Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gosec #455

Merged
merged 39 commits into from
May 1, 2020
Merged

Gosec #455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
fa4099b
base gosec test
jonnydawg Apr 30, 2020
ac4b08c
exclude main kuberhealthy and variable http URL error
jonnydawg Apr 30, 2020
29c10e2
change args to run command
jonnydawg Apr 30, 2020
fc680fb
move arg to string
jonnydawg Apr 30, 2020
79378b1
move file to beginning of args
jonnydawg Apr 30, 2020
8c7e734
args adjustment
jonnydawg Apr 30, 2020
edf8ad6
remove the ignore for cmd/kuberhealthy
jonnydawg Apr 30, 2020
4d793fa
revert to base
jonnydawg Apr 30, 2020
d1ccb9e
break down steps
jonnydawg Apr 30, 2020
369fccc
try using run again
jonnydawg Apr 30, 2020
fa5dc13
remove with
jonnydawg Apr 30, 2020
8b41eb0
add entry point
jonnydawg Apr 30, 2020
ee73de0
add additional args
jonnydawg Apr 30, 2020
12313b5
test the help command
jonnydawg Apr 30, 2020
680028b
retry a different spacing based on help page
jonnydawg Apr 30, 2020
1c1a611
add pwd
jonnydawg Apr 30, 2020
2c3ea03
move dirs
jonnydawg Apr 30, 2020
a2d4bb0
testing random dirs now
jonnydawg Apr 30, 2020
28dcce2
testing another dir
jonnydawg Apr 30, 2020
24e6c46
move back to normal dir
jonnydawg Apr 30, 2020
770c85b
try run command
jonnydawg May 1, 2020
a5ab3da
revert to entrypoint
jonnydawg May 1, 2020
62c004e
just call version
jonnydawg May 1, 2020
8584ff2
try exclude dir
jonnydawg May 1, 2020
87c957b
try a different path
jonnydawg May 1, 2020
4cc5185
exclude main kuberhealthy dir
jonnydawg May 1, 2020
d172c73
working gosec workflow
jonnydawg May 1, 2020
0d06f7e
update workflow for pushes
jonnydawg May 1, 2020
c92eef4
fix gosec errors for resource-quota-check
jonnydawg May 1, 2020
ceb3b06
first stab at fixing gosec errors for deployment-check
jonnydawg May 1, 2020
ab4185a
first stab at fixing gosec errors for daemonset-check
jonnydawg May 1, 2020
9e12434
revert port int32 changes
jonnydawg May 1, 2020
a5f03b7
quick unhandled error fix for gosec
jonnydawg May 1, 2020
c47d7e6
update ignore flags & document them
jonnydawg May 1, 2020
455251c
forgot to declare the err
jonnydawg May 1, 2020
75c5b49
remove running on master branch pushes
jonnydawg May 1, 2020
215c0d8
not sure why the report line was removed
jonnydawg May 1, 2020
61c37e5
bump patch version for affected checks
jonnydawg May 1, 2020
b8e1ea1
quick error fix
jonnydawg May 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/gosec-latest-checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Run Gosec
on:
push:
branches:
- gosec # for testing this workflow
pull_request:
branches:
- master
jobs:
tests:
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v2
- name: Download Gosec
run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sudo sh -s -- -b /usr/bin latest
- name: Run Gosec Security Scanner
#G107: Url provided to HTTP request as taint input
#G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32
run: gosec -exclude=G107,G109 -exclude-dir=cmd/kuberhealthy ./...
4 changes: 2 additions & 2 deletions cmd/daemonset-check/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
build:
docker build -t kuberhealthy/daemonset-check:v2.2.1 -f Dockerfile ../../
docker build -t kuberhealthy/daemonset-check:v2.2.2 -f Dockerfile ../../

push:
docker push kuberhealthy/daemonset-check:v2.2.1
docker push kuberhealthy/daemonset-check:v2.2.2
5 changes: 4 additions & 1 deletion cmd/daemonset-check/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,10 @@ func (dsc *Checker) Shutdown(sdDoneChan chan error) {
var err error
// if the ds is deployed, delete it
if dsc.DaemonSetDeployed {
dsc.remove()
err = dsc.remove()
if err != nil {
log.Infoln("Failed to remove", dsc.DaemonSetName)
}
err = dsc.waitForPodRemoval()
}

Expand Down
4 changes: 2 additions & 2 deletions cmd/deployment-check/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
build:
docker build -t kuberhealthy/deployment-check:v1.4.0 -f Dockerfile ../../
docker build -t kuberhealthy/deployment-check:v1.4.1 -f Dockerfile ../../

push:
docker push kuberhealthy/deployment-check:v1.4.0
docker push kuberhealthy/deployment-check:v1.4.1
6 changes: 4 additions & 2 deletions cmd/deployment-check/run_check.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,8 +232,10 @@ func runDeploymentCheck() {
}

