Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemented gosec as part of the testing workflow #114

Merged
merged 1 commit into from
Sep 17, 2020
Merged

Implemented gosec as part of the testing workflow #114

merged 1 commit into from
Sep 17, 2020

Conversation

mvisonneau
Copy link
Contributor

I fixed the 32 out of the 34 discovered gosec issues. Choosing to ignore the ones related to crypto/md5 as those are necessary for gravatar support.

[/terraboard/auth/auth.go:32] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
    31: 		user.Name = name
  > 32: 		user.AvatarURL = fmt.Sprintf("http://www.gravatar.com/avatar/%x", md5.Sum([]byte(email)))
    33: 	}



[/terraboard/auth/auth.go:4] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
    3: import (
  > 4: 	"crypto/md5"
    5: 	"fmt"



[/terraboard/main.go:86] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
    85: 				} else {
  > 86: 					d.InsertVersion(&v)
    87: 				}



[/terraboard/api/api.go:221] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    220: 	}
  > 221: 	io.WriteString(w, string(j))
    222: }



[/terraboard/main.go:134] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    133: 	}
  > 134: 	io.WriteString(w, string(j))
    135: }



[/terraboard/api/api.go:25] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    24: 	j, _ := json.Marshal(errObj)
  > 25: 	io.WriteString(w, string(j))
    26: }



[/terraboard/api/api.go:38] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    37: 	}
  > 38: 	io.WriteString(w, string(j))
    39: }



[/terraboard/api/api.go:53] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    52: 	}
  > 53: 	io.WriteString(w, string(j))
    54: }



[/terraboard/api/api.go:72] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    71: 	}
  > 72: 	io.WriteString(w, string(j))
    73: }



[/terraboard/api/api.go:95] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    94: 	}
  > 95: 	io.WriteString(w, string(jState))
    96: }



[/terraboard/api/api.go:109] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    108: 	}
  > 109: 	io.WriteString(w, string(jActivity))
    110: }



[/terraboard/api/api.go:133] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    132: 	}
  > 133: 	io.WriteString(w, string(jCompare))
    134: }



[/terraboard/api/api.go:150] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    149: 	}
  > 150: 	io.WriteString(w, string(j))
    151: }



[/terraboard/api/api.go:171] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    170: 	}
  > 171: 	io.WriteString(w, string(j))
    172: }



[/terraboard/api/api.go:183] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    182: 	}
  > 183: 	io.WriteString(w, string(j))
    184: }



[/terraboard/api/api.go:195] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    194: 	}
  > 195: 	io.WriteString(w, string(j))
    196: }



[/terraboard/api/api.go:207] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    206: 	}
  > 207: 	io.WriteString(w, string(j))
    208: }



[/terraboard/main.go:105] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    104: 				}
  > 105: 				d.InsertState(st, v.ID, state)
    106: 				if err != nil {



[/terraboard/api/api.go:233] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    232: 	}
  > 233: 	io.WriteString(w, string(j))
    234: }



[/terraboard/api/api.go:250] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    249: 	}
  > 250: 	io.WriteString(w, string(j))
    251: }



[/terraboard/db/db.go:88] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    87: 	} else {
  > 88: 		json.Unmarshal(src.AttrsJSON, &vals)
    89: 	}



[/terraboard/db/db.go:159] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    158: 		var version string
  > 159: 		rows.Scan(&version) // TODO: err
    160: 		versions = append(versions, version)



[/terraboard/db/db.go:225] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    224: 	row := db.Raw("SELECT count(*)"+sqlQuery, params...).Row()
  > 225: 	row.Scan(&total)
    226:



[/terraboard/db/db.go:261] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    260: 		var versionID string
  > 261: 		rows.Scan(&path, &versionID)
    262: 		statesVersions[versionID] = append(statesVersions[versionID], path)



[/terraboard/db/db.go:273] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    272: 		var state string
  > 273: 		rows.Scan(&state)
    274: 		states = append(states, state)



[/terraboard/db/db.go:306] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    305: 		r := make(map[string]string)
  > 306: 		rows.Scan(&name, &count)
    307: 		r["name"] = name



[/terraboard/db/db.go:317] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    316: 	row := db.Table("states").Select("count(DISTINCT path)").Row()
  > 317: 	row.Scan(&total)
    318:



[/terraboard/db/db.go:349] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    348: 		var t string
  > 349: 		rows.Scan(&t)
    350: 		results = append(results, t)



[/terraboard/db/db.go:370] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    369: 		r := make(map[string]string)
  > 370: 		rows.Scan(&name, &count)
    371: 		r["name"] = name



[/terraboard/db/db.go:407] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    406: 		r := make(map[string]string)
  > 407: 		rows.Scan(&name, &count)
    408: 		r["name"] = name



[/terraboard/db/db.go:444] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    443: 		var t string
  > 444: 		rows.Scan(&t)
    445: 		results = append(results, t)



[/terraboard/db/db.go:461] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    460: 	row := db.Raw(sqlQuery, path).Row()
  > 461: 	row.Scan(&version)
    462: 	return



[/terraboard/main.go:86] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    85: 				} else {
  > 86: 					d.InsertVersion(&v)
    87: 				}



[/terraboard/main.go:33] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    32: 	idxStr = util.ReplaceBasePath(idxStr, "base href=\"/\"", "base href=\"%s\"")
  > 33: 	io.WriteString(w, idxStr)
    34: }



Summary:
   Files: 14
   Lines: 2078
   Nosec: 0
  Issues: 34

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.5%) to 15.706% when pulling d9744dc on mvisonneau:gosec into aa8f1ec on camptocamp:master.

@raphink
Copy link
Contributor

raphink commented Sep 17, 2020

Thanks!

@raphink raphink merged commit a7ada9f into camptocamp:master Sep 17, 2020
@mvisonneau mvisonneau deleted the gosec branch September 17, 2020 11:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mvisonneau @coveralls @raphink