Introduce gosec for security checks

[JAORMX]

gosec does static code analysis and checks for common security issues in
golang codebases.

This PR introduces a script that will run gosec similarly to other check
tools.

[JAORMX]

/test e2e-aws-scaleup-rhel7

[JAORMX]

/test e2e-aws-scaleup-rhel7

[abhinavdahiya]

Do you have an example of what kind of security flaws does this script highlight on this repo's master.

I would like top avoid yet another comment to skip the test, if there are toomany false positives with this for installer repo as installer deals with files etc.

And if there is an effort to bring this check in all OpenShift repos, i would expect this to be backed by an enhancement.

[JAORMX]

Do you have an example of what kind of security flaws does this script highlight on this repo's master.

I switched the configuration to only highlight critical security flaws with high confidence (as opposed to the previous attempt, which was medium flaws with medium confidence). With this configuration, the tool doesn't find any issues in the codebase (which is good!).

Here's the output:

hack/go-sec.sh                                                                                                                                                              add-gosec  
+ '[' '' '!=' '' ']'
+ podman run --rm --env IS_CONTAINER=TRUE --volume /home/josorior/go/src/github.com/openshift/installer:/go/src/github.com/openshift/installer:z --workdir /go/src/github.com/openshift/installer docker.io/openshift/origin-release:golang-1.12 ./hack/go-sec.sh
+ '[' TRUE '!=' '' ']'
++ command -v gosec
+ '[' '!' '' ']'
+ go get github.com/securego/gosec/cmd/gosec
+ gosec -severity high -confidence high -exclude G304 ./cmd/... ./data/... ./pkg/...
[gosec] 2019/10/21 09:56:14 Including rules: default
[gosec] 2019/10/21 09:56:14 Excluding rules: G304
[gosec] 2019/10/21 09:56:14 Import directory: /go/src/github.com/openshift/installer/cmd/openshift-install
[gosec] 2019/10/21 09:58:40 Checking package: main
[gosec] 2019/10/21 09:58:40 Checking file: /go/src/github.com/openshift/installer/cmd/openshift-install/completions.go
[gosec] 2019/10/21 09:58:40 Checking file: /go/src/github.com/openshift/installer/cmd/openshift-install/create.go
...
Results:


Summary:
   Files: 301
   Lines: 27020
   Nosec: 0
  Issues: 0

I would like top avoid yet another comment to skip the test, if there are toomany false positives with this for installer repo as installer deals with files etc.

And if there is an effort to bring this check in all OpenShift repos, i would expect this to be backed by an enhancement.

There is no PR in the enhancements repo as of yet.

[JAORMX]

/test e2e-aws-scaleup-rhel7-

[abhinavdahiya]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, JAORMX

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abhinavdahiya]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[JAORMX]

/test e2e-aws-scaleup-rhel7

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@JAORMX: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-scaleup-rhel7	0a854cd	link	/test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.