// Clean up!
cleanUp(ctx)

cleanUpError := cleanUp(ctx)
if cleanUpError != nil {
reportErrorsToKuberhealthy([]string{cleanUpError.Error()})
}
// Report to Kuberhealthy.
reportOKToKuberhealthy()
}
Expand Down
10 changes: 8 additions & 2 deletions cmd/deployment-check/service_requester.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,10 @@ func getRequestBackoff(hostname string) chan RequestResult {
if err == nil && resp.StatusCode == http.StatusOK {
log.Infoln("Successfully made an HTTP request on attempt:", attempts)
log.Infoln("Got a", resp.StatusCode, "with a", http.MethodGet, "to", hostname)
resp.Body.Close()
closeErr := resp.Body.Close()
if closeErr != nil {
log.Debugln("Failed to close response body:", closeErr.Error())
}
requestResult.Response = resp
requestResultChan <- requestResult
return
Expand All @@ -150,7 +153,10 @@ func getRequestBackoff(hostname string) chan RequestResult {

if resp != nil {
log.Debugln("Got a", resp.StatusCode)
resp.Body.Close()
closeErr := resp.Body.Close()
if closeErr != nil {
log.Debugln("Failed to close response body:", closeErr.Error())
}
}

retrySleep(attempts)
Expand Down
4 changes: 2 additions & 2 deletions cmd/http-check/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
build:
docker build -t kuberhealthy/http-check:v1.2.1 -f Dockerfile ../../
docker build -t kuberhealthy/http-check:v1.2.2 -f Dockerfile ../../

push:
docker push kuberhealthy/http-check:v1.2.1
docker push kuberhealthy/http-check:v1.2.2
16 changes: 11 additions & 5 deletions cmd/http-check/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,23 +36,29 @@ func main() {
if err != nil {
reportErr := fmt.Errorf("error occurred performing a " + http.MethodGet + " to " + checkURL + ": " + err.Error())
log.Errorln(reportErr.Error())
err = kh.ReportFailure([]string{reportErr.Error()})
if err != nil {
log.Fatalln("error when reporting to kuberhealthy:", err.Error())
reportFailureErr := kh.ReportFailure([]string{reportErr.Error()})
if reportFailureErr != nil {
log.Fatalln("error when reporting to kuberhealthy:", reportFailureErr.Error())
}
os.Exit(0)
}

// Check if the response status code is a 200.
if r.StatusCode == http.StatusOK {
log.Infoln("Got a", r.StatusCode, "with a", http.MethodGet, "to", checkURL)
kh.ReportSuccess()
reportSuccessErr := kh.ReportSuccess()
if err != nil {
log.Fatalln("error when reporting to kuberhealthy:", reportSuccessErr.Error())
}
os.Exit(0)
}

reportErr := fmt.Errorf("unable to retrieve a " + strconv.Itoa(http.StatusOK) + " from " + checkURL + " got a " + strconv.Itoa(r.StatusCode) + " instead")
log.Errorln(reportErr.Error())
kh.ReportFailure([]string{reportErr.Error()})
reportFailureErr := kh.ReportFailure([]string{reportErr.Error()})
if reportFailureErr != nil {
log.Fatalln("error when reporting to kuberhealthy:", reportFailureErr.Error())
}

os.Exit(0)
}
4 changes: 2 additions & 2 deletions cmd/resource-quota-check/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
build:
docker build -t kuberhealthy/resource-quota-check:v1.2.1 -f Dockerfile ../../
docker build -t kuberhealthy/resource-quota-check:v1.2.2 -f Dockerfile ../../

push:
docker push kuberhealthy/resource-quota-check:v1.2.1
docker push kuberhealthy/resource-quota-check:v1.2.2
10 changes: 8 additions & 2 deletions cmd/resource-quota-check/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,10 @@ func main() {
client, err = kubeClient.Create(kubeConfigFile)
if err != nil {
errorMessage := "failed to create a kubernetes client with error: " + err.Error()
kh.ReportFailure([]string{errorMessage})
reportErr := kh.ReportFailure([]string{errorMessage})
if reportErr != nil {
log.Fatalln("error reporting failure to kuberhealthy:", reportErr.Error())
}
return
}
log.Infoln("Kubernetes client created.")
Expand All @@ -95,7 +98,10 @@ func main() {
r = recover()
if r != nil {
log.Infoln("Recovered panic:", r)
kh.ReportFailure([]string{r.(string)})
reportErr := kh.ReportFailure([]string{r.(string)})
if reportErr != nil {
log.Fatalln("error reporting failure to kuberhealthy:", reportErr.Error())
}
}
}()

Expand Down