remove backticks and LDFLAG variable name to fix vulnerability

.travis.yml

@@ -14,8 +14,8 @@ script:
       export DOCKER_HUB_OPERATOR_TAG=23.7.0-dev
       export DOCKER_HUB_OPERATOR_TEST_TAG=23.7.0-dev
     else
-      export DOCKER_HUB_OPERATOR_TAG=`git rev-parse --short HEAD`
-      export DOCKER_HUB_OPERATOR_TEST_TAG=`git rev-parse --short HEAD`
+      export DOCKER_HUB_OPERATOR_TAG=$(git rev-parse --short HEAD)
+      export DOCKER_HUB_OPERATOR_TEST_TAG=$(git rev-parse --short HEAD)
     fi
     make vendor-update all test verify-bundle-dir container integration-test integration-test-container &&
     if [ "${TRAVIS_PULL_REQUEST}" == "false" ]; then

Makefile

@@ -80,8 +80,8 @@ BUNDLE_DIR         := $(BASE_DIR)/deploy/olm-catalog/portworx
 RELEASE_BUNDLE_DIR := $(BUNDLE_DIR)/$(RELEASE_VER)
 BUNDLE_VERSIONS    := $(shell find $(BUNDLE_DIR) -mindepth 1 -maxdepth 1 -type d )
 
-LDFLAGS += "-s -w -X github.com/libopenstorage/operator/pkg/version.Version=$(VERSION)"
-BUILD_OPTIONS := -ldflags=$(LDFLAGS)
+FLAGS += "-s -w -X github.com/libopenstorage/operator/pkg/version.Version=$(VERSION)"
+BUILD_OPTIONS := -ldflags=$(FLAGS)
 
 .DEFAULT_GOAL=all
 .PHONY: operator deploy clean vendor vendor-update test

README.md

@@ -30,7 +30,7 @@ If you get errors like
 
 try to switch to go 1.19. 
 
-Make sure not only $GOPATH but also $GOPATH/bin are in your system $PATH, otherwise `staticcheck` would fail.
+Make sure not only $GOPATH but also $GOPATH/bin are in your system $PATH, otherwise "staticcheck" would fail.
 
 ## Build operator container
 
@@ -45,3 +45,4 @@ export DOCKER_HUB_REPO=<eg. mybuildx>
 ```sh
 make container deploy
 ```
+

deploy/crds/core_v1_storagecluster_crd.yaml

@@ -101,9 +101,9 @@ spec:
                 description: >-
                   Setting this to true this stops part of the image tag being swallowed when setting a
                   customImageRegistry with a / in it. When set to false using a customImageRegistry of
-                  `example.io/public` and an image of `portworx/oci-monitor` the full image path is is
-                  `example.io/public/oci-monitor`, setting to true gives you
-                  `example.io/public/portworx/oci-monitor`. Defaults to false
+                  "example.io/public" and an image of "portworx/oci-monitor" the full image path is is
+                  "example.io/public/oci-monitor", setting to true gives you
+                  "example.io/public/portworx/oci-monitor". Defaults to false
               secretsProvider:
                 type: string
                 description: Secrets provider is the name of secret provider that driver will connect to.
@@ -1121,7 +1121,7 @@ spec:
                       retention:
                         description: Time duration Prometheus shall retain data for. Default
                           is '24h' if retentionSize is not set, and must match the regular
-                          expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes
+                          expression "[0-9]+(ms|s|m|h|d|w|y)" (milliseconds seconds minutes
                           hours days weeks years).
                         pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                         type: string
@@ -1173,7 +1173,7 @@ spec:
                                                 provision the volume. The pod in which this EphemeralVolumeSource
                                                 is embedded will be the owner of the PVC, i.e. the PVC will
                                                 be deleted together with the pod.  The name of the PVC will
-                                                be `<pod name>-<volume name>` where `<volume name>` is the
+                                                be '<pod name>-<volume name>' where '<volume name>' is the
                                                 name from the `PodSpec.Volumes` array entry. Pod validation
                                                 will reject the pod if the concatenated name is not valid
                                                 for a PVC (for example, too long). \n An existing PVC with

pkg/migration/generate.go

@@ -1186,7 +1186,7 @@ func getStorageClusterNameFromClusterID(clusterID string) string {
 	// Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
 	// If the cluster ID is a valid k8s object name, just set it as the storage cluster name
 	// Additionally, check whether the clusterID is longer than 63 chars, which will fail to construct controller revision
-	validNameRegex := regexp.MustCompile(`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`)
+	validNameRegex := regexp.MustCompile("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") //lint:ignore S1007 we want to remove backticks to avoid vulnerability
 	if validNameRegex.MatchString(clusterID) && len(clusterID) <= 63 {
 		return clusterID
 	}
@@ -1197,7 +1197,7 @@ func getStorageClusterNameFromClusterID(clusterID string) string {
 	}
 
 	// If the cluster ID is invalid as a k8s object name, replace '_' with '-' then remove all invalid characters
-	invalidCharRegex := regexp.MustCompile(`[^a-z0-9-]+`)
+	invalidCharRegex := regexp.MustCompile("[^a-z0-9-]+")
 	clusterID = strings.Trim(strings.ReplaceAll(clusterID, "_", "-"), "-")
 	return invalidCharRegex.ReplaceAllString(strings.ToLower(clusterID), "")
 }

pkg/util/k8s/k8s.go

@@ -51,7 +51,7 @@ const (
 )
 
 var (
-	kbVerRegex = regexp.MustCompile(`^(v\d+\.\d+\.\d+)(.*)`)
+	kbVerRegex = regexp.MustCompile("^(v\\d+\\.\\d+\\.\\d+)(.*)") //lint:ignore S1007 we want to remove backticks to avoid vulnerability
 	// K8sVer1_13 k8s 1.13
 	K8sVer1_13, _ = version.NewVersion("1.13")
 	// K8sVer1_17 k8s 1.17

pkg/util/test/util.go

@@ -487,7 +487,7 @@ func validateStorageNodes(pxImageList map[string]string, cluster *corev1.Storage
 			for _, env := range cluster.Spec.Env {
 				if env.Name == PxReleaseManifestURLEnvVarName {
 					// Looking for clear PX version before /version in the URL
-					ver := regexp.MustCompile(`\S+\/(\d.\S+)\/version`).FindStringSubmatch(env.Value)
+					ver := regexp.MustCompile("\\S+\\/(\\d.\\S+)\\/version").FindStringSubmatch(env.Value) //lint:ignore S1007 we want to remove backticks to avoid vulnerability
 					if ver != nil {
 						expectedPxVersion = ver[1]
 					} else {

pkg/util/util.go

@@ -97,7 +97,7 @@ var (
 	}
 
 	// hostnameWithDomainRe regex matches hostname with a DNS domain
-	hostnameWithDomainRe = regexp.MustCompile(`^(?i)[a-z0-9-]+(\.[a-z0-9-]+)+\.?$`)
+	hostnameWithDomainRe = regexp.MustCompile("^(?i)[a-z0-9-]+(\\.[a-z0-9-]+)+\\.?$") //lint:ignore S1007 we want to remove backticks to avoid vulnerability
 )
 
 // AddDefaultRegistryToImage adds default registry to image.