[CI] Enable gosec linter (#979)
* fix tee append * convert DB table names from var to const * fixed file modes * ignored gosec where relevant and safepull/980/head^2
parent
87053c9312
commit
c13196a86e
|
@ -21,6 +21,7 @@ linters:
|
||||||
- gofmt
|
- gofmt
|
||||||
- goimports
|
- goimports
|
||||||
- golint
|
- golint
|
||||||
|
- gosec
|
||||||
- interfacer
|
- interfacer
|
||||||
- maligned
|
- maligned
|
||||||
- misspell
|
- misspell
|
||||||
|
|
|
@ -57,7 +57,7 @@ func runCommand(cmd string, args ...string) {
|
||||||
|
|
||||||
func checkCommandExist(cmd string) {
|
func checkCommandExist(cmd string) {
|
||||||
fmt.Print("Checking if '" + cmd + "' command is installed...")
|
fmt.Print("Checking if '" + cmd + "' command is installed...")
|
||||||
command := exec.Command("bash", "-c", "command -v "+cmd)
|
command := exec.Command("bash", "-c", "command -v "+cmd) //nolint:gosec // Used only in development.
|
||||||
err := command.Run()
|
err := command.Run()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -127,15 +127,24 @@ func prepareHostsFile() {
|
||||||
modified = true
|
modified = true
|
||||||
}
|
}
|
||||||
|
|
||||||
err = ioutil.WriteFile("/tmp/authelia/hosts", []byte(strings.Join(lines, "\n")), 0644)
|
fd, err := ioutil.TempFile("/tmp/authelia/", "hosts")
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = fd.Write([]byte(strings.Join(lines, "\n")))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if modified {
|
if modified {
|
||||||
bootstrapPrintln("/etc/hosts needs to be updated")
|
bootstrapPrintln("/etc/hosts needs to be updated")
|
||||||
shell("cat /tmp/authelia/hosts | sudo tee -a /etc/hosts > /dev/null")
|
shell(fmt.Sprintf("cat %s | sudo tee /etc/hosts > /dev/null", fd.Name()))
|
||||||
|
}
|
||||||
|
|
||||||
|
err = fd.Close()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func createRunningSuiteFile(suite string) error {
|
func createRunningSuiteFile(suite string) error {
|
||||||
return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0644)
|
return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0600)
|
||||||
}
|
}
|
||||||
|
|
||||||
func removeRunningSuiteFile() error {
|
func removeRunningSuiteFile() error {
|
||||||
|
|
|
@ -166,7 +166,7 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
|
||||||
p.lock.Unlock()
|
p.lock.Unlock()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
err = ioutil.WriteFile(p.configuration.Path, b, 0644)
|
err = ioutil.WriteFile(p.configuration.Path, b, 0644) //nolint:gosec // Fixed in future PR.
|
||||||
p.lock.Unlock()
|
p.lock.Unlock()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,11 +3,11 @@ package storage
|
||||||
import "fmt"
|
import "fmt"
|
||||||
|
|
||||||
// Keep table names in lower case because some DB does not support upper case.
|
// Keep table names in lower case because some DB does not support upper case.
|
||||||
var preferencesTableName = "user_preferences"
|
const preferencesTableName = "user_preferences"
|
||||||
var identityVerificationTokensTableName = "identity_verification_tokens"
|
const identityVerificationTokensTableName = "identity_verification_tokens"
|
||||||
var totpSecretsTableName = "totp_secrets"
|
const totpSecretsTableName = "totp_secrets"
|
||||||
var u2fDeviceHandlesTableName = "u2f_devices"
|
const u2fDeviceHandlesTableName = "u2f_devices"
|
||||||
var authenticationLogsTableName = "authentication_logs"
|
const authenticationLogsTableName = "authentication_logs"
|
||||||
|
|
||||||
// SQLCreateUserPreferencesTable common SQL query to create user_preferences table.
|
// SQLCreateUserPreferencesTable common SQL query to create user_preferences table.
|
||||||
var SQLCreateUserPreferencesTable = fmt.Sprintf(`
|
var SQLCreateUserPreferencesTable = fmt.Sprintf(`
|
|
@ -9,7 +9,7 @@ import (
|
||||||
func NewHTTPClient() *http.Client {
|
func NewHTTPClient() *http.Client {
|
||||||
tr := &http.Transport{
|
tr := &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true, //nolint:gosec // Needs to be enabled in suites. Not used in production.
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return &http.Client{
|
return &http.Client{
|
||||||
|
|
|
@ -25,7 +25,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
|
||||||
s.Assert().NoError(err)
|
s.Assert().NoError(err)
|
||||||
|
|
||||||
tr := &http.Transport{
|
tr := &http.Transport{
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec // Needs to be enabled in suites. Not used in production.
|
||||||
}
|
}
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
Transport: tr,
|
Transport: tr,
|
||||||
|
|
Loading…
Reference in New Issue