Skip to content

Commit

Permalink
Merge pull request #1377 from tu1h/enable_gosec
Browse files Browse the repository at this point in the history
Enable gosec in golangci check
  • Loading branch information
ErikJiang authored Sep 23, 2024
2 parents 4e04c0f + 6fb0f23 commit 8547154
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 12 deletions.
13 changes: 12 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,17 @@ linters-settings:
min-complexity: 20
nestif:
min-complexity: 20
gosec:
config:
nosec: true
G101:
# Regexp pattern for variables and constants to find.
pattern: "(?i)passwd|pass|password|pwd|secret|token|pw|apiKey|bearer|cred|crt|cert|certificate"
excludes:
- G112
- G401
- G501
- G601

output:
formats: colored-line-number
Expand Down Expand Up @@ -117,7 +128,6 @@ linters:
- cyclop # checks function and package cyclomatic complexity
- errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
- unparam # Reports unused function parameters
- gosec # Inspects source code for security problems
- funlen # Tool for detection of long functions
- gocognit # Computes and checks the cognitive complexity of functions
- gocyclo # Computes and checks the cyclomatic complexity of functions
Expand Down Expand Up @@ -160,4 +170,5 @@ linters:
- unused # Checks Go code for unused constants, variables, functions and types
- whitespace # Tool for detection of leading and trailing whitespace
- godot # Check if comments end in a period
- gosec # Inspects source code for security problems

17 changes: 9 additions & 8 deletions pkg/util/entrypoint/entrypoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,15 @@ const (
RemoveNodePB = "remove-node.yml"
UpgradeClusterPB = "upgrade-cluster.yml"

PingPB = "ping.yml"
RepoPB = "enable-repo.yml"
FirewallPB = "disable-firewalld.yml"
KubeconfigPB = "kubeconfig.yml"
ClusterInfoPB = "cluster-info.yml"
UpdateHostsPB = "update-hosts.yml"
RemovePkgsPB = "remove-pkgs.yml"
PreCheckPB = "precheck.yml"
PingPB = "ping.yml"
RepoPB = "enable-repo.yml"
FirewallPB = "disable-firewalld.yml"
KubeconfigPB = "kubeconfig.yml"
ClusterInfoPB = "cluster-info.yml"
UpdateHostsPB = "update-hosts.yml"
RemovePkgsPB = "remove-pkgs.yml"
PreCheckPB = "precheck.yml"
// #nosec
RenewCertsPB = "renew-certs.yml"
KubeVipConfigPB = "config-for-kube-vip.yml"
ConfigInsecureRegistryPB = "config-insecure-registry.yml"
Expand Down
10 changes: 7 additions & 3 deletions pkg/webhooks/clusterops/clusterops_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,16 @@ import (
)

var (
certsDir = "/etc/webhook/certs"
certKey = "tls.key"
// #nosec
certsDir = "/etc/webhook/certs"
// #nosec
certKey = "tls.key"
// #nosec
certFile = "tls.crt"
Organization = "kubean.io"
DefaultEffectTime = 10 * 365 * 24 * time.Hour
CAStoreSecret = "webhook-http-ca-secret"
// #nosec
CAStoreSecret = "webhook-http-ca-secret"

WebHookPath = "/webhook"
WebhookSVCNamespace, _ = os.LookupEnv("WEBHOOK_SERVICE_NAMESPACE")
Expand Down

0 comments on commit 8547154

Please sign in to comment.