent ac846be commit 7b58634
Show file tree
Hide file tree
Showing 8 changed files with 134 additions and 54 deletions.
21 changes: 0 additions & 21 deletions .github/workflows/golangci-lint.yml

This file was deleted.

73 changes: 73 additions & 0 deletions .github/workflows/secure.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Secure

on: push

jobs:
# Sample GitHub Actions:
# https://semgrep.dev/docs/semgrep-ci/sample-ci-configs#sample-github-actions-configuration-file
#
# CLI Reference:
# https://semgrep.dev/docs/cli-reference
semgrep:
runs-on: ubuntu-24.04
container:
image: semgrep/semgrep
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- run: semgrep scan --sarif --output=semgrep.sarif --error --severity=WARNING
env:
SEMGREP_RULES: >-
p/command-injection
p/comment
p/cwe-top-25
p/default
p/gitlab
p/gitleaks
p/golang
p/gosec
p/insecure-transport
p/owasp-top-ten
p/r2c-best-practices
p/r2c-bug-scan
p/r2c-security-audit
p/secrets
p/security-audit
p/sql-injection
p/xss
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: semgrep.sarif
if: always()

# Samples GitHub Actions:
# https://github.com/aquasecurity/trivy-action
trivy:
runs-on: ubuntu-24.04
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: aquasecurity/trivy-action@master
with:
scan-type: fs
format: sarif
output: trivy.sarif
exit-code: 0 # Change this after all events have resolved.
severity: MEDIUM,CRITICAL,HIGH
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy.sarif
if: always()

# Samples GitHub Actions:
# https://github.com/golang/govulncheck-action
govulncheck:
runs-on: ubuntu-24.04
steps:
- uses: golang/govulncheck-action@v1
with:
go-version-file: go.mod
19 changes: 0 additions & 19 deletions .github/workflows/tests.yml

This file was deleted.

36 changes: 36 additions & 0 deletions .github/workflows/verify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Verify

on: push

jobs:
tests:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- run: go test -v ./...

golangci-lint:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- uses: golangci/golangci-lint-action@v6
with:
version: v1.53.3
install-mode: goinstall
working-directory: selvpcclient

tidy:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- run: go mod tidy -v
- run: git diff --exit-code
7 changes: 0 additions & 7 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ linters:
fast: false
enable:
- asciicheck
- deadcode
- depguard
- dogsled
- errcheck
Expand All @@ -21,29 +20,23 @@ linters:
- gofumpt
- goheader
- goimports
- golint
- gomodguard
- goprintffuncname
- gosimple
- govet
- ineffassign
- interfacer
- maligned
- misspell
- nakedret
- noctx
- nolintlint
- prealloc
- rowserrcheck
- scopelint
- sqlclosecheck
- staticcheck
- structcheck
- stylecheck
- typecheck
- unconvert
- unused
- varcheck
- whitespace

linters-settings:
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module github.com/selectel/go-selvpcclient/v3

go 1.20
go 1.21

require (
github.com/google/go-querystring v1.1.0
github.com/gophercloud/gophercloud v1.5.0
github.com/gophercloud/gophercloud v1.10.0
)
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/gophercloud/gophercloud v1.5.0 h1:cDN6XFCLKiiqvYpjQLq9AiM7RDRbIC9450WpPH+yvXo=
github.com/gophercloud/gophercloud v1.5.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gophercloud/gophercloud v1.10.0 h1:watRMsaMDlSLuLkpLeLSQ87yvcuwIajNg6A5uLcjoIU=
github.com/gophercloud/gophercloud v1.10.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
Expand Down
24 changes: 21 additions & 3 deletions selvpcclient/testutils/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package testutils

import (
"encoding/json"
"fmt"
"html/template"
"io"
"net/http"
"reflect"
Expand Down Expand Up @@ -41,7 +41,16 @@ func HandleReqWithoutBody(t *testing.T, opts *HandleReqOpts) {
opts.Mux.HandleFunc(opts.URL, func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "application/json")
w.WriteHeader(opts.Status)
fmt.Fprint(w, opts.RawResponse)

tpl, err := template.New("template").Parse(opts.RawResponse)
if err != nil {
t.Fatalf("unable to parse template: %v", err)
}

err = tpl.Execute(w, nil)
if err != nil {
t.Fatalf("unable to write response: %v", err)
}

if r.Method != opts.Method {
t.Fatalf("expected %s method but got %s", opts.Method, r.Method)
Expand Down Expand Up @@ -91,7 +100,16 @@ func HandleReqWithBody(t *testing.T, opts *HandleReqOpts) {

w.Header().Add("Content-Type", "application/json")
w.WriteHeader(opts.Status)
fmt.Fprint(w, opts.RawResponse)

tpl, err := template.New("template").Parse(opts.RawResponse)
if err != nil {
t.Fatalf("unable to parse template: %v", err)
}

err = tpl.Execute(w, nil)
if err != nil {
t.Fatalf("unable to write response: %v", err)
}

var expectedRequest interface{}
err = json.Unmarshal([]byte(opts.RawRequest), &expectedRequest)
Expand Down

0 comments on commit 7b58634

Please sign in to comment.