Merge 71f43c1 into fc67b31

apache · Feb 18, 2020 · a0a015b · a0a015b
2 parents fc67b31 + 71f43c1
commit a0a015b
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 3 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -49,6 +49,10 @@ jobs:
       script:
         - go get github.com/fzipp/gocyclo
         - bash scripts/travis/goCycloChecker.sh
+    - stage: GoSecure Checker
+      script:
+        - go get github.com/securego/gosec/cmd/gosec
+        - bash -x scripts/travis/goSecureChecker.sh
     - stage: Unit Test
       script:
         - export GOPROXY=https://goproxy.io

diff --git a/client/client.go b/client/client.go
@@ -71,6 +71,7 @@ func New(config Config) (*Client, error) {
 	}
 	httpOpts := &httpclient.Options{}
 	if u.Scheme == "https" {
+		// #nosec
 		httpOpts.TLSConfig = &tls.Config{
 			InsecureSkipVerify: !config.VerifyPeer,
 		}

diff --git a/scripts/travis/goSecureChecker.sh b/scripts/travis/goSecureChecker.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+gosec ./... > result.txt
+cat result.txt
+rm -rf result.txt
+issueCount=$(gosec ./... | grep "Issues"  |awk -F":" '{print $2}')
+if [ $? == 0 ] && [[ $issueCount -eq 0 ]] ; then
+	echo "No GoSecure warnings found"
+	exit 0
+else
+  echo "GoSecure Warnings found"
+	exit 1
+fi
+
diff --git a/server/config/struct.go b/server/config/struct.go
@@ -36,4 +36,5 @@ type DB struct {
 	SSLEnabled bool   `yaml:"sslEnabled"`
 	RootCA     string `yaml:"rootCAFile"`
 	Timeout    string `yaml:"timeout"`
+	VerifyPeer bool   `yaml:"insecureSkipVerify"`
 }
diff --git a/server/handler/noop_auth_handler.go b/server/handler/noop_auth_handler.go
@@ -20,6 +20,7 @@ package handler
 import (
 	"github.com/go-chassis/go-chassis/core/handler"
 	"github.com/go-chassis/go-chassis/core/invocation"
+	"github.com/go-mesh/openlogging"
 )
 
 //NoopAuthHandler not need implement any logic
@@ -41,5 +42,7 @@ func (bk *NoopAuthHandler) Name() string {
 	return "auth-handler"
 }
 func init() {
-	handler.RegisterHandler("auth-handler", newDomainResolver)
+	if err := handler.RegisterHandler("auth-handler", newDomainResolver); err != nil {
+		openlogging.Fatal("register auth-handler failed")
+	}
 }
diff --git a/server/resource/v1/common.go b/server/resource/v1/common.go
@@ -168,7 +168,10 @@ func eventHappened(rctx *restful.Context, waitStr string, topic *pubsub.Topic) (
 		UserAgent: rctx.ReadHeader("User-Agent"),
 		Event:     make(chan *pubsub.KVChangeEvent, 1),
 	}
-	pubsub.ObserveOnce(o, topic)
+	err = pubsub.ObserveOnce(o, topic)
+	if err != nil {
+		return false, errors.New("observe once failed: " + err.Error())
+	}
 	select {
 	case <-time.After(d):
 		happened = false

diff --git a/server/service/mongo/session/session.go b/server/service/mongo/session/session.go
@@ -110,9 +110,10 @@ func Init() error {
 				return
 			}
 			pool.AppendCertsFromPEM(caCert)
+			// #nosec
 			tc := &tls.Config{
 				RootCAs:            pool,
-				InsecureSkipVerify: true,
+				InsecureSkipVerify: config.GetDB().VerifyPeer,
 			}
 			clientOps = append(clientOps, options.Client().SetTLSConfig(tc))
 			openlogging.Info("enabled ssl communication to mongodb")