mirror of
https://github.com/kubevirt/containerized-data-importer.git
synced 2025-06-03 06:30:22 +00:00
8bd9355fd1
* Move gosec into golangci-lint Remove gosec target and scripts and use the golangci-lint linter This ensures we stay up-to-date (so long as golangci-lint is up to date too). Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G601: Disable for-loop variable aliassing warning (not relevant fro Go>=1.22) Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G101: Ignore warning about plain-text credentials They are false positives Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G102: Don't listen to all interfaces Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G107: Ignore potentially tainted GET requests They are all in test code Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G109: Avoid integer overflows after parsing strings Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G110: Potential DoS vulnerability via decompression bomb Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G114: Use of net/http serve function that has no support for setting timeouts Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G204: Subprocess launched with a potential tainted input or cmd arguments Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G305: File traversal when extracting zip/tar archive Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G306: Expect WriteFile permissions to be 0600 or less Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * Bugfix: Misuse of file descriptor flags in file permission bits os.WriteFile always uses O_WRONLY|O_CREATE|O_TRUNC, the third argument is for the file's permission bits. This code is misleading, it will truncate the file and not append to it. For that you'd need os.Openfile(path, os.O_APPEND, 0600) I also simplified the unnecessary []byte conversion. Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G401: Use of weak cryptographic primitive Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G402: Insecure TLS Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G404: Use of weak random number generator (math/rand instead of crypto/rand) Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * G501: Blocklisted import crypto/md5: weak cryptographic primitive Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * Run autoformatters Unrelated to the PR but this way we keep everything formatted Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> * Remove references to gosec in the makefile Gosec has been moved into Golangci-lint Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> --------- Signed-off-by: Edu Gómez Escandell <egomez@redhat.com> |
||
|---|---|---|
| .. | ||
| BUILD.bazel | ||
| openstack_populator_suite_test.go | ||
| openstack-populator_test.go | ||
| openstack-populator.go | ||