fixing gosec alerts #12

mike-hoang · 2023-07-10T14:32:58Z

What does this PR do?

Fixes the gosec vulnerabilities remaining from after the Alizer migration.

Which issue(s) does this PR fix

PR acceptance criteria

Testing and documentation do not need to be complete in order for this PR to be approved. We just need to ensure tracking issues are opened.

Unit/Functional tests
Documentation

How to test changes / Special notes to the reviewer

thepetk

Do you think we could align all read file actions using our utils.ReadFile function in order to be sure that each time we are reading a file we are doing this the same way. Just to avoid having again cases of ioutil and os. WDYT?

mike-hoang · 2023-07-10T15:15:45Z

Do you think we could align all read file actions using our utils.ReadFile function in order to be sure that each time we are reading a file we are doing this the same way. Just to avoid having again cases of ioutil and os. WDYT?

Yup, good catch. I thought I got all of them, but took another look and see a few ioutil file reads. Will add to next commit 👍

Signed-off-by: Michael Hoang <[email protected]>

thepetk

/lgtm

openshift-ci · 2023-07-10T17:06:21Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mike-hoang, thepetk

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

thepetk · 2023-07-10T17:06:22Z

Nice work!

Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]>

* Add binaries to every new release (#237) * Add release yaml to workflows Signed-off-by: thepetk <[email protected]> * Remove autogeneration of release notes Signed-off-by: thepetk <[email protected]> * Update readme Signed-off-by: thepetk <[email protected]> * Update Readme.md Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> * flattening go dir (#1) Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Update realease.yaml (#2) Signed-off-by: thepetk <[email protected]> * adding proposal for dockerfile components (#3) Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Merge all test resources (#6) * Update test paths Signed-off-by: thepetk <[email protected]> * Update angular test resource Signed-off-by: thepetk <[email protected]> * Remove projectAngularjs Signed-off-by: thepetk <[email protected]> * Update containerfile test Signed-off-by: thepetk <[email protected]> * Update django test resources Signed-off-by: thepetk <[email protected]> * Update docker compose test resources Signed-off-by: thepetk <[email protected]> * Update tests for docker compose with ports Signed-off-by: thepetk <[email protected]> * Update test project dockerfile Signed-off-by: thepetk <[email protected]> * Update express js port tests Signed-off-by: thepetk <[email protected]> * Update flask port tests Signed-off-by: thepetk <[email protected]> * Update golang test resources Signed-off-by: thepetk <[email protected]> * Update jboss test resources Signed-off-by: thepetk <[email protected]> * Update laravel test resources Signed-off-by: thepetk <[email protected]> * Update test micronaut resources Signed-off-by: thepetk <[email protected]> * Update container docker file nested tests Signed-off-by: thepetk <[email protected]> * Update nuxt and next js tests Signed-off-by: thepetk <[email protected]> * Update port test for quarkus Signed-off-by: thepetk <[email protected]> * Update reactjs tests Signed-off-by: thepetk <[email protected]> * Remove port test project quarkus Signed-off-by: thepetk <[email protected]> * Update rest of port tests Signed-off-by: thepetk <[email protected]> * Fix issue with ip host go format Signed-off-by: thepetk <[email protected]> * Update test resources Signed-off-by: thepetk <[email protected]> * Finalize new component detection format Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> * Add min max cli args (#5) * Create dependabot.yml Signed-off-by: thepetk <[email protected]> * Update dependabot.yml Signed-off-by: thepetk <[email protected]> * Update realease.yaml (#2) Signed-off-by: thepetk <[email protected]> * adding proposal for dockerfile components (#3) Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Merge all test resources (#6) * Update test paths Signed-off-by: thepetk <[email protected]> * Update angular test resource Signed-off-by: thepetk <[email protected]> * Remove projectAngularjs Signed-off-by: thepetk <[email protected]> * Update containerfile test Signed-off-by: thepetk <[email protected]> * Update django test resources Signed-off-by: thepetk <[email protected]> * Update docker compose test resources Signed-off-by: thepetk <[email protected]> * Update tests for docker compose with ports Signed-off-by: thepetk <[email protected]> * Update test project dockerfile Signed-off-by: thepetk <[email protected]> * Update express js port tests Signed-off-by: thepetk <[email protected]> * Update flask port tests Signed-off-by: thepetk <[email protected]> * Update golang test resources Signed-off-by: thepetk <[email protected]> * Update jboss test resources Signed-off-by: thepetk <[email protected]> * Update laravel test resources Signed-off-by: thepetk <[email protected]> * Update test micronaut resources Signed-off-by: thepetk <[email protected]> * Update container docker file nested tests Signed-off-by: thepetk <[email protected]> * Update nuxt and next js tests Signed-off-by: thepetk <[email protected]> * Update port test for quarkus Signed-off-by: thepetk <[email protected]> * Update reactjs tests Signed-off-by: thepetk <[email protected]> * Remove port test project quarkus Signed-off-by: thepetk <[email protected]> * Update rest of port tests Signed-off-by: thepetk <[email protected]> * Fix issue with ip host go format Signed-off-by: thepetk <[email protected]> * Update test resources Signed-off-by: thepetk <[email protected]> * Finalize new component detection format Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> * Run tidy Signed-off-by: thepetk <[email protected]> * Update devfile_recognizer and models Signed-off-by: thepetk <[email protected]> * Update cli Signed-off-by: thepetk <[email protected]> * Update docs Signed-off-by: thepetk <[email protected]> * Add test cases for versions cli args Signed-off-by: thepetk <[email protected]> * Fix sec alert Signed-off-by: thepetk <[email protected]> * Fix typo Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> Signed-off-by: Michael Hoang <[email protected]> Co-authored-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Remove dependabot (#10) Signed-off-by: [email protected] Signed-off-by: [email protected] Signed-off-by: thepetk <[email protected]> * Minor update on devfiles versioning (#11) * Remove dependabot Signed-off-by: [email protected] Signed-off-by: thepetk <[email protected]> * Add versions to alizer devfile response Signed-off-by: thepetk <[email protected]> * Update readme.md Signed-off-by: thepetk <[email protected]> * Update naming and devfile models in the proposal Signed-off-by: thepetk <[email protected]> * Update code naming Signed-off-by: thepetk <[email protected]> * Update tests after renaming Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: [email protected] Signed-off-by: thepetk <[email protected]> * fixing gosec alerts (#12) Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Add test coverage check to CI.yaml (#13) * Add test coverage workflow Signed-off-by: thepetk <[email protected]> * Update ci.yaml Signed-off-by: thepetk <[email protected]> * Add separate check for code coverage Signed-off-by: thepetk <[email protected]> * Move code report in ci file Signed-off-by: thepetk <[email protected]> * Add .codecov.yaml Signed-off-by: thepetk <[email protected]> * Update workflow Signed-off-by: thepetk <[email protected]> * Bump up setup-go Signed-off-by:thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> * adding support for dockerfile components (#14) Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]> * Add test coverage workflow Signed-off-by: thepetk <[email protected]> * Update ci.yaml Signed-off-by: thepetk <[email protected]> * Add separate check for code coverage Signed-off-by: thepetk <[email protected]> * Move code report in ci file Signed-off-by: thepetk <[email protected]> * Update workflow Signed-off-by: thepetk <[email protected]> * Bump up setup-go Signed-off-by:thepetk <[email protected]> Signed-off-by: thepetk <[email protected]> * Make DownloadDevFileTypesFromRegistry public Signed-off-by: thepetk <[email protected]> * Add devfile.yaml schema Signed-off-by: thepetk <[email protected]> * Add go script for generating registry entries json Signed-off-by: thepetk <[email protected]> * Implement nightly run script and workflow Signed-off-by: thepetk <[email protected]> * Update go mod Signed-off-by: thepetk <[email protected]> * Add new schedule to registry check signed-off-by: thepetk <[email protected]> Signed-off-by: thepetk <[email protected]> * Update workflow name Signed-off-by: thepetk <[email protected]> * Update go mod Signed-off-by: thepetk <[email protected]> * Update funcs in order to be mockable Signed-off-by: thepetk <[email protected]> * Move devfile_recognizer_test.go to recognizer dir Signed-off-by: thepetk <[email protected]> * Update docstring of script Signed-off-by: thepetk <[email protected]> * Add tests for check_registry.go Signed-off-by: thepetk <[email protected]> * Fix test paths Signed-off-by: thepetk <[email protected]> * Remove unecessary logging Signed-off-by: thepetk <[email protected]> * Remove binary Signed-off-by: thepetk <[email protected]> * Use make build instead of go command Signed-off-by: thepetk <[email protected]> * Further fixes on the workflow Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]> Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: [email protected] Co-authored-by: Michael Hoang <[email protected]>

