From 21eac780d5b646e1bce895f2a7817937545f58ef Mon Sep 17 00:00:00 2001 From: Dennis Kaarsemaker Date: Thu, 23 May 2024 14:08:25 +0200 Subject: [PATCH] Update code for backwards incompatible gosec changes --- docker-compose.yml | 8 ++++---- provider/cache/provider.go | 4 ++-- provider/plugin/provider.go | 4 ++-- ssh/sshfp.go | 3 +-- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6cce40d..3557d8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: command: -o HostKeyAlgorithms=ssh-ed25519 stop_signal: SIGKILL consul-server-dc1: - image: consul:latest + image: hashicorp/consul:latest networks: default: aliases: @@ -61,7 +61,7 @@ services: - 'CONSUL_LOCAL_CONFIG={"datacenter": "dc1", "retry_join_wan": ["consul-server-dc2.example.com"]}' stop_signal: SIGKILL consul-server-dc2: - image: consul:latest + image: hashicorp/consul:latest networks: default: aliases: @@ -71,7 +71,7 @@ services: - 'CONSUL_LOCAL_CONFIG={"datacenter": "dc2", "retry_join_wan": ["consul-server-dc1.example.com"]}' stop_signal: SIGKILL consul-agent-dc1: - image: consul:latest + image: hashicorp/consul:latest command: agent environment: - CONSUL_BIND_INTERFACE=eth0 @@ -82,7 +82,7 @@ services: - consul-server-dc1 stop_signal: SIGKILL consul-agent-dc2: - image: consul:latest + image: hashicorp/consul:latest command: agent environment: - CONSUL_BIND_INTERFACE=eth0 diff --git a/provider/cache/provider.go b/provider/cache/provider.go index 5057bee..1037d1d 100644 --- a/provider/cache/provider.go +++ b/provider/cache/provider.go @@ -109,8 +109,8 @@ func (c *Cache) Load(ctx context.Context, lm herd.LoadingMessage) (*herd.HostSet if data, err = json.Marshal(hosts); err != nil { return nil, err } - //#nosec G306 -- Cache file may be shared among users - if err := os.WriteFile(c.config.File, data, 0o644); err != nil { + err = os.WriteFile(c.config.File, data, 0o644) // #nosec G306 -- Cache file may be shared among users + if err != nil { return nil, err } } else if !c.config.StrictLoading { diff --git a/provider/plugin/provider.go b/provider/plugin/provider.go index fc712cb..2a7bb04 100644 --- a/provider/plugin/provider.go +++ b/provider/plugin/provider.go @@ -133,13 +133,13 @@ func (p *pluginProvider) connect() error { Managed: true, HandshakeConfig: common.Handshake, Plugins: pluginMap, - Cmd: exec.Command(p.config.Command), + Cmd: exec.Command(p.config.Command), // #nosec G204 -- Cmd is user-supplied by design Logger: common.NewLogrusLogger(logrus.StandardLogger(), fmt.Sprintf("plugin-%s", p.name)), SyncStdout: os.Stdout, SyncStderr: os.Stderr, AllowedProtocols: []plugin.Protocol{plugin.ProtocolGRPC}, SecureConfig: &plugin.SecureConfig{Hash: crypto.SHA256.New(), Checksum: p.config.checksum}, - }) //#nosec G204 -- Cmd is user-supplied by design + }) rpcClient, err := client.Client() if err != nil { diff --git a/ssh/sshfp.go b/ssh/sshfp.go index e8e29c0..fe0efc5 100644 --- a/ssh/sshfp.go +++ b/ssh/sshfp.go @@ -1,8 +1,7 @@ package ssh -// #nosec:G505 -- We want to support sha1 fingerprints for now import ( - "crypto/sha1" + "crypto/sha1" // #nosec G505 -- We want to support sha1 fingerprints for now "crypto/sha256" "fmt" "net"