Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Enable G106, G108, G109, G111, G201, G203 rules for gosec #12956

Merged
merged 1 commit into from
Mar 28, 2023
Merged

chore: Enable G106, G108, G109, G111, G201, G203 rules for gosec #12956

merged 1 commit into from
Mar 28, 2023

Conversation

zak-pawel
Copy link
Collaborator

Enable following rules for gosec (agreed with community):

  • G106: Audit the use of ssh.InsecureIgnoreHostKey
  • G108: Profiling endpoint automatically exposed on /debug/pprof
  • G109: Potential Integer overflow made by strconv.Atoi result conversion to int16/32
  • G111: Potential directory traversal
  • G201: SQL query construction using format string
  • G203: Use of unescaped data in HTML templates

resolves: #12893 #12895 #12896 #12898 #12902 #12904

@telegraf-tiger telegraf-tiger bot added the chore label Mar 26, 2023
@zak-pawel zak-pawel mentioned this pull request Mar 26, 2023
Closed
@powersj powersj added waiting for response waiting for response from contributor ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. and removed waiting for response waiting for response from contributor labels Mar 27, 2023
srebhan
srebhan approved these changes Mar 28, 2023
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks @zak-pawel!

@srebhan srebhan merged commit d14ea26 into influxdata:master Mar 28, 2023
srebhan pushed a commit that referenced this pull request Apr 3, 2023
@zak-pawel @srebhan
chore: Enable G106, G108, G109, G111, G201, G203 rules for gosec (#12956
9c04554 
)

Co-authored-by: Pawel Zak <Pawel Zak>
(cherry picked from commit d14ea26)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srebhan srebhan srebhan approved these changes

@powersj powersj powersj approved these changes

Assignees

@srebhan srebhan

Labels
chore linter ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Linter: gosec, Rule: G106 - Audit the use of ssh.InsecureIgnoreHostKey. Should we enable it?
3 participants
@zak-pawel @powersj @srebhan