Update code for backwards incompatible gosec changes

seveas · May 23, 2024 · 21eac78 · 21eac78
1 parent 4b47036
commit 21eac78
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 10 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -50,7 +50,7 @@ services:
     command: -o HostKeyAlgorithms=ssh-ed25519
     stop_signal: SIGKILL
   consul-server-dc1:
-    image: consul:latest
+    image: hashicorp/consul:latest
     networks:
       default:
         aliases:
@@ -61,7 +61,7 @@ services:
       - 'CONSUL_LOCAL_CONFIG={"datacenter": "dc1", "retry_join_wan": ["consul-server-dc2.example.com"]}'
     stop_signal: SIGKILL
   consul-server-dc2:
-    image: consul:latest
+    image: hashicorp/consul:latest
     networks:
       default:
         aliases:
@@ -71,7 +71,7 @@ services:
       - 'CONSUL_LOCAL_CONFIG={"datacenter": "dc2", "retry_join_wan": ["consul-server-dc1.example.com"]}'
     stop_signal: SIGKILL
   consul-agent-dc1:
-    image: consul:latest
+    image: hashicorp/consul:latest
     command: agent
     environment:
       - CONSUL_BIND_INTERFACE=eth0
@@ -82,7 +82,7 @@ services:
       - consul-server-dc1
     stop_signal: SIGKILL
   consul-agent-dc2:
-    image: consul:latest
+    image: hashicorp/consul:latest
     command: agent
     environment:
       - CONSUL_BIND_INTERFACE=eth0

diff --git a/provider/cache/provider.go b/provider/cache/provider.go
@@ -109,8 +109,8 @@ func (c *Cache) Load(ctx context.Context, lm herd.LoadingMessage) (*herd.HostSet
 		if data, err = json.Marshal(hosts); err != nil {
 			return nil, err
 		}
-		//#nosec G306 -- Cache file may be shared among users
-		if err := os.WriteFile(c.config.File, data, 0o644); err != nil {
+		err = os.WriteFile(c.config.File, data, 0o644) // #nosec G306 -- Cache file may be shared among users
+		if err != nil {
 			return nil, err
 		}
 	} else if !c.config.StrictLoading {

diff --git a/provider/plugin/provider.go b/provider/plugin/provider.go
@@ -133,13 +133,13 @@ func (p *pluginProvider) connect() error {
 		Managed:          true,
 		HandshakeConfig:  common.Handshake,
 		Plugins:          pluginMap,
-		Cmd:              exec.Command(p.config.Command),
+		Cmd:              exec.Command(p.config.Command), // #nosec G204 -- Cmd is user-supplied by design
 		Logger:           common.NewLogrusLogger(logrus.StandardLogger(), fmt.Sprintf("plugin-%s", p.name)),
 		SyncStdout:       os.Stdout,
 		SyncStderr:       os.Stderr,
 		AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC},
 		SecureConfig:     &plugin.SecureConfig{Hash: crypto.SHA256.New(), Checksum: p.config.checksum},
-	}) //#nosec G204 -- Cmd is user-supplied by design
+	})
 
 	rpcClient, err := client.Client()
 	if err != nil {

diff --git a/ssh/sshfp.go b/ssh/sshfp.go
@@ -1,8 +1,7 @@
 package ssh
 
-// #nosec:G505 -- We want to support sha1 fingerprints for now
 import (
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505 -- We want to support sha1 fingerprints for now
 	"crypto/sha256"
 	"fmt"
 	"net"