Add gosec static analysis

2020-04-13 22:30:09 +02:00
parent fb8ac92abf
commit b8d7c97eb7
8 changed files with 16 additions and 9 deletions
--- a/pkg/cmd/migrate.go
+++ b/pkg/cmd/migrate.go
@ -24,7 +24,7 @@ import (
 func init() {
 	migrateCmd.AddCommand(migrateListCmd)
 	migrationRollbackCmd.Flags().StringVarP(&rollbackUntilFlag, "name", "n", "", "The id of the migration you want to roll back until.")
-	migrationRollbackCmd.MarkFlagRequired("name")
+	_ = migrationRollbackCmd.MarkFlagRequired("name")
 	migrateCmd.AddCommand(migrationRollbackCmd)
 	rootCmd.AddCommand(migrateCmd)
 }
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -34,6 +34,7 @@ type Key string

 // These constants hold all config value keys
 const (
+	// #nosec
 	ServiceJWTSecret             Key = `service.JWTSecret`
 	ServiceInterface             Key = `service.interface`
 	ServiceFrontendurl           Key = `service.frontendurl`
--- a/pkg/log/logging.go
+++ b/pkg/log/logging.go
@ -86,7 +86,7 @@ func GetLogWriter(logfile string) (writer io.Writer) {
 	switch viper.GetString("log." + logfile) {
 	case "file":
 		fullLogFilePath := config.LogPath.GetString() + "/" + logfile + ".log"
-		f, err := os.OpenFile(fullLogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		f, err := os.OpenFile(fullLogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
 		if err != nil {
 			Fatalf("Could not create logfile %s: %s", fullLogFilePath, err.Error())
 		}
--- a/pkg/mail/mail.go
+++ b/pkg/mail/mail.go
@ -42,6 +42,7 @@ func StartMailDaemon() {

 	go func() {
 		d := gomail.NewDialer(config.MailerHost.GetString(), config.MailerPort.GetInt(), config.MailerUsername.GetString(), config.MailerPassword.GetString())
+		// #nosec
 		d.TLSConfig = &tls.Config{InsecureSkipVerify: config.MailerSkipTLSVerify.GetBool()}

 		var s gomail.SendCloser
--- a/pkg/user/user.go
+++ b/pkg/user/user.go
@ -160,7 +160,7 @@ func CheckUserCredentials(u *Login) (*User, error) {
 	user, err := GetUserByUsername(u.Username)
 	if err != nil {
 		// hashing the password takes a long time, so we hash something to not make it clear if the username was wrong
-		bcrypt.GenerateFromPassword([]byte(u.Username), 14)
+		_, _ = bcrypt.GenerateFromPassword([]byte(u.Username), 14)
 		return &User{}, ErrWrongUsernameOrPassword{}
 	}

--- a/pkg/utils/md5_string.go
+++ b/pkg/utils/md5_string.go
@ -17,14 +17,15 @@
 package utils

 import (
-	"crypto/md5"
+	"crypto/md5" // #nosec
 	"fmt"
 	"io"
 )

 // Md5String generates an md5 hash from a string
 func Md5String(in string) string {
+	// #nosec
 	h := md5.New()
-	io.WriteString(h, in)
+	_, _ = io.WriteString(h, in)
 	return fmt.Sprintf("%x", h.Sum(nil))
 }