fix: work around broken #nosec in gosec

See securego/gosec#1105 Signed-off-by: nscuro <nscuro@protonmail.com>
CycloneDX · Apr 6, 2024 · 8018799 · 8018799
1 parent 56318a8
commit 8018799
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -14,3 +14,7 @@ linters:
 linters-settings:
   goconst:
     ignore-tests: true
+  gosec:
+    config:
+      global:
+        nosec: true
diff --git a/internal/sbom/sbom.go b/internal/sbom/sbom.go
@@ -18,8 +18,8 @@
 package sbom
 
 import (
-	"crypto/md5"  // #nosec G501
-	"crypto/sha1" // #nosec G505
+	"crypto/md5"  //nolint:gosec // #nosec G501
+	"crypto/sha1" //nolint:gosec // #nosec G505
 	"crypto/sha256"
 	"crypto/sha512"
 	"fmt"
@@ -152,9 +152,9 @@ func CalculateFileHashes(logger zerolog.Logger, filePath string, algos ...cdx.Ha
 
 		switch algo { //nolint:exhaustive
 		case cdx.HashAlgoMD5:
-			hashWriter = md5.New() // #nosec G401
+			hashWriter = md5.New() //nolint:gosec // #nosec G401
 		case cdx.HashAlgoSHA1:
-			hashWriter = sha1.New() // #nosec G401
+			hashWriter = sha1.New() //nolint:gosec // #nosec G401
 		case cdx.HashAlgoSHA256:
 			hashWriter = sha256.New()
 		case cdx.HashAlgoSHA384:

diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go
@@ -168,7 +168,7 @@ func RequireValidSBOM(t *testing.T, bom *cdx.BOM, fileFormat cdx.BOMFileFormat)
 	require.NoError(t, err)
 	require.NoError(t, bomFile.Close())
 
-	valCmd := exec.Command("cyclonedx", "validate", "--input-file", bomFile.Name(), "--input-format", inputFormat, "--input-version", "v1_4", "--fail-on-errors") // #nosec G204
+	valCmd := exec.Command("cyclonedx", "validate", "--input-file", bomFile.Name(), "--input-format", inputFormat, "--input-version", "v1_4", "--fail-on-errors") //nolint:gosec // #nosec G204
 	valOut, err := valCmd.CombinedOutput()
 	if !assert.NoError(t, err) {
 		// Provide some context when test is failing