From 47523646992f7015941ac960cde2865e5b24ef05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20BIDON?= Date: Mon, 19 Dec 2022 09:14:21 +0100 Subject: [PATCH 1/5] fixed flaky loop(cautils): loadpolicy getter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We should not inject pointers to the variable iterated over by the "range" operator. Signed-off-by: Frédéric BIDON --- .golangci.yml | 56 +++++++++++++++++++++++++++++++ core/cautils/getter/loadpolicy.go | 34 +++++++++++-------- 2 files changed, 76 insertions(+), 14 deletions(-) create mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..80cae54a --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,56 @@ +linters-settings: + govet: + check-shadowing: true + maligned: + suggest-new: true + dupl: + threshold: 200 + goconst: + min-len: 3 + min-occurrences: 2 + forbidigo: + forbid: + - ^print.*$ + - 'fmt\.Print.*' + gocognit: + min-complexity: 65 # This is super high value. We should gradually lower it to 30-40. + +linters: + enable: + - gosec + disable: + - typecheck + - errcheck + - govet + - staticcheck + - gosimple + - deadcode + - gofmt + - goimports + - bodyclose + - dupl + #- forbidigo # <- see later + - gocognit + - gocritic + - goimports + - nakedret + #- nolintlint + - revive + - stylecheck + - unconvert + - unparam + - maligned + - lll + - gochecknoinits + - gochecknoglobals +issues: + exclude-rules: + - linters: + - revive + text: "var-naming" + - linters: + - revive + text: "type name will be used as (.+?) by other packages, and that stutters" + - linters: + - stylecheck + text: "ST1003" diff --git a/core/cautils/getter/loadpolicy.go b/core/cautils/getter/loadpolicy.go index 500a2ede..83dba321 100644 --- a/core/cautils/getter/loadpolicy.go +++ b/core/cautils/getter/loadpolicy.go @@ -36,11 +36,11 @@ func NewLoadPolicy(filePaths []string) *LoadPolicy { } } -// Return control from file +// GetControl returns a control from the policy file. func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error) { - control := &reporthandling.Control{} filePath := lp.filePath() + f, err := os.ReadFile(filePath) if err != nil { return nil, err @@ -49,20 +49,26 @@ func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, err if err = json.Unmarshal(f, control); err != nil { return control, err } - if controlID != "" && !strings.EqualFold(controlID, control.ControlID) && !strings.EqualFold(controlID, control.ControlID) { - framework, err := lp.GetFramework(control.Name) - if err != nil { - return nil, fmt.Errorf("control from file not matching") - } else { - for _, ctrl := range framework.Controls { - if strings.EqualFold(ctrl.ControlID, controlID) || strings.EqualFold(ctrl.ControlID, controlID) { - control = &ctrl - break - } - } + + if controlID == "" || strings.EqualFold(controlID, control.ControlID) { + return control, nil + } + + framework, err := lp.GetFramework(control.Name) + if err != nil { + return nil, fmt.Errorf("control from file not matching") + } + + for _, toPin := range framework.Controls { + ctrl := toPin + if strings.EqualFold(ctrl.ControlID, controlID) { + control = &ctrl + + break } } - return control, err + + return control, nil } func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error) { From afce43add643f28bdc0dc21f31a7b38747a3409e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20BIDON?= Date: Mon, 19 Dec 2022 12:05:49 +0100 Subject: [PATCH 2/5] fixed more flaky pointers in loops (registryadaptors, opaprocessor) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Frédéric BIDON --- core/pkg/opaprocessor/processorhandler.go | 25 +++++++++++-------- .../armosec/v1/civksadaptor.go | 11 +++++--- .../pkg/registryadaptors/gcp/v1/gcpadaptor.go | 11 +++++--- .../registryadaptors/gcp/v1/gcpadaptormock.go | 9 ++++--- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/core/pkg/opaprocessor/processorhandler.go b/core/pkg/opaprocessor/processorhandler.go index 9c32d9f5..83a4fd17 100644 --- a/core/pkg/opaprocessor/processorhandler.go +++ b/core/pkg/opaprocessor/processorhandler.go @@ -69,23 +69,26 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error { cautils.StartSpinner() - var errs error - for _, control := range policies.Controls { + for _, toPin := range policies.Controls { + control := toPin resourcesAssociatedControl, err := opap.processControl(&control) if err != nil { logger.L().Error(err.Error()) } + + if len(resourcesAssociatedControl) == 0 { + continue + } + // update