Add gosec in verify process. (#347)

Signed-off-by: xuezhaojun <zxue@redhat.com>
2026-02-14 10:00:11 +00:00 · 2023-04-19 10:15:25 +08:00
parent 3aaf9fd1cb
commit a702559281
3 changed files with 9 additions and 4 deletions
--- a/6
+++ b/6
@@ -87,7 +87,11 @@ verify-gocilint:
 	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2
 	golangci-lint run --timeout=3m --modules-download-mode vendor ./...

-verify: verify-crds verify-gocilint
+verify-gosec:
+	go install github.com/securego/gosec/v2/cmd/gosec@v2.15.0
+	gosec -exclude-dir=test ./...
+
+verify: verify-crds verify-gocilint verify-gosec

 update-csv: ensure-operator-sdk
 	cd deploy/cluster-manager && ../../$(OPERATOR_SDK) generate bundle --manifests --deploy-dir config/ --crds-dir config/crds/ --output-dir olm-catalog/cluster-manager/ --version $(CSV_VERSION)
--- a/pkg/helpers/queuekey.go
+++ b/pkg/helpers/queuekey.go
@@ -37,7 +37,7 @@ const (

 	RegistrationWebhookSecret  = "registration-webhook-serving-cert"
 	RegistrationWebhookService = "cluster-manager-registration-webhook"
-	WorkWebhookSecret          = "work-webhook-serving-cert"
+	WorkWebhookSecret          = "work-webhook-serving-cert" // #nosec G101
 	WorkWebhookService         = "cluster-manager-work-webhook"
 )

--- a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
+++ b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
@@ -3,9 +3,10 @@ package klusterletcontroller
 import (
 	"context"
 	"fmt"
+	"strings"
+
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	ocmfeature "open-cluster-management.io/api/feature"
-	"strings"

 	"github.com/openshift/library-go/pkg/controller/factory"
 	"github.com/openshift/library-go/pkg/operator/events"
@@ -40,7 +41,7 @@ const (
 	klusterletApplied                     = "Applied"
 	klusterletReadyToApply                = "ReadyToApply"
 	hubConnectionDegraded                 = "HubConnectionDegraded"
-	hubKubeConfigSecretMissing            = "HubKubeConfigSecretMissing"
+	hubKubeConfigSecretMissing            = "HubKubeConfigSecretMissing" // #nosec G101
 	appliedManifestWorkFinalizer          = "cluster.open-cluster-management.io/applied-manifest-work-cleanup"
 	managedResourcesEvictionTimestampAnno = "operator.open-cluster-management.io/managed-resources-eviction-timestamp"
 )