Skip to content

Commit

Permalink
update gosec (#561)
Browse files Browse the repository at this point in the history
* update gosec

* update

* update

* update
  • Loading branch information
magodo authored Sep 5, 2024
1 parent ee37f13 commit d593fa6
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 5 deletions.
8 changes: 3 additions & 5 deletions .github/workflows/pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,14 @@ jobs:
gosec:
name: gosec
runs-on: ubuntu-latest
env:
GOFLAGS: '-buildvcs=false'
steps:
- name: Checkout Source
uses: actions/checkout@v3

- name: Run Gosec Security Scanner
# This is due to https://github.com/securego/gosec/issues/1105
# Per https://github.com/securego/gosec/issues/1105#issuecomment-1948225619, the issue occurs since 2.19.0.
# The commit that updates the GH action to 2.19.0 is d13d7dac9b7e2b40e86be5b830d297816376f1db
# It's parent commit is 26e57d6b340778c2983cd61775bc7e8bb41d002a
uses: securego/gosec@26e57d6b340778c2983cd61775bc7e8bb41d002a
uses: securego/[email protected]
with:
args: './...'

Expand Down
4 changes: 4 additions & 0 deletions flag.go
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@ func initTelemetryClient(subscriptionId string) telemetry.Client {
func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {
clientId := f.flagClientId
if path := f.flagClientIdFilePath; path != "" {
// #nosec G304
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading Client ID from file %q: %v", path, err)
Expand All @@ -292,6 +293,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {

clientSecret := f.flagClientSecret
if path := f.flagClientSecretFilePath; path != "" {
// #nosec G304
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading Client secret from file %q: %v", path, err)
Expand All @@ -301,6 +303,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {

clientCertEncoded := f.flagClientCertificate
if path := f.flagClientCertificatePath; path != "" {
// #nosec G304
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading Client certificate from file %q: %v", path, err)
Expand All @@ -310,6 +313,7 @@ func (f FlagSet) buildAuthConfig() (*config.AuthConfig, error) {

oidcToken := f.flagOIDCToken
if path := f.flagOIDCTokenFilePath; path != "" {
// #nosec G304
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading OIDC token from file %q: %v", path, err)
Expand Down
1 change: 1 addition & 0 deletions internal/meta/base_meta.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@ func NewBaseMeta(cfg config.CommonConfig) (*baseMeta, error) {
os.Setenv("AZURE_HTTP_USER_AGENT", cfg.AzureSDKClientOption.Telemetry.ApplicationID)

// Disable AzureRM provider's enahnced validation, which will cause RP listing, that is expensive.
// #nosec G104
os.Setenv("ARM_PROVIDER_ENHANCED_VALIDATION", "false")

outputFileNames := cfg.OutputFileNames
Expand Down
2 changes: 2 additions & 0 deletions internal/ui/ui.go
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ func (m model) logoView() string {
}

func importErrorView(m model) string {
// #nosec G115
return m.importerrormsg.Item.TFResourceId + "\n\n" + common.ErrorMsgStyle.Render(wordwrap.WrapString(m.importerrormsg.Item.ImportError.Error(), uint(m.winsize.Width-indentLevel)))
}

Expand All @@ -273,5 +274,6 @@ func summaryView(m model) string {
}

func errorView(m model) string {
// #nosec G115
return common.ErrorMsgStyle.Render(wordwrap.WrapString(m.err.Error(), uint(m.winsize.Width-indentLevel)))
}
1 change: 1 addition & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -512,6 +512,7 @@ func main() {
}

path := strings.TrimPrefix(arg, "@")
// #nosec G304
f, err := os.Open(path)
if err != nil {
return fmt.Errorf("failed to open file %q: %v", path, err)
Expand Down

0 comments on commit d593fa6

Please sign in to comment.