From 88b6235e8769e7e2d47e5bc2d15aa5c05ef6a062 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= <juraci@kroehling.de>
Date: Thu, 17 May 2018 17:14:50 +0200
Subject: [PATCH] Add 'gas' for security problems scanning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
---
 Makefile                                      | 11 +++-
 cmd/query/app/static_handler.go               |  2 +-
 cmd/query/app/static_handler_test.go          |  2 +-
 model/json/model.go                           | 20 ------
 model/json/model_test.go                      | 66 -------------------
 pkg/cassandra/gocql/testutils/udt.go          |  2 +-
 .../strategystore/static/strategy_store.go    |  2 +-
 7 files changed, 14 insertions(+), 91 deletions(-)
 delete mode 100644 model/json/model_test.go

diff --git a/Makefile b/Makefile
index d16bc97fbd7..33a3126eef1 100644
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,7 @@ GOTEST=go test -v $(RACE)
 GOLINT=golint
 GOVET=go vet
 GOFMT=gofmt
+GAS=gas -exclude=G104
 FMT_LOG=fmt.log
 LINT_LOG=lint.log
 IMPORT_LOG=import.log
@@ -104,8 +105,12 @@ fmt:
 	$(GOFMT) -e -s -l -w $(ALL_SRC)
 	./scripts/updateLicenses.sh
 
+.PHONY: gas
+gas: install-gas
+	$(GAS) $(TOP_PKGS)
+
 .PHONY: lint
-lint:
+lint: gas
 	$(GOVET) $(TOP_PKGS)
 	@cat /dev/null > $(LINT_LOG)
 	@$(foreach pkg, $(TOP_PKGS), $(GOLINT) $(pkg) | grep -v -e pkg/es/wrapper.go -e /mocks/ -e thrift-gen -e thrift-0.9.2 >> $(LINT_LOG) || true;)
@@ -128,6 +133,10 @@ install-go-bindata:
 	go get github.com/jteeuwen/go-bindata/...
 	go get github.com/elazarl/go-bindata-assetfs/...
 
+.PHONY: install-gas
+install-gas:
+	go get github.com/GoASTScanner/gas/cmd/gas/...
+
 .PHONY: build-examples
 build-examples: install-go-bindata
 	(cd ./examples/hotrod/services/frontend/ && go-bindata-assetfs -pkg frontend web_assets/...)
diff --git a/cmd/query/app/static_handler.go b/cmd/query/app/static_handler.go
index 7af5d18207c..a6c43b03eb3 100644
--- a/cmd/query/app/static_handler.go
+++ b/cmd/query/app/static_handler.go
@@ -110,7 +110,7 @@ func loadUIConfig(uiConfig string) (map[string]interface{}, error) {
 		return nil, nil
 	}
 	ext := filepath.Ext(uiConfig)
-	bytes, err := ioutil.ReadFile(uiConfig)
+	bytes, err := ioutil.ReadFile(uiConfig) /* nolint #nosec , this comes from an admin, not user */
 	if err != nil {
 		return nil, errors.Wrapf(err, "Cannot read UI config file %v", uiConfig)
 	}
diff --git a/cmd/query/app/static_handler_test.go b/cmd/query/app/static_handler_test.go
index 61eccc3e2a5..4c5d4cfcc88 100644
--- a/cmd/query/app/static_handler_test.go
+++ b/cmd/query/app/static_handler_test.go
@@ -118,7 +118,7 @@ func TestNewStaticAssetsHandlerErrors(t *testing.T) {
 
 	for _, base := range []string{"x", "x/", "/x/"} {
 		_, err := NewStaticAssetsHandler("fixture", StaticAssetsHandlerOptions{UIConfigPath: "fixture/ui-config.json", BasePath: base})
-		require.Error(t, err, "basePath=%s", base)
+		require.Errorf(t, err, "basePath=%s", base)
 		assert.Contains(t, err.Error(), "Invalid base path")
 	}
 }
diff --git a/model/json/model.go b/model/json/model.go
index c739853c551..97259d037b7 100644
--- a/model/json/model.go
+++ b/model/json/model.go
@@ -14,11 +14,6 @@
 
 package json
 
-import (
-	"encoding/json"
-	"io/ioutil"
-)
-
 // ReferenceType is the reference type of one span to another
 type ReferenceType string
 
