fixing gosec alerts #12
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thepetk
requested changes
Jul 10, 2023
Yup, good catch. I thought I got all of them, but took another look and see a few ioutil file reads. Will add to next commit 👍 |
Signed-off-by: Michael Hoang <mhoang@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mike-hoang, thepetk The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Nice work! |
thepetk
referenced
this pull request
in thepetk/devfile-alizer
Jul 27, 2023
Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com>
thepetk
referenced
this pull request
in thepetk/devfile-alizer
Aug 1, 2023
* Add binaries to every new release (#237) * Add release yaml to workflows Signed-off-by: thepetk <thepetk@gmail.com> * Remove autogeneration of release notes Signed-off-by: thepetk <thepetk@gmail.com> * Update readme Signed-off-by: thepetk <thepetk@gmail.com> * Update Readme.md Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> * flattening go dir (#1) Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com> * Update realease.yaml (#2) Signed-off-by: thepetk <thepetk@gmail.com> * adding proposal for dockerfile components (#3) Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com> * Merge all test resources (#6) * Update test paths Signed-off-by: thepetk <thepetk@gmail.com> * Update angular test resource Signed-off-by: thepetk <thepetk@gmail.com> * Remove projectAngularjs Signed-off-by: thepetk <thepetk@gmail.com> * Update containerfile test Signed-off-by: thepetk <thepetk@gmail.com> * Update django test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update docker compose test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update tests for docker compose with ports Signed-off-by: thepetk <thepetk@gmail.com> * Update test project dockerfile Signed-off-by: thepetk <thepetk@gmail.com> * Update express js port tests Signed-off-by: thepetk <thepetk@gmail.com> * Update flask port tests Signed-off-by: thepetk <thepetk@gmail.com> * Update golang test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update jboss test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update laravel test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update test micronaut resources Signed-off-by: thepetk <thepetk@gmail.com> * Update container docker file nested tests Signed-off-by: thepetk <thepetk@gmail.com> * Update nuxt and next js tests Signed-off-by: thepetk <thepetk@gmail.com> * Update port test for quarkus Signed-off-by: thepetk <thepetk@gmail.com> * Update reactjs tests Signed-off-by: thepetk <thepetk@gmail.com> * Remove port test project quarkus Signed-off-by: thepetk <thepetk@gmail.com> * Update rest of port tests Signed-off-by: thepetk <thepetk@gmail.com> * Fix issue with ip host go format Signed-off-by: thepetk <thepetk@gmail.com> * Update test resources Signed-off-by: thepetk <thepetk@gmail.com> * Finalize new component detection format Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> * Add min max cli args (#5) * Create dependabot.yml Signed-off-by: thepetk <thepetk@gmail.com> * Update dependabot.yml Signed-off-by: thepetk <thepetk@gmail.com> * Update realease.yaml (#2) Signed-off-by: thepetk <thepetk@gmail.com> * adding proposal for dockerfile components (#3) Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com> * Merge all test resources (#6) * Update test paths Signed-off-by: thepetk <thepetk@gmail.com> * Update angular test resource Signed-off-by: thepetk <thepetk@gmail.com> * Remove projectAngularjs Signed-off-by: thepetk <thepetk@gmail.com> * Update containerfile test Signed-off-by: thepetk <thepetk@gmail.com> * Update django test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update docker compose test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update tests for docker compose with ports Signed-off-by: thepetk <thepetk@gmail.com> * Update test project dockerfile Signed-off-by: thepetk <thepetk@gmail.com> * Update express js port tests Signed-off-by: thepetk <thepetk@gmail.com> * Update flask port tests Signed-off-by: thepetk <thepetk@gmail.com> * Update golang test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update jboss test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update laravel test resources Signed-off-by: thepetk <thepetk@gmail.com> * Update test micronaut resources Signed-off-by: thepetk <thepetk@gmail.com> * Update container docker file nested tests Signed-off-by: thepetk <thepetk@gmail.com> * Update nuxt and next js tests Signed-off-by: thepetk <thepetk@gmail.com> * Update port test for quarkus Signed-off-by: thepetk <thepetk@gmail.com> * Update reactjs tests Signed-off-by: thepetk <thepetk@gmail.com> * Remove port test project quarkus Signed-off-by: thepetk <thepetk@gmail.com> * Update rest of port