New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabled gosec. #196
Disabled gosec. #196
Conversation
We are disabling this tool for now.
/test e2e-aws-upgrade |
/assign @adambkaplan @dmage |
@ricardomaraschini can you put a reason for why we are disabling it, in the PR description and/or commit? |
Of course, I should have added to start with. It is done. |
/hold We are waiting for openshift/release#5232 to get in |
/test integration |
/hold cancel openshift/release#5232 is merged. |
/test integration |
4 similar comments
/test integration |
/test integration |
/test integration |
/test integration |
/retest |
4 similar comments
/retest |
/retest |
/retest |
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dmage, ricardomaraschini The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/hold |
/hold |
/retest |
/test e2e-aws-image-registry |
/hold cancel |
/cherry-pick release-4.2 |
@ricardomaraschini: new pull request created: #200 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-4.2 |
@ricardomaraschini: failed to push cherry-picked changes in GitHub: pushing failed, output: "To https://github.com/openshift-cherrypick-robot/image-registry\n ! [rejected] cherry-pick-196-to-release-4.2 -> cherry-pick-196-to-release-4.2 (non-fast-forward)\nerror: failed to push some refs to 'https://openshift-cherrypick-robot:CENSORED@github.com/openshift-cherrypick-robot/image-registry'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. Integrate the remote changes (e.g.\nhint: 'git pull ...') before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n", error: exit status 1 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
We are disabling this tool for now. With gosec our tests are constantly failing and that is delaying us of getting what has been planned for the sprint done. We will revisit this in the future and there is already a ticket in place to do so.
Regarding the four security flaws reported by gosec on this repo:
For item number 1 I have checked and the variables being used when shelling out won't cause any problem as the user can't tamper with them. As for the second, to have profiling enabled is mandatory, further checks for alternatives could be done when we start working on it.
For reference, the ticket is https://jira.coreos.com/browse/DEVEXP-437