chore(gosec): use nolint instead of nosec for gosec

Due to securego/gosec#1105 we need to use `nolint` instead of `nosec` for `gosec`.
cloudfoundry · Mar 28, 2024 · dffc6eb · dffc6eb
1 parent 4784fa8
commit dffc6eb
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 4 deletions.
diff --git a/src/acceptance/api/api_suite_test.go b/src/acceptance/api/api_suite_test.go
@@ -77,7 +77,7 @@ var _ = BeforeSuite(func() {
 	BindServiceToApp(cfg, appName, instanceName)
 	StartApp(appName, cfg.CfPushTimeoutDuration())
 
-	// #nosec G402
+	//nolint:gosec // #nosec G402 -- due to https://github.com/securego/gosec/issues/1105
 	client = &http.Client{
 		Transport: &http.Transport{
 			Proxy: http.ProxyFromEnvironment,

diff --git a/src/acceptance/assets/app/go_app/internal/app/custom_metrics.go b/src/acceptance/assets/app/go_app/internal/app/custom_metrics.go
@@ -165,6 +165,7 @@ func getCFInstanceIdentityCertificateClient() (*http.Client, error) {
 	caCertPool.AppendCertsFromPEM(caCertBytes)
 
 	/* #nosec G402 -- test app that shall run on dev foundations without proper certs */
+	//nolint:gosec // #nosec G402 -- due to https://github.com/securego/gosec/issues/1105
 	tlsConfig := &tls.Config{
 		Certificates:       []tls.Certificate{cert},
 		InsecureSkipVerify: true,

diff --git a/src/acceptance/assets/app/go_app/internal/custommetrics/basic_auth_transport.go b/src/acceptance/assets/app/go_app/internal/custommetrics/basic_auth_transport.go
@@ -26,6 +26,7 @@ func (bat *BasicAuthTransport) Client() *http.Client {
 
 func NewBasicAuthTransport(credentials CustomMetricsCredentials) *BasicAuthTransport {
 	/* #nosec G402 -- test app that shall run on dev foundations without proper certs */
+	//nolint:gosec // #nosec G402 -- due to https://github.com/securego/gosec/issues/1105
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	}

diff --git a/src/acceptance/helpers/helpers.go b/src/acceptance/helpers/helpers.go
@@ -562,7 +562,7 @@ func GetHTTPClient(cfg *config.Config) *http.Client {
 			TLSHandshakeTimeout: 10 * time.Second,
 			DisableCompression:  true,
 			DisableKeepAlives:   true,
-			// #nosec G402
+			//nolint:gosec // #nosec G402 -- due https://github.com/securego/gosec/issues/11051
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: cfg.SkipSSLValidation,
 			},

diff --git a/src/autoscaler/cf/app_integration_test.go b/src/autoscaler/cf/app_integration_test.go
@@ -35,7 +35,7 @@ func TestClient_GetAppProcesses(t *testing.T) {
 	client := cf.NewCFClient(conf, logger, clock.NewClock())
 	err := client.Login()
 	assert.Nil(t, err)
-	// #nosec G402
+	//nolint:gosec // #nosec G402 -- due to https://github.com/securego/gosec/issues/1105
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	resp, err := http.Get("https://test_app." + systemDomain)
 	if err != nil {

diff --git a/src/autoscaler/cf/client.go b/src/autoscaler/cf/client.go
@@ -142,7 +142,7 @@ func NewCFClient(conf *Config, logger lager.Logger, clk clock.Clock) *Client {
 		"client_secret": {conf.Secret},
 	}
 	c.authHeader = "Basic " + base64.StdEncoding.EncodeToString([]byte(conf.ClientID+":"+conf.Secret))
-	// #nosec G402 - this is intentionally configurable
+	//nolint:gosec // #nosec G402 -- due to https://github.com/securego/gosec/issues/1105
 	c.Client = cfhttp.NewClient(
 		cfhttp.WithTLSConfig(&tls.Config{InsecureSkipVerify: conf.SkipSSLValidation}),
 		cfhttp.WithDialTimeout(10*time.Second),