resources with latest results - if len(resourcesAssociatedControl) != 0 { - for resourceID, controlResult := range resourcesAssociatedControl { - if _, ok := opap.ResourcesResult[resourceID]; !ok { - opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID} - } - t := opap.ResourcesResult[resourceID] - t.AssociatedControls = append(t.AssociatedControls, controlResult) - opap.ResourcesResult[resourceID] = t + for resourceID, controlResult := range resourcesAssociatedControl { + if _, ok := opap.ResourcesResult[resourceID]; !ok { + opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID} } + t := opap.ResourcesResult[resourceID] + t.AssociatedControls = append(t.AssociatedControls, controlResult) + opap.ResourcesResult[resourceID] = t } } @@ -95,7 +98,7 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error { opap.loggerDoneScanning() - return errs + return nil } func (opap *OPAProcessor) loggerStartScanning() { diff --git a/core/pkg/registryadaptors/armosec/v1/civksadaptor.go b/core/pkg/registryadaptors/armosec/v1/civksadaptor.go index 8fe4b48b..a72a1a67 100644 --- a/core/pkg/registryadaptors/armosec/v1/civksadaptor.go +++ b/core/pkg/registryadaptors/armosec/v1/civksadaptor.go @@ -25,14 +25,17 @@ func (ksCivAdaptor *KSCivAdaptor) Login() error { } func (ksCivAdaptor *KSCivAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := ksCivAdaptor.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err)) + continue } + + resultList = append(resultList, *result) } + return resultList, nil } diff --git a/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go b/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go index 253a58b8..cd8a99db 100644 --- a/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go +++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go @@ -30,14 +30,17 @@ func (GCPAdaptor *GCPAdaptor) Login() error { func (GCPAdaptor *GCPAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := GCPAdaptor.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err)) + continue } + + resultList = append(resultList, *result) } + return resultList, nil } diff --git a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go index a99496b0..1c936367 100644 --- a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go +++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go @@ -20,14 +20,15 @@ func (GCPAdaptorMock *GCPAdaptorMock) Login() error { func (GCPAdaptorMock *GCPAdaptorMock) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := GCPAdaptorMock.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { return nil, err } + resultList = append(resultList, *result) + return resultList, nil } From 22052f5869038194b22cd7859ea027d3048c4940 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20BIDON?= Date: Mon, 19 Dec 2022 12:29:12 +0100 Subject: [PATCH 3/5] fixed more flaky pointers in loops (resultshandling) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Frédéric BIDON --- .golangci.yml | 56 ------------------- .../printer/v2/prometheusutils.go | 5 +- .../printer/v2/sarifprinter.go | 4 +- 3 files changed, 6 insertions(+), 59 deletions(-) delete mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml deleted file mode 100644 index 80cae54a..00000000 --- a/.golangci.yml +++ /dev/null @@ -1,56 +0,0 @@ -linters-settings: - govet: - check-shadowing: true - maligned: - suggest-new: true - dupl: - threshold: 200 - goconst: - min-len: 3 - min-occurrences: 2 - forbidigo: - forbid: - - ^print.*$ - - 'fmt\.Print.*' - gocognit: - min-complexity: 65 # This is super high value. We should gradually lower it to 30-40. - -linters: - enable: - - gosec - disable: - - typecheck - - errcheck - - govet - - staticcheck - - gosimple - - deadcode - - gofmt - - goimports - - bodyclose - - dupl - #- forbidigo # <- see later - - gocognit - - gocritic - - goimports - - nakedret - #- nolintlint - - revive - - stylecheck - - unconvert - - unparam - - maligned - - lll - - gochecknoinits - - gochecknoglobals -issues: - exclude-rules: - - linters: - - revive - text: "var-naming" - - linters: - - revive - text: "type name will be used as (.