Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Adding gosec linter (#4437)

Browse source 
* Adding gosec linter

Adding gosec (Static application security testing) linter.

* Testing gosec exclusion in golangci-lint

G110 is being triggered - testing if exclude works, then will revert and leave the excludes section there for future needs.

Also adding some tests to exclude rules

* Update .golangci.yml

Testing gosec allow list of rules

* Update .golangci.yml

Trying gosec deny list of rules

* Update .golangci.yml

Reconfiguring G306 alert to use 644, less stringent, and adding every file with current warnings to exclusions. Once this is all buttoned up and running on NEW files, we will go back and address all issues or put a comment stating why the file is excluded here.

* Update .golangci.yml

Removing exclusion to see if lint now fails

* Update .golangci.yml

Removing most exclusions to test

* Update .golangci.yml

Removing 100% of exclusions for more testing

* Update .golangci.yml

Re-adding exclusions slowly and testing to be sure we only exclude what is needed

* Update .golangci.yml

Adding all exclusions and comments per category pointing to github issues for investigating and cleaning up over time.
This commit is contained in:
Guillaume Ross 2022-03-07 09:10:35 -05:00 committed by GitHub
parent 6f109cc792
commit 1884726f55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 139 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
.golangci.yml
View file

@ -3,6 +3,7 @@ linters:
enable:
- deadcode
- depguard
- gosec
- gocritic
- gofmt
- govet
@ -22,6 +23,10 @@ linters-settings:
packages-with-error-message:
- github.com/rotisserie/eris: "use ctxerr.New or ctxerr.Wrap[f] instead"
- github.com/pkg/errors: "use ctxerr if a context.Context is available or stdlib errors.New / fmt.Errorf with the %w verb"
gosec:
config:
G306: "0644"
gocritic:
enabled-checks:
@ -56,8 +61,142 @@ linters-settings:
- name: unreachable-code
- name: redefines-builtin-id
# Before excluding files from gosec linter - an issue must be created and referenced in a comment.
issues:
exclude-rules:
- path: server/datastore/mysql/migrations/[^/]+/[^/]+\.go
linters:
- depguard
# cmd gosec exclusions https://github.com/fleetdm/fleet/issues/4451
- path: cmd/osquery-perf/agent.go
linters:
- gosec
- path: cmd/fleet/serve.go
linters:
- gosec
- path: cmd/fleetctl/api.go
linters:
- gosec
- path: cmd/fleetctl/get.go
linters:
- gosec
- path: cmd/fleetctl/preview.go
linters:
- gosec
# Orbit gosec exclusions https://github.com/fleetdm/fleet/issues/4452
- path: orbit/pkg/update/update.go
linters:
- gosec
- path: orbit/pkg/packaging/wix/wix.go
linters:
- gosec
- path: orbit/pkg/packaging/macos.go
linters:
- gosec
- path: orbit/pkg/packaging/windows.go
linters:
- gosec
- path: orbit/pkg/packaging/packaging.go
linters:
- gosec
# insecure proxy is insecure by design
- path: orbit/pkg/insecure/proxy.go
linters:
- gosec
# pkg gosec exclusions https://github.com/fleetdm/fleet/issues/4453
# Test file which triggers many TLS warnings by design
- path: pkg/fleethttp/fleethttp_test.go
linters:
- gosec
- path: pkg/certificate/certificate.go
linters:
- gosec
- path: pkg/download/download.go
linters:
- gosec
# server gosec exclusions https://github.com/fleetdm/fleet/issues/4455
- path: server/mail/mail.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/service/redis_policy_set/redis_policy_set_test.go
linters:
- gosec
- path: server/sso/settings.go
linters:
- gosec
- path: server/datastore/mysql/hosts.go
linters:
- gosec
- path: server/datastore/mysql/hosts_test.go
linters:
- gosec
- path: server/datastore/mysql/mysql_test.go
linters:
- gosec
- path: server/service/client_live_query.go
linters:
- gosec
- path: server/service/invites.go
linters:
- gosec
- path: server/service/service_appconfig.go
linters:
- gosec
- path: server/service/service_users.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/datastore/mysql/aggregated_stats_test.go
linters:
- gosec
- path: server/fleet/app.go
linters:
- gosec
- path: server/service/async/async_policy.go
linters:
- gosec
- path: server/logging/kinesis.go
linters:
- gosec
- path: server/logging/kinesis_test.go
linters:
- gosec
- path: server/config/config.go
linters:
- gosec
- path: server/datastore/redis/ratelimit_store.go
linters:
- gosec
- path: server/datastore/mysql/testing_utils.go
linters:
- gosec
- path: server/datastore/mysql/packs_test.go
linters:
- gosec
- path: server/service/appconfig.go
linters:
- gosec
- path: server/service/client.go
linters:
- gosec
- path: server/service/users.go
linters:
- gosec
- path: server/service/appconfig_test.go
linters:
- gosec
- path: server/service/service_campaign_test.go
linters:
- gosec
- path: server/datastore/mysql/software_test.go
linters:
- gosec
# tools gosec exclusions https://github.com/fleetdm/fleet/issues/4456
- path: tools/dbutils/schema_generator.go
linters:
- gosec