Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gosec fixes #60

Merged
merged 4 commits into from
Mar 3, 2022
Merged

Gosec fixes #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
51bb135
gosec issues fix, specifically G304 https://securego.io/docs/rules/g3…
nb950 Mar 3, 2022
5731757
Merge branch 'main' of https://github.com/dell/csm-operator into main
nb950 Mar 3, 2022
bd02439
fix yaml
nb950 Mar 3, 2022
1936f15
fix gosec error in semver
nb950 Mar 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/actions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ jobs:
uses: actions/checkout@v2
- name: Run Go Security
uses: securego/gosec@master
with:
args: -exclude-dir=tests ./...
malware_security_scan:
name: Malware Scanner
runs-on: ubuntu-latest
Expand Down
3 changes: 1 addition & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,7 @@ RUN microdnf install yum \
&& microdnf clean all

ENV USER_UID=1001 \
USER_NAME=dell-csm-operator \
X_CSM_OPERATOR_CONFIG_DIR="/etc/config/dell-csm-operator"
USER_NAME=dell-csm-operator
WORKDIR /
COPY --from=builder /workspace/manager .
COPY operatorconfig/ /etc/config/dell-csm-operator
Expand Down
9 changes: 6 additions & 3 deletions core/semver/semver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"regexp"
"runtime"
"strconv"
Expand Down Expand Up @@ -57,7 +58,7 @@ func main() {
format = "ver"
} else {
if fileExists(format) {
buf, err := ioutil.ReadFile(format)
buf, err := ioutil.ReadFile(filepath.Clean(format))
if err != nil {
fmt.Fprintf(os.Stderr, "error: read tpl failed: %v\n", err)
os.Exit(1)
Expand All @@ -70,13 +71,15 @@ func main() {

var w io.Writer = os.Stdout
if len(output) > 0 {
fout, err := os.Create(output)
fout, err := os.Create(filepath.Clean(output))
if err != nil {
fmt.Fprintf(os.Stderr, "error: %v\n", err)
os.Exit(1)
}
w = fout
defer fout.Close()
if err := fout.Close(); err != nil {
fmt.Fprintf(os.Stderr, "error closing file: %v\n", err)
}
}

gitdesc := chkErr(doExec("git", "describe", "--long", "--dirty"))
Expand Down
35 changes: 16 additions & 19 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
osruntime "runtime"
"strconv"
"time"
Expand Down Expand Up @@ -48,6 +49,10 @@ import (
)

const (
// ConfigDir path to driver deployment files
ConfigDir = "/etc/config/dell-csm-operator"
// Operatorconfig sub folder for deployment files
Operatorconfig = "operatorconfig"
// K8sMinimumSupportedVersion is the minimum supported version for k8s
K8sMinimumSupportedVersion = "1.21"
// K8sMaximumSupportedVersion is the maximum supported version for k8s
Expand Down Expand Up @@ -129,27 +134,19 @@ func getOperatorConfig(log *zap.SugaredLogger) utils.OperatorConfig {
log.Infof("Current kubernetes version is %s which is a supported version ", kubeVersion)
}

// Get the environment variable config dir
configDir := os.Getenv("X_CSM_OPERATOR_CONFIG_DIR")
if configDir == "" {
// Set the config dir to the folder pkg/config
configDir = "operatorconfig"
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
_, err = ioutil.ReadDir(filepath.Clean(ConfigDir))
if err != nil {
log.Errorw(err.Error(), "cannot find driver config path", ConfigDir)
cfg.ConfigDirectory = Operatorconfig
log.Infof("Use ConfigDirectory %s", cfg.ConfigDirectory)
k8sPath = fmt.Sprintf("%s%s", Operatorconfig, k8sPath)
} else {
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
_, err := ioutil.ReadFile(k8sPath)
if err != nil {
// This means that the configmap is not mounted
// fall back to the local copy
log.Error(err, "Error reading file from the configmap mount")
log.Info("Falling back to local copy of config files")
configDir = "/etc/config/local/dell-csm-operator"
k8sPath = fmt.Sprintf("%s%s", configDir, k8sPath)
}

cfg.ConfigDirectory = filepath.Clean(ConfigDir)
log.Infof("Use ConfigDirectory %s", cfg.ConfigDirectory)
k8sPath = fmt.Sprintf("%s%s", ConfigDir, k8sPath)
}
cfg.ConfigDirectory = configDir
buf, err := ioutil.ReadFile(k8sPath)

