Chore: Implement gosec (#16261)

See https://github.com/securego/gosec for more info. Disabled a lot of rules. I guess we should go through them and recheck if we really need to disable some Fixes #16204

Chore: Implement gosec (#16261)
See https://github.com/securego/gosec for more info. Disabled a lot of rules. I guess we should go through them and recheck if we really need to disable some Fixes #16204
1d955a87 · Oleg Gaidarenko · GitHub · ad939b05 · 1d955a87 · 1d955a87
Commit 1d955a87 authored Mar 28, 2019 by Oleg Gaidarenko Committed by GitHub Mar 28, 2019
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletions

pkg/components/imguploader/gcsuploader.go
+1 -1

scripts/backend-lint.sh
+4 -0

No files found.
--- a/pkg/components/imguploader/gcsuploader.go
+++ b/pkg/components/imguploader/gcsuploader.go
@@ -14,7 +14,7 @@ import (
 )

 const (
-	tokenUrl  string = "https://www.googleapis.com/auth/devstorage.read_write"
+	tokenUrl  string = "https://www.googleapis.com/auth/devstorage.read_write" // #nosec
 	uploadUrl string = "https://www.googleapis.com/upload/storage/v1/b/%s/o?uploadType=media&name=%s&predefinedAcl=publicRead"
 )


--- a/scripts/backend-lint.sh
+++ b/scripts/backend-lint.sh
@@ -20,6 +20,7 @@ go get -u github.com/mdempsky/unconvert
 go get -u github.com/opennota/check/cmd/varcheck
 go get -u honnef.co/go/tools/cmd/staticcheck
 go get -u github.com/mgechev/revive
+go get -u github.com/securego/gosec/cmd/gosec/...

 exit_if_fail gometalinter --enable-gc --vendor --deadline 10m --disable-all \
  --enable=deadcode \
@@ -33,3 +34,6 @@ exit_if_fail gometalinter --enable-gc --vendor --deadline 10m --disable-all \

 exit_if_fail go vet ./pkg/...
 exit_if_fail revive -formatter stylish -config ./conf/revive.toml
+
+# TODO recheck the rules and leave only necessary exclusions
+exit_if_fail gosec -quiet -exclude=G104,G107,G201,G202,G204,G301,G302,G304,G402,G501,G505,G401 ./pkg/...