mike-hoang requested a review from thepetk July 10, 2023 14:32

mike-hoang self-assigned this Jul 10, 2023

mike-hoang mentioned this pull request Jul 10, 2023

Fix Alizer security vulnerabilities devfile/api#1179

Closed

thepetk requested changes Jul 10, 2023

View reviewed changes

openshift-ci bot assigned thepetk Jul 10, 2023

fixing gosec alerts

1b3ff2e

Signed-off-by: Michael Hoang <[email protected]>

mike-hoang force-pushed the API-1179 branch from 3379b78 to 1b3ff2e Compare July 10, 2023 15:43

mike-hoang requested a review from thepetk July 10, 2023 15:46

thepetk approved these changes Jul 10, 2023

View reviewed changes

openshift-ci bot added the lgtm label Jul 10, 2023

mike-hoang merged commit e55ee31 into devfile:main Jul 10, 2023

thepetk referenced this pull request in thepetk/devfile-alizer Jul 27, 2023

fixing gosec alerts (#12)

25a4fb9

Signed-off-by: Michael Hoang <[email protected]> Signed-off-by: thepetk <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fixing gosec alerts #12

fixing gosec alerts #12

mike-hoang commented Jul 10, 2023

thepetk left a comment

mike-hoang commented Jul 10, 2023

thepetk left a comment

openshift-ci bot commented Jul 10, 2023

thepetk commented Jul 10, 2023

fixing gosec alerts #12

fixing gosec alerts #12

Conversation

mike-hoang commented Jul 10, 2023

What does this PR do?

Which issue(s) does this PR fix

PR acceptance criteria

How to test changes / Special notes to the reviewer

thepetk left a comment

Choose a reason for hiding this comment

mike-hoang commented Jul 10, 2023

thepetk left a comment

Choose a reason for hiding this comment

openshift-ci bot commented Jul 10, 2023

thepetk commented Jul 10, 2023