Merge pull request #95 from grddev/add-gosec-github-action

Add gosec Github action, and address all issues found
lirm · Sep 13, 2023 · fe9f4a2 · fe9f4a2
2 parents a143d07 + 4c1704e
commit fe9f4a2
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 10 deletions.
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
@@ -0,0 +1,24 @@
+name: Gosec
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@v2.15.0
+        with:
+          args: '-exclude=G103,G104 -exclude-dir=systests -exclude-dir=examples -no-fail -fmt sarif -out results.sarif ./...'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif
diff --git a/aeron/util/memmap/memmap.go b/aeron/util/memmap/memmap.go
@@ -41,18 +41,11 @@ var memories = sync.Map{}
 
 // GetFileSize is a helper function to retrieve file size
 func GetFileSize(filename string) int64 {
-	file, err := os.Open(filename)
+	fi, err := os.Stat(filename)
 	if err != nil {
 		logger.Error(err)
 		return -1
 	}
-	defer file.Close()
-
-	fi, err := file.Stat()
-	if err != nil {
-		logger.Fatal(err)
-		return -1
-	}
 
 	return fi.Size()
 }
@@ -62,7 +55,8 @@ func GetFileSize(filename string) int64 {
 func MapExisting(filename string, offset int64, length int) (*File, error) {
 	logger.Debugf("Will try to map existing %s, %d, %d", filename, offset, length)
 
-	f, err := os.OpenFile(filename, syscall.O_RDWR, 0644)
+	/* #nosec G304 -- Read counters/logbuffers */
+	f, err := os.OpenFile(filename, syscall.O_RDWR, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -101,6 +95,7 @@ func MapExisting(filename string, offset int64, length int) (*File, error) {
 func NewFile(filename string, offset int64, length int) (*File, error) {
 	logger.Debugf("Will try to map new %s, %d, %d", filename, offset, length)
 
+	/* #nosec G304 -- Read cluster-mark-service-0.dat */
 	f, err := os.Create(filename)
 	if err != nil {
 		return nil, err

diff --git a/cluster/client/aeron_cluster.go b/cluster/client/aeron_cluster.go
@@ -241,7 +241,7 @@ func (ac *AeronCluster) updateMemberEndpoints(endpoints string) {
 	logger.Debugf("updateMemberEndpoints: %s", endpoints)
 	for idx, endpoint := range strings.Split(endpoints, ",") {
 		if delim := strings.IndexByte(endpoint, '='); delim > 0 {
-			memberId, err := strconv.Atoi(endpoint[:delim])
+			memberId, err := strconv.ParseInt(endpoint[:delim], 10, 32)
 			if err != nil {
 				logger.Warningf("invalid endpoint at idx=%d: %s", idx, endpoint)
 				continue