Merge pull request #37 from edixos/hotfix/security

Hotfix security concerns

.github/workflows/ci.yml

@@ -10,31 +10,31 @@ jobs:
   commit_lint:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v2
+      - uses: wagoid/commitlint-github-action@v3
         with:
           firstParent: true
   golangci:
     name: lint
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2.3.0
+        uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.45.2
+          version: v1.52.2
           only-new-issues: false
-          args: --timeout 2m --config .golangci.yml
+          args: --timeout 5m --config .golangci.yml
   diff:
     name: diff
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: '1.19'
       - run: make installer

.golangci.yml

@@ -19,6 +19,14 @@ linters-settings:
 linters:
   enable-all: true
   disable:
+    - nonamedreturns
+    - exhaustruct
+    - contextcheck
+    - ifshort
+    - nosnakecase
+    - structcheck
+    - varcheck
+    - deadcode
     - funlen
     - gochecknoinits
     - lll
@@ -38,7 +46,7 @@ linters:
     - gci
 
 service:
-  golangci-lint-version: 1.45.2
+  golangci-lint-version: 1.52.2
 
 run:
   skip-files:

Makefile

@@ -114,7 +114,7 @@ apidoc: apidocs-gen ## Generate CRD Documentation
 
 GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
 golangci-lint: ## Download golangci-lint locally if necessary.
-	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2)
 
 # Linting code as PR is expecting
 .PHONY: golint

controllers/namespace.go

@@ -11,10 +11,7 @@ import (
 )
 
 func (s *SpaceReconciler) reconcileNamespace(ctx context.Context, space *nauticusiov1alpha1.Space) (err error) {
-	namespace, err := s.newNamespace(space)
-	if err != nil {
-		return err
-	}
+	namespace := s.newNamespace(space)
 
 	err = s.syncNamespace(ctx, namespace, space)
 
@@ -57,15 +54,15 @@ func (s *SpaceReconciler) syncNamespace(ctx context.Context, namespace *corev1.N
 	return err
 }
 
-func (s *SpaceReconciler) newNamespace(space *nauticusiov1alpha1.Space) (*corev1.Namespace, error) {
+func (s *SpaceReconciler) newNamespace(space *nauticusiov1alpha1.Space) *corev1.Namespace {
 	namespace := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:   s.namespaceName(space),
 			Labels: space.Labels,
 		},
 	}
 
-	return namespace, nil
+	return namespace
 }
 
 func (s *SpaceReconciler) namespaceName(space *nauticusiov1alpha1.Space) string {

controllers/rbac.go

@@ -35,7 +35,7 @@ func (s *SpaceReconciler) reconcileAdditionalRoleBindings(ctx context.Context, s
 			return fmt.Errorf("unable to fill the ownerreference for the additional rolebindings")
 		}
 
-		return s.syncRoleBinding(ctx, additionalRoleBinding, space, ad.RoleRef, ad.Subjects)
+		err = s.syncRoleBinding(ctx, additionalRoleBinding, space, ad.RoleRef, ad.Subjects)
 	}
 
 	return err

controllers/reconciler.go

@@ -135,8 +135,8 @@ func (s *SpaceReconciler) reconcileSpace(ctx context.Context, space *nauticusiov
 
 func (s *SpaceReconciler) reconcileDelete(ctx context.Context, space *nauticusiov1alpha1.Space) (result reconcile.Result, err error) {
 	if controllerutil.ContainsFinalizer(space, NauticusFinalizer) {
-		namespace, _ := s.newNamespace(space)
-		err = s.Client.Delete(ctx, namespace)
+		namespace := s.newNamespace(space)
+		_ = s.Client.Delete(ctx, namespace)
 
 		// remove our finalizer from the list and update it.
 		controllerutil.RemoveFinalizer(space, NauticusFinalizer)
@@ -146,5 +146,5 @@ func (s *SpaceReconciler) reconcileDelete(ctx context.Context, space *nauticusio
 		}
 	}
 	// Stop reconciliation as the item is being deleted
-	return ctrl.Result{}, nil
+	return ctrl.Result{}, err
 }

controllers/space_controller.go

@@ -64,7 +64,6 @@ type SpaceReconciler struct {
 // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.13.1/pkg/reconcile
 func (s *SpaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := s.Log.WithValues("space", req.NamespacedName)
-	ctx = context.TODO()
 
 	// Fetch the Space instance
 	space := &nauticusiov1alpha1.Space{}

controllers/utils.go

@@ -65,24 +65,6 @@ func (s *SpaceReconciler) setSpaceCondition(space *v1alpha1.Space, observedGener
 	s.Log.WithName(space.GetName()).Info("Setting lastTransitionTime for Space condition ", space.GetObjectMeta().GetName(), nowTime.Time)
 }
 
-// Only the Type and Status field will be used in the comparison, meaning that
-// this function will return 'true' even if the Reason, Message and
-// LastTransitionTime fields do not match.
-func (s *SpaceReconciler) spaceHasCondition(space *v1alpha1.Space, c metav1.Condition) bool {
-	if space == nil {
-		return false
-	}
-
-	existingConditions := space.Status.Conditions
-	for _, cond := range existingConditions {
-		if c.Type == cond.Type && c.Status == cond.Status {
-			return true
-		}
-	}
-
-	return false
-}
-
 func (s *SpaceReconciler) processFailedCondition(ctx context.Context, space *v1alpha1.Space) {
 	s.setSpaceCondition(
 		space,

go.mod

@@ -9,6 +9,7 @@ require (
 	k8s.io/api v0.25.0
 	k8s.io/apimachinery v0.25.0
 	k8s.io/client-go v0.25.0
+	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
 	sigs.k8s.io/controller-runtime v0.13.0
 )
 
@@ -58,11 +59,11 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -74,7 +75,6 @@ require (
 	k8s.io/component-base v0.25.0 // indirect
 	k8s.io/klog/v2 v2.70.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect

go.sum

@@ -436,8 +436,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -522,11 +522,11 @@ golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -535,8 +535,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=