Fix HIGH and MED severity gosec warnings

- ignore LOW severity gosec warnings
loyispa · Jun 30, 2021 · 56e39c6 · 56e39c6
1 parent c6be60f
commit 56e39c6
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -220,7 +220,7 @@ gosec: gosec
 	docker run --rm -t \
 		-w /mtail \
 		-v $(CURDIR):/mtail \
-		securego/gosec /mtail/...
+		securego/gosec --exclude=G104 /mtail/...
 
 
 ###

diff --git a/cmd/mdot/main.go b/cmd/mdot/main.go
@@ -25,6 +25,7 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 
 	"github.com/golang/glog"
@@ -131,7 +132,7 @@ func (d *dotter) VisitAfter(node ast.Node) ast.Node {
 }
 
 func makeDot(name string, w io.Writer) error {
-	f, err := os.Open(name)
+	f, err := os.Open(filepath.Clean(name))
 	if err != nil {
 		return err
 	}

diff --git a/cmd/mgen/main.go b/cmd/mgen/main.go
@@ -95,6 +95,7 @@ func rand(n int) (r int) {
 		a, _ := crand.Int(crand.Reader, big.NewInt(int64(n)))
 		r = int(a.Int64())
 	} else {
+		/* #nosec G404 */
 		r = mrand.Intn(n)
 	}
 	return

diff --git a/internal/runtime/runtime.go b/internal/runtime/runtime.go
@@ -114,7 +114,7 @@ func (r *Runtime) LoadProgram(programPath string) error {
 		glog.V(2).Infof("Skipping %s due to file extension.", programPath)
 		return nil
 	}
-	f, err := os.OpenFile(programPath, os.O_RDONLY, 0600)
+	f, err := os.OpenFile(filepath.Clean(programPath), os.O_RDONLY, 0600)
 	if err != nil {
 		ProgLoadErrors.Add(name, 1)
 		return errors.Wrapf(err, "Failed to read program %q", programPath)

diff --git a/internal/testutil/fs.go b/internal/testutil/fs.go
@@ -6,6 +6,7 @@ package testutil
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 )
 
@@ -27,7 +28,7 @@ func TestTempDir(tb testing.TB) string {
 // TestOpenFile creates a new file called name and returns the opened file.
 func TestOpenFile(tb testing.TB, name string) *os.File {
 	tb.Helper()
-	f, err := os.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
+	f, err := os.OpenFile(filepath.Clean(name), os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
 	if err != nil {
 		tb.Fatal(err)
 	}
@@ -37,7 +38,7 @@ func TestOpenFile(tb testing.TB, name string) *os.File {
 // OpenLogFile creates a new file that emulates being a log.
 func OpenLogFile(tb testing.TB, name string) *os.File {
 	tb.Helper()
-	f, err := os.OpenFile(name, os.O_CREATE|os.O_TRUNC|os.O_WRONLY|os.O_APPEND, 0600)
+	f, err := os.OpenFile(filepath.Clean(name), os.O_CREATE|os.O_TRUNC|os.O_WRONLY|os.O_APPEND, 0600)
 	if err != nil {
 		tb.Fatal(err)
 	}