+?) by other packages, and that stutters" - - linters: - - stylecheck - text: "ST1003" diff --git a/core/pkg/resultshandling/printer/v2/prometheusutils.go b/core/pkg/resultshandling/printer/v2/prometheusutils.go index 89f351e2..b6ac8d66 100644 --- a/core/pkg/resultshandling/printer/v2/prometheusutils.go +++ b/core/pkg/resultshandling/printer/v2/prometheusutils.go @@ -319,11 +319,13 @@ func (m *Metrics) setResourcesCounters( resources map[string]workloadinterface.IMetadata, results map[string]resourcesresults.Result) { - for resourceID, result := range results { + for resourceID, toPin := range results { r, ok := resources[resourceID] if !ok { continue } + result := toPin + passed, excluded, failed := resourceControlStatusCounters(&result) mrc := mResources{} @@ -339,5 +341,4 @@ func (m *Metrics) setResourcesCounters( m.listResources = append(m.listResources, mrc) } - } diff --git a/core/pkg/resultshandling/printer/v2/sarifprinter.go b/core/pkg/resultshandling/printer/v2/sarifprinter.go index 645c2a73..adc565cc 100644 --- a/core/pkg/resultshandling/printer/v2/sarifprinter.go +++ b/core/pkg/resultshandling/printer/v2/sarifprinter.go @@ -129,7 +129,9 @@ func (sp *SARIFPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) { logger.L().Debug("failed to create location resolver", helpers.Error(err)) } - for _, ac := range result.AssociatedControls { + for _, toPin := range result.AssociatedControls { + ac := toPin + if ac.GetStatus(nil).IsFailed() { ctl := opaSessionObj.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, ac.GetID()) location := sp.resolveFixLocation(opaSessionObj, locationResolver, &ac, resourceID) From b1c8872a29bbbbc0f040fe1469e472c5719b8731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20BIDON?= Date: Mon, 19 Dec 2022 14:05:10 +0100 Subject: [PATCH 4/5] enabled golangci linter in CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Frédéric BIDON --- .github/workflows/01-golang-lint.yaml | 54 +++++++++++++++++++++++++ .gitignore | 3 +- .golangci.yml | 58 +++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/01-golang-lint.yaml create mode 100644 .golangci.yml diff --git a/.github/workflows/01-golang-lint.yaml b/.github/workflows/01-golang-lint.yaml new file mode 100644 index 00000000..89af89d5 --- /dev/null +++ b/.github/workflows/01-golang-lint.yaml @@ -0,0 +1,54 @@ +name: golangci-lint +on: + push: + branches: + - dev + pull_request: + types: [ edited, opened, synchronize, reopened ] + branches: [ master, dev ] + paths-ignore: + - '**.yaml' + - '**.md' +permissions: + contents: read + # Optional: allow read access to pull request. Use with `only-new-issues` option. + pull-requests: read +jobs: + golangci: + name: lint + runs-on: ubuntu-20.04 + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + with: + submodules: recursive + - name: Install libgit2 + run: make libgit2 + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version + version: latest + + # Optional: working directory, useful for monorepos + # working-directory: somedir + + # Optional: golangci-lint command line arguments. + # args: --issues-exit-code=0 + args: --timeout 10m --build-tags=static + #--new-from-rev dev + + # Optional: show only new issues if it's a pull request. The default value is `false`. + only-new-issues: true + + # Optional: if set to true then the all caching functionality will be complete disabled, + # takes precedence over all other caching options. + # skip-cache: true + + # Optional: if set to true then the action don't cache or restore ~/go/pkg. + # skip-pkg-cache: true + + # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. + # skip-build-cache: true diff --git a/.gitignore b/.gitignore index 676bc584..827afa23 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ *.pyc* .idea .history -ca.srl \ No newline at end of file +ca.srl +*.out diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..c57a2e41 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,58 @@ +linters-settings: + govet: + check-shadowing: true + dupl: + threshold: 200 + goconst: + min-len: 3 + min-occurrences: 2 + gocognit: + min-complexity: 65 + +linters: + enable: + - gosec + - staticcheck + - nolintlint + disable: + # temporarily disabled + - varcheck + - ineffassign + - unused + - typecheck + - errcheck + - govet + - gosimple + - deadcode + - gofmt + - goimports + - bodyclose + - dupl + - gocognit + - gocritic + - goimports + - nakedret + - revive + - stylecheck + - unconvert + - unparam + #- forbidigo # <- see later + # should remain disabled + - maligned + - lll + - gochecknoinits + - gochecknoglobals +issues: + exclude-rules: + - linters: + - revive + text: "var-naming" + - linters: + - revive + text: "type name will be used as (.