From f5a53af0d62d1927ba2c9720e9b4487e8c542cb3 Mon Sep 17 00:00:00 2001 From: sohalt Date: Tue, 14 Apr 2020 19:26:11 +0200 Subject: [PATCH 1/2] Stricter file permissions when writing /proc/sys/ipv4/ip_forward --- server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server.go b/server.go index fe2c5ee..bced999 100644 --- a/server.go +++ b/server.go @@ -124,7 +124,7 @@ func (s *Server) enableIPForward() error { if string(content) == "0\n" { log.Info("Enabling sys.net.ipv4.ip_forward") - return ioutil.WriteFile(p, []byte("1"), 0640) + return ioutil.WriteFile(p, []byte("1"), 0600) } return nil From 787808d638bb44a6c342b47d2a25c7d0e26465a2 Mon Sep 17 00:00:00 2001 From: sohalt Date: Tue, 14 Apr 2020 20:16:05 +0200 Subject: [PATCH 2/2] Fix gosec issues --- .github/workflows/pull_request.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 3371859..48467c7 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -34,7 +34,8 @@ jobs: - name: Check missing error check uses: "cedrickring/golang-action@1.4.1" with: - args: go get github.com/securego/gosec/cmd/gosec; gosec ./... # https://github.com/securego/gosec + # TODO: remove `-exclude=G110` once https://github.com/go-bindata/go-bindata/pull/50 is merged and released + args: go get github.com/securego/gosec/cmd/gosec; gosec -exclude=G110 ./... # https://github.com/securego/gosec build: runs-on: ubuntu-latest steps: @@ -46,4 +47,4 @@ jobs: sudo apt-get update -qq sudo apt-get -qq -y install buildah - name: Build the Docker image - run: buildah bud --format=docker --layers -f Dockerfile . \ No newline at end of file + run: buildah bud --format=docker --layers -f Dockerfile .