gosec

bakito · bakito · commit f3012d34ac79 · 2021-07-02T18:45:06.000+02:00
diff --git a/Makefile b/Makefile
@@ -13,6 +13,7 @@ tidy:
 
 # Run tests
 test: tidy fmt vet
+	gosec ./...
 	go test ./...  -coverprofile=coverage.out
 	go tool cover -func=coverage.out
 
@@ -30,3 +31,6 @@ tools:
 ifeq (, $(shell which goreleaser))
  $(shell go get github.com/goreleaser/goreleaser)
 endif
+ifeq (, $(shell which gosec))
+ $(shell go get -u github.com/securego/gosec/v2/cmd/gosec)
+endif
diff --git a/cert/cert.go b/cert/cert.go
@@ -41,9 +41,12 @@ func Print(targetURL string) error {
 
 // FetchCertificates fetch the certificate chain from te target URL
 func FetchCertificates(targetURL string) ([]*x509.Certificate, error) {
+	// #nosec G402 we are checking the cert, hence we allow insecure ones
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: true,
+	}
 
-	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
+	// #nosec G107
 	resp, err := http.Get(targetURL)
 
 	if err != nil {
diff --git a/cert/jks/jks.go b/cert/jks/jks.go
@@ -32,6 +32,7 @@ func exportCerts(certs []*x509.Certificate, targetURL string, certIndexes []int,
 	var ks keystore.KeyStore
 	if jksSource != "" {
 
+		// #nosec G304
 		s, err := os.Open(jksSource)
 		if err != nil {
 			return err
diff --git a/go.mod b/go.mod
@@ -6,4 +6,5 @@ require (
 	github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible
 	github.com/spf13/cobra v1.2.1
 	github.com/stretchr/testify v1.7.0
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -552,8 +552,9 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,5 @@ require (`
`6`	`6`	`github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible`
`7`	`7`	`github.com/spf13/cobra v1.2.1`
`8`	`8`	`github.com/stretchr/testify v1.7.0`
	`9`	`+ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect`
`9`	`10`	`)`