Fix linter errors

Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>

Author: danail-branekov

Makefile

@@ -47,7 +47,7 @@ vet: ## Run go vet against code.
 lint: fmt vet gosec staticcheck golangci-lint
 
 gosec: bin/gosec
-	gosec --exclude=G101,G304,G401,G404,G505 --exclude-dir=tests ./...
+	gosec --exclude=G101,G304,G401,G404,G505,G117 --exclude-dir=tests ./...
 
 staticcheck: bin/staticcheck
 	staticcheck ./...
@@ -120,4 +120,4 @@ clean-bin:
 	find . -wholename '*/bin/*' -delete
 
 vendir-update-dependencies: bin/vendir
-	vendir sync --chdir tests
+	vendir sync --chdir tests

api/actions/manifest/normalizer.go

@@ -135,7 +135,7 @@ func (n Normalizer) configureRandomRoute(appName string) payloads.ManifestRoute
 }
 
 func generateRandomRoute() string {
-	suffix := string('a'+rune(rand.Intn(26))) + string('a'+rune(rand.Intn(26)))
+	suffix := string('a'+rune(rand.Int31n(26))) + string('a'+rune(rand.Int31n(26)))
 	return adjectives[rand.Intn(len(adjectives))] + "-" + nouns[rand.Intn(len(nouns))] + "-" + suffix
 }
 

api/handlers/stats/gauges.go

@@ -50,7 +50,7 @@ func (c *impersonatingHttpClient) Do(req *http.Request) (*http.Response, error)
 	authInfo, _ := authorization.InfoFromContext(req.Context())
 	req.Header.Set("Authorization", authInfo.RawAuthHeader)
 
-	return c.httpClient.Do(req)
+	return c.httpClient.Do(req) //#nosec G704 - this is an http client wrapper, SSRF protection should be handled elsewhere
 }
 
 func (c *LogCacheGaugesCollector) CollectProcessGauges(ctx context.Context, appGUID, processGUID string) ([]ProcessGauges, error) {

api/main.go

@@ -625,7 +625,7 @@ func wireGaugeCollector(cfg *config.APIConfig) (*url.URL, handlers.GaugesCollect
 
 func loadCA(caPathEnv string) *x509.CertPool {
 	caPath := os.Getenv(caPathEnv)
-	caPEM, err := os.ReadFile(filepath.Join(caPath, "ca.crt"))
+	caPEM, err := os.ReadFile(filepath.Join(caPath, "ca.crt")) //#nosec G703 - the env var is controlled by the helm chart (i.e. the k8s operator), path traversal is not possbile
 	if err != nil {
 		ctrl.Log.Error(err, "could not read CA bundle from file", "path", caPath)
 		os.Exit(1)

controllers/controllers/services/osbapi/client.go

@@ -403,7 +403,7 @@ func (r *brokerRequester) sendRequest(ctx context.Context, requestPath string, m
 	}
 	req.Header.Add("Authorization", authHeader)
 
-	resp, err := r.httpClient.Do(req)
+	resp, err := r.httpClient.Do(req) //#nosec G704 - all the parameters of the request are controlled by our osbapi client implementation so SSRF is not possible
 	if err != nil {
 		return 0, nil, fmt.Errorf("failed to execute HTTP request: %w", err)
 	}

controllers/webhooks/networking/security_groups/validator_test.go

@@ -438,7 +438,6 @@ var _ = Describe("CFSecurityGroupValidatingWebhook", func() {
 				))
 			})
 		})
-
 	})
 
 	Describe("ValidateDelete", func() {
@@ -468,5 +467,4 @@ var _ = Describe("CFSecurityGroupValidatingWebhook", func() {
 			})
 		})
 	})
-
 })