[CI] Enable gosec linter (#979)

* fix tee append
* convert DB table names from var to const
* fixed file modes
* ignored gosec where relevant and safe
pull/980/head^2
James Elliott 2020-05-05 17:57:30 +10:00 committed by GitHub
parent 87053c9312
commit c13196a86e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 22 additions and 12 deletions

View File

@ -21,6 +21,7 @@ linters:
- gofmt - gofmt
- goimports - goimports
- golint - golint
- gosec
- interfacer - interfacer
- maligned - maligned
- misspell - misspell

View File

@ -57,7 +57,7 @@ func runCommand(cmd string, args ...string) {
func checkCommandExist(cmd string) { func checkCommandExist(cmd string) {
fmt.Print("Checking if '" + cmd + "' command is installed...") fmt.Print("Checking if '" + cmd + "' command is installed...")
command := exec.Command("bash", "-c", "command -v "+cmd) command := exec.Command("bash", "-c", "command -v "+cmd) //nolint:gosec // Used only in development.
err := command.Run() err := command.Run()
if err != nil { if err != nil {
@ -127,15 +127,24 @@ func prepareHostsFile() {
modified = true modified = true
} }
err = ioutil.WriteFile("/tmp/authelia/hosts", []byte(strings.Join(lines, "\n")), 0644) fd, err := ioutil.TempFile("/tmp/authelia/", "hosts")
if err != nil {
panic(err)
}
_, err = fd.Write([]byte(strings.Join(lines, "\n")))
if err != nil { if err != nil {
panic(err) panic(err)
} }
if modified { if modified {
bootstrapPrintln("/etc/hosts needs to be updated") bootstrapPrintln("/etc/hosts needs to be updated")
shell("cat /tmp/authelia/hosts | sudo tee -a /etc/hosts > /dev/null") shell(fmt.Sprintf("cat %s | sudo tee /etc/hosts > /dev/null", fd.Name()))
}
err = fd.Close()
if err != nil {
panic(err)
} }
} }

View File

@ -61,7 +61,7 @@ func main() {
} }
func createRunningSuiteFile(suite string) error { func createRunningSuiteFile(suite string) error {
return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0644) return ioutil.WriteFile(runningSuiteFile, []byte(suite), 0600)
} }
func removeRunningSuiteFile() error { func removeRunningSuiteFile() error {

View File

@ -166,7 +166,7 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
p.lock.Unlock() p.lock.Unlock()
return err return err
} }
err = ioutil.WriteFile(p.configuration.Path, b, 0644) err = ioutil.WriteFile(p.configuration.Path, b, 0644) //nolint:gosec // Fixed in future PR.
p.lock.Unlock() p.lock.Unlock()
return err return err
} }

View File

@ -3,11 +3,11 @@ package storage
import "fmt" import "fmt"
// Keep table names in lower case because some DB does not support upper case. // Keep table names in lower case because some DB does not support upper case.
var preferencesTableName = "user_preferences" const preferencesTableName = "user_preferences"
var identityVerificationTokensTableName = "identity_verification_tokens" const identityVerificationTokensTableName = "identity_verification_tokens"
var totpSecretsTableName = "totp_secrets" const totpSecretsTableName = "totp_secrets"
var u2fDeviceHandlesTableName = "u2f_devices" const u2fDeviceHandlesTableName = "u2f_devices"
var authenticationLogsTableName = "authentication_logs" const authenticationLogsTableName = "authentication_logs"
// SQLCreateUserPreferencesTable common SQL query to create user_preferences table. // SQLCreateUserPreferencesTable common SQL query to create user_preferences table.
var SQLCreateUserPreferencesTable = fmt.Sprintf(` var SQLCreateUserPreferencesTable = fmt.Sprintf(`

View File

@ -9,7 +9,7 @@ import (
func NewHTTPClient() *http.Client { func NewHTTPClient() *http.Client {
tr := &http.Transport{ tr := &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true, //nolint:gosec // Needs to be enabled in suites. Not used in production.
}, },
} }
return &http.Client{ return &http.Client{

View File

@ -25,7 +25,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
s.Assert().NoError(err) s.Assert().NoError(err)
tr := &http.Transport{ tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec // Needs to be enabled in suites. Not used in production.
} }
client := &http.Client{ client := &http.Client{
Transport: tr, Transport: tr,