@@ -113,18 +108,3 @@ type DependencyLink struct {
 	Child     string `json:"child"`
 	CallCount uint64 `json:"callCount"`
 }
-
-// FromFile reads a Trace from a JSON file.
-// Mostly this exists to have some code aside from struct declaration,
-// as otherwise code coverate is reported as 0%.
-func FromFile(filename string) (*Trace, error) {
-	in, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return nil, err
-	}
-	var trace Trace
-	if err := json.Unmarshal(in, &trace); err != nil {
-		return nil, err
-	}
-	return &trace, nil
-}
diff --git a/model/json/model_test.go b/model/json/model_test.go
deleted file mode 100644
index 7e4a56675f0..00000000000
--- a/model/json/model_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) 2017 Uber Technologies, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package json_test
-
-import (
-	"bytes"
-	"encoding/json"
-	"io/ioutil"
-	"os"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	. "github.com/jaegertracing/jaeger/model/json"
-)
-
-func TestFromFile(t *testing.T) {
-	in, err := ioutil.ReadFile("fixture.json")
-	require.NoError(t, err)
-
-	trace, err := FromFile("fixture.json")
-	require.NoError(t, err)
-
-	out := &bytes.Buffer{}
-	encoder := json.NewEncoder(out)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(&trace)
-	require.NoError(t, err)
-
-	if !assert.Equal(t, string(in), string(out.Bytes())) {
-		err := ioutil.WriteFile("fixture-actual.json", out.Bytes(), 0644)
-		assert.NoError(t, err)
-	}
-}
-
-func TestFromFileErrors(t *testing.T) {
-	_, err := FromFile("invalid-file-name")
-	assert.Error(t, err)
-
-	tmpfile, err := ioutil.TempFile("", "invalid.json")
-	require.NoError(t, err)
-
-	defer os.Remove(tmpfile.Name()) // clean up
-
-	content := `{bad json}`
-	_, err = tmpfile.Write([]byte(content))
-	require.NoError(t, err)
-	err = tmpfile.Close()
-	require.NoError(t, err)
-
-	_, err = FromFile(tmpfile.Name())
-	assert.Error(t, err)
-}
diff --git a/pkg/cassandra/gocql/testutils/udt.go b/pkg/cassandra/gocql/testutils/udt.go
index 14aedf60a62..7d34379abf1 100644
--- a/pkg/cassandra/gocql/testutils/udt.go
+++ b/pkg/cassandra/gocql/testutils/udt.go
@@ -53,7 +53,7 @@ func (testCase UDTTestCase) Run(t *testing.T) {
 				proto: 0x03,
 				typ:   field.Type,
 			}
-			typeInfo := *(*gocql.NativeType)(unsafe.Pointer(&nt))
+			typeInfo := *(*gocql.NativeType)(unsafe.Pointer(&nt)) /* nolint #nosec */
 			data, err := testCase.Obj.MarshalUDT(field.Name, typeInfo)
 			if field.Err {
 				assert.Error(t, err)
diff --git a/plugin/sampling/strategystore/static/strategy_store.go b/plugin/sampling/strategystore/static/strategy_store.go
index c04268c19bd..6227a43e658 100644
--- a/plugin/sampling/strategystore/static/strategy_store.go
+++ b/plugin/sampling/strategystore/static/strategy_store.go
@@ -59,7 +59,7 @@ func loadStrategies(strategiesFile string) (*strategies, error) {
 	if strategiesFile == "" {
 		return nil, nil
 	}
-	bytes, err := ioutil.ReadFile(strategiesFile)
+	bytes, err := ioutil.ReadFile(strategiesFile) /* nolint #nosec , this comes from an admin, not user */
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to open strategies file")
 	}