Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gosec #455

Merged
merged 39 commits into from May 1, 2020
Merged

Gosec #455

merged 39 commits into from May 1, 2020

Conversation

jonnydawg
Copy link
Collaborator

Implements a github workflow to run gosec on external checks for PRs against master

@jonnydawg
base gosec test
fa4099b
@jonnydawg
exclude main kuberhealthy and variable http URL error
ac4b08c
@jonnydawg
change args to run command
29c10e2
@jonnydawg
move arg to string
fc680fb
@jonnydawg
move file to beginning of args
79378b1
@jonnydawg
args adjustment
8c7e734
@jonnydawg
remove the ignore for cmd/kuberhealthy
edf8ad6
@jonnydawg
revert to base
4d793fa
@jonnydawg
break down steps
d1ccb9e
@jonnydawg
try using run again
369fccc
@jonnydawg
remove with
fa5dc13
@jonnydawg
add entry point
8b41eb0
@jonnydawg
add additional args
ee73de0
@jonnydawg
test the help command
12313b5
@jonnydawg
retry a different spacing based on help page
680028b
@jonnydawg
add pwd
1c1a611
@jonnydawg
move dirs
2c3ea03
@jonnydawg
testing random dirs now
a2d4bb0
@jonnydawg
testing another dir
28dcce2
@jonnydawg
move back to normal dir
24e6c46
@jonnydawg
try run command
770c85b
@jonnydawg
revert to entrypoint
a5ab3da
@jonnydawg
just call version
62c004e
@jonnydawg
try exclude dir
8584ff2
@jonnydawg
try a different path
87c957b
@jonnydawg
exclude main kuberhealthy dir
4cc5185
@jonnydawg
working gosec workflow
d172c73
@jonnydawg
Copy link
Collaborator Author

https://github.com/Comcast/kuberhealthy/runs/637224151?check_suite_focus=true

Currently, here are the issues found:

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/deployment-check/input.go:78] - G109 (CWE-190): Potential Integer overflow made by strconv.Atoi result conversion to int16/32 (Confidence: MEDIUM, Severity: HIGH)
  > port, err := strconv.Atoi(checkContainerPortEnv)

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/deployment-check/input.go:89] - G109 (CWE-190): Potential Integer overflow made by strconv.Atoi result conversion to int16/32 (Confidence: MEDIUM, Severity: HIGH)
  > port, err := strconv.Atoi(checkLoadBalancerPortEnv)

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/daemonset-check/main.go:304] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > dsc.remove()

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/deployment-check/run_check.go:235] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > cleanUp(ctx)

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/deployment-check/service_requester.go:141] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > resp.Body.Close()

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/deployment-check/service_requester.go:153] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > resp.Body.Close()

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/http-check/main.go:49] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > kh.ReportSuccess()

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/http-check/main.go:55] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > kh.ReportFailure([]string{reportErr.Error()})

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/resource-quota-check/main.go:87] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > kh.ReportFailure([]string{errorMessage})

[/home/runner/work/kuberhealthy/kuberhealthy/cmd/resource-quota-check/main.go:98] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > kh.ReportFailure([]string{r.(string)})

Summary:
   Files: 48
   Lines: 8115
   Nosec: 0
  Issues: 10

##[error]Process completed with exit code 1.

@jonnydawg
Copy link
Collaborator Author

I also think we should remove the gosec layer from the dockerfile from cmd/kuberhealthy and do it via a github action instead.

integrii
integrii approved these changes May 1, 2020
View reviewed changes
Copy link
Collaborator

@integrii integrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great upkeep. Thanks!

@integrii integrii mentioned this pull request May 1, 2020
Closed
@integrii
Copy link
Collaborator

integrii commented May 1, 2020

#458

@integrii integrii merged commit 633196f into master May 1, 2020
@integrii integrii deleted the gosec branch May 1, 2020 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@integrii integrii integrii approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jonnydawg @integrii