tests Signed-off-by: thepetk <thepetk@gmail.com> * Fix issue with ip host go format Signed-off-by: thepetk <thepetk@gmail.com> * Update test resources Signed-off-by: thepetk <thepetk@gmail.com> * Finalize new component detection format Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> * Run tidy Signed-off-by: thepetk <thepetk@gmail.com> * Update devfile_recognizer and models Signed-off-by: thepetk <thepetk@gmail.com> * Update cli Signed-off-by: thepetk <thepetk@gmail.com> * Update docs Signed-off-by: thepetk <thepetk@gmail.com> * Add test cases for versions cli args Signed-off-by: thepetk <thepetk@gmail.com> * Fix sec alert Signed-off-by: thepetk <thepetk@gmail.com> * Fix typo Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> Signed-off-by: Michael Hoang <mhoang@redhat.com> Co-authored-by: Michael Hoang <35011707+mike-hoang@users.noreply.github.com> Signed-off-by: thepetk <thepetk@gmail.com> * Remove dependabot (#10) Signed-off-by: thepetk@gmail.com Signed-off-by: thepetk@gmail.com Signed-off-by: thepetk <thepetk@gmail.com> * Minor update on devfiles versioning (#11) * Remove dependabot Signed-off-by: thepetk@gmail.com Signed-off-by: thepetk <thepetk@gmail.com> * Add versions to alizer devfile response Signed-off-by: thepetk <thepetk@gmail.com> * Update readme.md Signed-off-by: thepetk <thepetk@gmail.com> * Update naming and devfile models in the proposal Signed-off-by: thepetk <thepetk@gmail.com> * Update code naming Signed-off-by: thepetk <thepetk@gmail.com> * Update tests after renaming Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk@gmail.com Signed-off-by: thepetk <thepetk@gmail.com> * fixing gosec alerts (#12) Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com> * Add test coverage check to CI.yaml (#13) * Add test coverage workflow Signed-off-by: thepetk <thepetk@gmail.com> * Update ci.yaml Signed-off-by: thepetk <thepetk@gmail.com> * Add separate check for code coverage Signed-off-by: thepetk <thepetk@gmail.com> * Move code report in ci file Signed-off-by: thepetk <thepetk@gmail.com> * Add .codecov.yaml Signed-off-by: thepetk <thepetk@gmail.com> * Update workflow Signed-off-by: thepetk <thepetk@gmail.com> * Bump up setup-go Signed-off-by:thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> * adding support for dockerfile components (#14) Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk <thepetk@gmail.com> * Add test coverage workflow Signed-off-by: thepetk <thepetk@gmail.com> * Update ci.yaml Signed-off-by: thepetk <thepetk@gmail.com> * Add separate check for code coverage Signed-off-by: thepetk <thepetk@gmail.com> * Move code report in ci file Signed-off-by: thepetk <thepetk@gmail.com> * Update workflow Signed-off-by: thepetk <thepetk@gmail.com> * Bump up setup-go Signed-off-by:thepetk <thepetk@gmail.com> Signed-off-by: thepetk <thepetk@gmail.com> * Make DownloadDevFileTypesFromRegistry public Signed-off-by: thepetk <thepetk@gmail.com> * Add devfile.yaml schema Signed-off-by: thepetk <thepetk@gmail.com> * Add go script for generating registry entries json Signed-off-by: thepetk <thepetk@gmail.com> * Implement nightly run script and workflow Signed-off-by: thepetk <thepetk@gmail.com> * Update go mod Signed-off-by: thepetk <thepetk@gmail.com> * Add new schedule to registry check signed-off-by: thepetk <thepetk@gmail.com> Signed-off-by: thepetk <thepetk@gmail.com> * Update workflow name Signed-off-by: thepetk <thepetk@gmail.com> * Update go mod Signed-off-by: thepetk <thepetk@gmail.com> * Update funcs in order to be mockable Signed-off-by: thepetk <thepetk@gmail.com> * Move devfile_recognizer_test.go to recognizer dir Signed-off-by: thepetk <thepetk@gmail.com> * Update docstring of script Signed-off-by: thepetk <thepetk@gmail.com> * Add tests for check_registry.go Signed-off-by: thepetk <thepetk@gmail.com> * Fix test paths Signed-off-by: thepetk <thepetk@gmail.com> * Remove unecessary logging Signed-off-by: thepetk <thepetk@gmail.com> * Remove binary Signed-off-by: thepetk <thepetk@gmail.com> * Use make build instead of go command Signed-off-by: thepetk <thepetk@gmail.com> * Further fixes on the workflow Signed-off-by: thepetk <thepetk@gmail.com> --------- Signed-off-by: thepetk <thepetk@gmail.com> Signed-off-by: Michael Hoang <mhoang@redhat.com> Signed-off-by: thepetk@gmail.com Co-authored-by: Michael Hoang <35011707+mike-hoang@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fixes the gosec vulnerabilities remaining from after the Alizer migration.
Which issue(s) does this PR fix
fixes devfile/api#1179
PR acceptance criteria
Testing and documentation do not need to be complete in order for this PR to be approved. We just need to ensure tracking issues are opened.
Unit/Functional tests
Documentation
How to test changes / Special notes to the reviewer