github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-21 08:33:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add gosec into verify. (#313)

Browse Source 
Signed-off-by: xuezhaojun <zxue@redhat.com>
This commit is contained in:
xuezhaojun
2023-04-19 11:20:57 +08:00
committed by GitHub
parent fc792f3816
commit 69e686faa1
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@@ -39,6 +39,10 @@ verify-gocilint:
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2
golangci-lint run --timeout=3m --modules-download-mode vendor ./...
verify-gosec:
go install github.com/securego/gosec/v2/cmd/gosec@v2.15.0
gosec -exclude-dir=testing -exclude-dir=test ./...
update-crds:
bash -x hack/copy-crds.sh
@@ -47,7 +51,7 @@ update: update-crds
verify-crds:
bash -x hack/verify-crds.sh
verify: verify-crds verify-gocilint
verify: verify-crds verify-gocilint verify-gosec
deploy-hub: ensure-kustomize
cp deploy/hub/kustomization.yaml deploy/hub/kustomization.yaml.tmp
@@ -94,7 +98,7 @@ deploy-spoke: ensure-kustomize
$(KUBECTL) config use-context $(SPOKE_KUBECONFIG_CONTEXT) --kubeconfig $(SPOKE_KUBECONFIG)
$(KUSTOMIZE) build deploy/spoke | $(KUBECTL) --kubeconfig $(SPOKE_KUBECONFIG) apply -f -
mv deploy/spoke/kustomization.yaml.tmp deploy/spoke/kustomization.yaml
$(KUBECTL) --kubeconfig $(SPOKE_KUBECONFIG) apply -f deploy/spoke/role_extension-apiserver.yaml
$(KUBECTL) --kubeconfig $(SPOKE_KUBECONFIG) apply -f deploy/spoke/role_extension-apiserver.yaml
$(KUBECTL) --kubeconfig $(SPOKE_KUBECONFIG) apply -f deploy/spoke/role_binding_extension-apiserver.yaml
clean-hub:

2
pkg/clientcert/cert_controller.go
View File

@@ -399,7 +399,7 @@ func jitter(percentage float64, maxFactor float64) float64 {
if maxFactor <= 0.0 {
maxFactor = 1.0
}
newPercentage := percentage + percentage*rand.Float64()*maxFactor
newPercentage := percentage + percentage*rand.Float64()*maxFactor //#nosec G404
return newPercentage
}

3
pkg/spoke/managedcluster/secret_controller.go
View File

@@ -7,6 +7,7 @@ import (
"io/ioutil"
"os"
"path"
"path/filepath"
"time"
"github.com/openshift/library-go/pkg/controller/factory"
@@ -93,7 +94,7 @@ func DumpSecret(
// create/update files from the secret
for key, data := range secret.Data {
filename := path.Clean(path.Join(outputDir, key))
lastData, err := ioutil.ReadFile(filename)
lastData, err := ioutil.ReadFile(filepath.Clean(filename))
switch {
case os.IsNotExist(err):
// create file