From 942b0d160a9c7a6e70a6189935a2135e775c55d2 Mon Sep 17 00:00:00 2001 From: Bernd Verst <4535280+berndverst@users.noreply.github.com> Date: Wed, 17 Aug 2022 20:43:44 -0700 Subject: [PATCH] enable gosec linter again Signed-off-by: Bernd Verst <4535280+berndverst@users.noreply.github.com> --- .golangci.yml | 1 - internal/eventbus/event_bus_test.go | 1 + secretstores/azure/keyvault/keyvault.go | 3 +-- state/mongodb/mongodb.go | 2 +- state/mysql/mysql.go | 5 +++++ tests/conformance/state/state.go | 6 ++++-- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 35736c211f..59fbe04908 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -260,7 +260,6 @@ linters: - godot - cyclop - varnamelen - - gosec - errorlint - forcetypeassert - ifshort diff --git a/internal/eventbus/event_bus_test.go b/internal/eventbus/event_bus_test.go index 5526d7f448..144b799af2 100644 --- a/internal/eventbus/event_bus_test.go +++ b/internal/eventbus/event_bus_test.go @@ -16,6 +16,7 @@ The MIT License (MIT) Copyright (c) 2014 Alex Saskevich */ +//nolint:errcheck package eventbus import ( diff --git a/secretstores/azure/keyvault/keyvault.go b/secretstores/azure/keyvault/keyvault.go index 2a3201dfe1..4314bb1fe7 100644 --- a/secretstores/azure/keyvault/keyvault.go +++ b/secretstores/azure/keyvault/keyvault.go @@ -186,8 +186,7 @@ func (k *keyvaultSecretStore) getVaultURI() string { func (k *keyvaultSecretStore) getMaxResultsFromMetadata(metadata map[string]string) (*int32, error) { if s, ok := metadata["maxresults"]; ok && s != "" { - /* #nosec */ - val, err := strconv.Atoi(s) + val, err := strconv.Atoi(s) //nolint:gosec if err != nil { return nil, err } diff --git a/state/mongodb/mongodb.go b/state/mongodb/mongodb.go index 87a786e225..e18b2e1d04 100644 --- a/state/mongodb/mongodb.go +++ b/state/mongodb/mongodb.go @@ -66,7 +66,7 @@ const ( connectionURIFormatWithSrv = "mongodb+srv://%s/%s" // mongodb+srv://:@/ - connectionURIFormatWithSrvAndCredentials = "mongodb+srv://%s:%s@%s/%s%s" + connectionURIFormatWithSrvAndCredentials = "mongodb+srv://%s:%s@%s/%s%s" //nolint:gosec ) // MongoDB is a state store implementation for MongoDB. diff --git a/state/mysql/mysql.go b/state/mysql/mysql.go index 22c4e16600..8da8cb8c09 100644 --- a/state/mysql/mysql.go +++ b/state/mysql/mysql.go @@ -245,6 +245,11 @@ func (m *MySQL) ensureStateTable(stateTableName string) error { // never need to pass it in. // eTag is a UUID stored as a 36 characters string. It needs to be passed // in on inserts and updates and is used for Optimistic Concurrency + + // adding a basic precaution to ensure our SQL query is not hijacked + stateTableName = strings.Split(strings.Split(stateTableName, ";")[0], " ")[0] + + //nolint:gosec createTable := fmt.Sprintf(`CREATE TABLE %s ( id VARCHAR(255) NOT NULL PRIMARY KEY, value JSON NOT NULL, diff --git a/tests/conformance/state/state.go b/tests/conformance/state/state.go index 88aa457095..35bd59abbd 100644 --- a/tests/conformance/state/state.go +++ b/tests/conformance/state/state.go @@ -425,7 +425,8 @@ func ConformanceTests(t *testing.T, props map[string]string, statestore state.St } } - transactionStore := statestore.(state.TransactionalStore) + transactionStore, ok := statestore.(state.TransactionalStore) + assert.True(t, ok) sort.Ints(transactionGroups) for _, transactionGroup := range transactionGroups { t.Logf("Testing transaction #%d", transactionGroup) @@ -547,7 +548,8 @@ func ConformanceTests(t *testing.T, props map[string]string, statestore state.St } // Act - transactionStore := statestore.(state.TransactionalStore) + transactionStore, ok := statestore.(state.TransactionalStore) + assert.True(t, ok) err = transactionStore.Multi(&state.TransactionalStateRequest{ Operations: operations, Metadata: partitionMetadata,