Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix G306 gosec issues #10380

Draft
wants to merge 7 commits into
base: dimitar/fix-G301
Choose a base branch
from
Draft

Fix G306 gosec issues #10380

wants to merge 7 commits into from

Conversation

dimitarvdimitrov
Copy link
Contributor

What this PR does

G306: Expect WriteFile permissions to be 0600 or less

The mimirtool commands should be ok. Makes using the tool a bit more restrictive, but linters gotta lint.

My understanding of the AM changes is that they're safe too because the files written are only used immediately after that to validate them and never again, so they'll never be used by another user. But if would be nice if someone from @grafana/mimir-ruler-and-alertmanager-maintainers can pitch in

Which issue(s) this PR fixes or relates to

Fixes #

Checklist

  • Tests updated.
  • Documentation added.
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX].
  • about-versioning.md updated with experimental features.

@dimitarvdimitrov dimitarvdimitrov requested review from a team as code owners January 8, 2025 15:09
@dimitarvdimitrov dimitarvdimitrov changed the base branch from main to dimitar/fix-G301 January 9, 2025 08:37
@dimitarvdimitrov
Fix G306 gosec issues
fb9ef29 
> G306: Expect WriteFile permissions to be 0600 or less

The mimirtool commands should be ok. Makes using the tool a bit more restrictive, but linters gotta lint.

My understanding of the AM changes is that they're safe too because the files written are only used immediately after that to validate them and never again, so they'll never be used by another user. But if would be nice if someone from AM-maintainers can pitch in

Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
Fix tests too
08a0c47 
Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
Fix more tests ???
683dcbc 
Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
Fix even more tests why wasn't this in the output of the liner the fi…
bdd8bdd 
…rst time ???

Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
More tests mate
463fa81 
Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
i'm speechless
a5d4a1c 
Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov
Update CHANGELOG.md entry
6fa1d48 
Signed-off-by: Dimitar Dimitrov <[email protected]>
@dimitarvdimitrov dimitarvdimitrov marked this pull request as draft January 10, 2025 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aknuds1 aknuds1 aknuds1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dimitarvdimitrov @aknuds1