buf, err := ioutil.ReadFile(filepath.Clean(k8sPath))
if err != nil {
log.Info(fmt.Sprintf("reading file, %s, from the configmap mount: %v", k8sPath, err))
}
Expand Down
14 changes: 7 additions & 7 deletions pkg/drivers/commonconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func GetController(ctx context.Context, cr csmv1.ContainerStorageModule, operato
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/controller.yaml", operatorConfig.ConfigDirectory, driverName, cr.Spec.Driver.ConfigVersion)
log.Debugw("GetController", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetController failed", "Error", err.Error())
return nil, err
Expand Down Expand Up @@ -89,8 +89,8 @@ func GetController(ctx context.Context, cr csmv1.ContainerStorageModule, operato
}
}
if !removeContainer {
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &c)
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &c)
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &containers[i])
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &containers[i])
newcontainers = append(newcontainers, c)
}

Expand Down Expand Up @@ -122,7 +122,7 @@ func GetNode(ctx context.Context, cr csmv1.ContainerStorageModule, operatorConfi
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/%s", operatorConfig.ConfigDirectory, driverType, cr.Spec.Driver.ConfigVersion, filename)
log.Debugw("GetNode", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetNode failed", "Error", err.Error())
return nil, err
Expand Down Expand Up @@ -172,8 +172,8 @@ func GetNode(ctx context.Context, cr csmv1.ContainerStorageModule, operatorConfi
}
}

utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &c)
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &c)
utils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &containers[i])
utils.UpdateSideCarApply(cr.Spec.Driver.SideCars, &containers[i])

}

Expand Down Expand Up @@ -241,7 +241,7 @@ func GetCSIDriver(ctx context.Context, cr csmv1.ContainerStorageModule, operator
log := logger.GetLogger(ctx)
configMapPath := fmt.Sprintf("%s/driverconfig/%s/%s/csidriver.yaml", operatorConfig.ConfigDirectory, driverName, cr.Spec.Driver.ConfigVersion)
log.Debugw("GetCSIDriver", "configMapPath", configMapPath)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
log.Errorw("GetCSIDriver failed", "Error", err.Error())
return nil, err
Expand Down
4 changes: 0 additions & 4 deletions pkg/drivers/powerscale.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (

csmv1 "github.com/dell/csm-operator/api/v1alpha1"
"github.com/dell/csm-operator/pkg/logger"
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
Expand All @@ -16,9 +15,6 @@ import (
// +kubebuilder:scaffold:imports
)

// Log global for all methods in this file
var Log logr.Logger

const (
// PowerScalePluginIdentifier -
PowerScalePluginIdentifier = "powerscale"
Expand Down
5 changes: 3 additions & 2 deletions pkg/modules/authorization.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"io/ioutil"
"path/filepath"
"strconv"
"strings"

Expand Down Expand Up @@ -65,7 +66,7 @@ func getAuthApplyCR(cr csmv1.ContainerStorageModule, op utils.OperatorConfig) (*
}

configMapPath := fmt.Sprintf("%s/moduleconfig/authorization/%s/container.yaml", op.ConfigDirectory, authConfigVersion)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return nil, nil, err
}
Expand Down Expand Up @@ -124,7 +125,7 @@ func getAuthApplyVolumes(cr csmv1.ContainerStorageModule, op utils.OperatorConfi
}

configMapPath := fmt.Sprintf("%s/moduleconfig/authorization/%s/volumes.yaml", op.ConfigDirectory, version)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/utils/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"io/ioutil"

"fmt"
"path/filepath"
"strings"

csmv1 "github.com/dell/csm-operator/api/v1alpha1"
Expand Down Expand Up @@ -331,7 +332,7 @@ func LogBannerAndReturn(result reconcile.Result, err error) (reconcile.Result, e
func GetModuleDefaultVersion(driverConfigVersion string, driverType csmv1.DriverType, moduleType csmv1.ModuleType, path string) (string, error) {
/* TODO(Michal): review with Team */
configMapPath := fmt.Sprintf("%s/moduleconfig/common/version-values.yaml", path)
buf, err := ioutil.ReadFile(configMapPath)
buf, err := ioutil.ReadFile(filepath.Clean(configMapPath))
if err != nil {
return "", err
}
Expand Down