+?) by other packages, and that stutters" + - linters: + - stylecheck + text: "ST1003" +run: + skip-dirs: + - git2go From 09f13c05e18ac1ec66c0dbd084e14a0791bf3b70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20BIDON?= Date: Mon, 19 Dec 2022 14:26:13 +0100 Subject: [PATCH 5/5] fixed linting issues with minimal linters config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Frédéric BIDON --- cmd/completion/completion.go | 8 ++++---- core/cautils/customerloader.go | 5 +---- core/cautils/getter/getpoliciesutils.go | 7 ++++--- core/cautils/localgitrepository_test.go | 4 ++-- core/core/download.go | 6 +----- core/pkg/containerscan/containerscan_mock.go | 4 ++-- core/pkg/opaprocessor/processorhandlerutils.go | 14 ++++++++------ core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go | 2 +- core/pkg/resourcehandler/k8sresources.go | 2 +- core/pkg/resourcehandler/remotegitutils.go | 6 +++--- 10 files changed, 27 insertions(+), 31 deletions(-) diff --git a/cmd/completion/completion.go b/cmd/completion/completion.go index 3a7ac1a5..453cb12b 100644 --- a/cmd/completion/completion.go +++ b/cmd/completion/completion.go @@ -9,11 +9,11 @@ import ( var completionCmdExamples = ` - # Enable BASH shell autocompletion - $ source <(kubescape completion bash) + # Enable BASH shell autocompletion + $ source <(kubescape completion bash) $ echo 'source <(kubescape completion bash)' >> ~/.bashrc - # Enable ZSH shell autocompletion + # Enable ZSH shell autocompletion $ source <(kubectl completion zsh) $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl" @@ -27,7 +27,7 @@ func GetCompletionCmd() *cobra.Command { Example: completionCmdExamples, DisableFlagsInUseLine: true, ValidArgs: []string{"bash", "zsh", "fish", "powershell"}, - Args: cobra.ExactValidArgs(1), + Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), Run: func(cmd *cobra.Command, args []string) { switch strings.ToLower(args[0]) { case "bash": diff --git a/core/cautils/customerloader.go b/core/cautils/customerloader.go index 733fb216..f45c9d8f 100644 --- a/core/cautils/customerloader.go +++ b/core/cautils/customerloader.go @@ -470,10 +470,7 @@ func (c *ClusterConfig) updateConfigMap() error { } func updateConfigFile(configObj *ConfigObj) error { - if err := os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664); err != nil { - return err - } - return nil + return os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664) //nolint:gosec } func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) { diff --git a/core/cautils/getter/getpoliciesutils.go b/core/cautils/getter/getpoliciesutils.go index 7d822eb3..97e277f5 100644 --- a/core/cautils/getter/getpoliciesutils.go +++ b/core/cautils/getter/getpoliciesutils.go @@ -21,18 +21,19 @@ func SaveInFile(policy interface{}, pathStr string) error { if err != nil { return err } - err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644) + err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec if err != nil { if os.IsNotExist(err) { pathDir := path.Dir(pathStr) - if err := os.Mkdir(pathDir, 0744); err != nil { + // pathDir could contain subdirectories + if err := os.MkdirAll(pathDir, 0755); err != nil { return err } } else { return err } - err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644) + err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec if err != nil { return err } diff --git a/core/cautils/localgitrepository_test.go b/core/cautils/localgitrepository_test.go index 933aa10d..948c289a 100644 --- a/core/cautils/localgitrepository_test.go +++ b/core/cautils/localgitrepository_test.go @@ -27,7 +27,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) { return nil, err } for _, f := range archive.File { - filePath := filepath.Join(destinationFolder, f.Name) + filePath := filepath.Join(destinationFolder, f.Name) //nolint:gosec if !strings.HasPrefix(filePath, filepath.Clean(destinationFolder)+string(os.PathSeparator)) { return nil, fmt.Errorf("invalid file path") } @@ -50,7 +50,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) { return nil, err } - if _, err := io.Copy(dstFile, fileInArchive); err != nil { + if _, err := io.Copy(dstFile, fileInArchive); err != nil { //nolint:gosec return nil, err } diff --git a/core/core/download.go b/core/core/download.go index 49b355c2..bd7d8203 100644 --- a/core/core/download.go +++ b/core/core/download.go @@ -6,7 +6,6 @@ import ( "path/filepath" "strings" - "github.com/armosec/armoapi-go/armotypes" logger "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/kubescape/v2/core/cautils/getter" @@ -114,13 +113,10 @@ func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error { } func downloadExceptions(downloadInfo *metav1.DownloadInfo) error { - var err error tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi()) - exceptionsGetter := getExceptionsGetter("", tenant.GetAccountID(), nil) - exceptions := []armotypes.PostureExceptionPolicy{} - exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName()) + exceptions, err := exceptionsGetter.GetExceptions(tenant.GetContextName()) if err != nil { return err } diff --git a/core/pkg/containerscan/containerscan_mock.go b/core/pkg/containerscan/containerscan_mock.go index cac3471e..ba08017f 100644 --- a/core/pkg/containerscan/containerscan_mock.go +++ b/core/pkg/containerscan/containerscan_mock.go @@ -50,7 +50,7 @@ func randSeq(n int, bank []rune) string { b := make([]rune, n) for i := range b { - b[i] = bank[rand.Intn(len(bank))] + b[i] = bank[rand.Intn(len(bank))] //nolint:gosec } return string(b) } @@ -60,7 +60,7 @@ func GenerateContainerScanLayer(layer *ScanResultLayer) { layer.LayerHash = randSeq(32, hash) layer.Vulnerabilities = make(VulnerabilitiesList, 0) layer.Packages = make(LinuxPkgs, 0) - vuls := rand.Intn(10) + 1 + vuls := rand.Intn(10) + 1 //nolint:gosec for i := 0; i < vuls; i++ { v := Vulnerability{} diff --git a/core/pkg/opaprocessor/processorhandlerutils.go b/core/pkg/opaprocessor/processorhandlerutils.go index b468e668..89a74be0 100644 --- a/core/pkg/opaprocessor/processorhandlerutils.go +++ b/core/pkg/opaprocessor/processorhandlerutils.go @@ -15,9 +15,9 @@ import ( // updateResults updates the results objects and report objects. This is a critical function - DO NOT CHANGE // // The function: -// - removes sensible data -// - adds exceptions -// - summarizes results +// - removes sensible data +// - adds exceptions +// - summarizes results func (opap *OPAProcessor) updateResults() { // remove data from all objects @@ -117,9 +117,11 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s groupResources := k8sinterface.ResourceGroupToString(groups, version, resource) for _, groupResource := range groupResources { if k8sObj, ok := (*k8sResources)[groupResource]; ok { - if k8sObj == nil { - // logger.L().Debug("skipping", helpers.String("resource", groupResource)) - } + /* + if k8sObj == nil { + // logger.L().Debug("skipping", helpers.String("resource", groupResource)) + } + */ for i := range k8sObj { k8sObjects = append(k8sObjects, allResources[k8sObj[i]]) } diff --git a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go index 1c936367..a95020eb 100644 --- a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go +++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go @@ -29,7 +29,7 @@ func (GCPAdaptorMock *GCPAdaptorMock) GetImagesVulnerabilities(imageIDs []regist resultList = append(resultList, *result) - return resultList, nil + return resultList, nil //nolint:staticcheck // we return at once and shorten the mocked result } GCPAdaptorMock.resultList = resultList diff --git a/core/pkg/resourcehandler/k8sresources.go b/core/pkg/resourcehandler/k8sresources.go index 72406c96..f1de0d20 100644 --- a/core/pkg/resourcehandler/k8sresources.go +++ b/core/pkg/resourcehandler/k8sresources.go @@ -247,7 +247,7 @@ func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupV clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource) } else if k8sinterface.IsNamespaceScope(resource) { clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace) - } else if k8sHandler.fieldSelector.GetClusterScope(*&resource) { + } else if k8sHandler.fieldSelector.GetClusterScope(resource) { clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource) } else { continue diff --git a/core/pkg/resourcehandler/remotegitutils.go b/core/pkg/resourcehandler/remotegitutils.go index 8ab7b0c7..ce550bdc 100644 --- a/core/pkg/resourcehandler/remotegitutils.go +++ b/core/pkg/resourcehandler/remotegitutils.go @@ -15,12 +15,12 @@ import ( // To Check if the given repository is Public(No Authentication needed), send a HTTP GET request to the URL // If response code is 200, the repository is Public. -func isGitRepoPublic(URL string) bool { - resp, err := nethttp.Get(URL) - +func isGitRepoPublic(u string) bool { + resp, err := nethttp.Get(u) //nolint:gosec if err != nil { return false } + // if the status code is 200, our get request is successful. // It only happens when the repository is public. if resp.StatusCode == 200 {