Created
April 4, 2023 06:56
-
-
Save AndrienkoAleksandr/7c3ff756bd0e35860f8b390109b8a6d9 to your computer and use it in GitHub Desktop.
openshift-pipelines/tektoncd-results branch downstream-0.5.0-01 gosec scan result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Golang errors": { | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/cmd/list.go": [ | |
{ | |
"line": 9, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/flags (invalid package name: \"\")" | |
}, | |
{ | |
"line": 10, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/format (invalid package name: \"\")" | |
} | |
], | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/cmd/records/list.go": [ | |
{ | |
"line": 9, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/flags (invalid package name: \"\")" | |
}, | |
{ | |
"line": 10, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/format (invalid package name: \"\")" | |
} | |
], | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/cmd/root.go": [ | |
{ | |
"line": 10, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/cmd/records (invalid package name: \"\")" | |
}, | |
{ | |
"line": 11, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/client (invalid package name: \"\")" | |
} | |
], | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/docs/main.go": [ | |
{ | |
"line": 6, | |
"column": 2, | |
"error": "could not import github.com/spf13/cobra/doc (invalid package name: \"\")" | |
}, | |
{ | |
"line": 7, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/cmd (invalid package name: \"\")" | |
} | |
], | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/internal/client/client.go": [ | |
{ | |
"line": 12, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/internal/config (invalid package name: \"\")" | |
} | |
], | |
"/Users/oandriie/projects/tektoncd-results/tools/tkn-results/main.go": [ | |
{ | |
"line": 6, | |
"column": 2, | |
"error": "could not import github.com/tektoncd/results/tools/tkn-results/cmd (invalid package name: \"\")" | |
} | |
] | |
}, | |
"Issues": [ | |
{ | |
"severity": "HIGH", | |
"confidence": "LOW", | |
"cwe": { | |
"id": "798", | |
"url": "https://cwe.mitre.org/data/definitions/798.html" | |
}, | |
"rule_id": "G101", | |
"details": "Potential hardcoded credentials", | |
"file": "/Users/oandriie/projects/tektoncd-results/cmd/watcher/main.go", | |
"code": "52: \t// Service Account token path. See https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod\n53: \tpodTokenPath = \"/var/run/secrets/kubernetes.io/serviceaccount/token\"\n54: )\n", | |
"line": "53", | |
"column": "2", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "676", | |
"url": "https://cwe.mitre.org/data/definitions/676.html" | |
}, | |
"rule_id": "G114", | |
"details": "Use of net/http serve function that has no support for setting timeouts", | |
"file": "/Users/oandriie/projects/tektoncd-results/tools/simpleui/main.go", | |
"code": "86: \tlog.Println(\"Running on http://localhost:8080\")\n87: \tlog.Fatal(http.ListenAndServe(\":8080\", nil))\n88: }\n", | |
"line": "87", | |
"column": "12", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "676", | |
"url": "https://cwe.mitre.org/data/definitions/676.html" | |
}, | |
"rule_id": "G114", | |
"details": "Use of net/http serve function that has no support for setting timeouts", | |
"file": "/Users/oandriie/projects/tektoncd-results/cmd/api/main.go", | |
"code": "206: \t} else {\n207: \t\tlog.Fatal(http.ListenAndServeTLS(\":\"+serverConfig.REST_PORT, path.Join(serverConfig.TLS_PATH, \"tls.crt\"), path.Join(serverConfig.TLS_PATH, \"tls.key\"), mux))\n208: \t}\n", | |
"line": "207", | |
"column": "13", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "676", | |
"url": "https://cwe.mitre.org/data/definitions/676.html" | |
}, | |
"rule_id": "G114", | |
"details": "Use of net/http serve function that has no support for setting timeouts", | |
"file": "/Users/oandriie/projects/tektoncd-results/cmd/api/main.go", | |
"code": "204: \tif tlsError != nil {\n205: \t\tlog.Fatal(http.ListenAndServe(\":\"+serverConfig.REST_PORT, mux))\n206: \t} else {\n", | |
"line": "205", | |
"column": "13", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "676", | |
"url": "https://cwe.mitre.org/data/definitions/676.html" | |
}, | |
"rule_id": "G114", | |
"details": "Use of net/http serve function that has no support for setting timeouts", | |
"file": "/Users/oandriie/projects/tektoncd-results/cmd/api/main.go", | |
"code": "159: \t\tlog.Infof(\"Prometheus server listening on: %s\", serverConfig.PROMETHEUS_PORT)\n160: \t\tif err := http.ListenAndServe(\":\"+serverConfig.PROMETHEUS_PORT, promhttp.Handler()); err != nil {\n161: \t\t\tlog.Fatalf(\"Error running Prometheus HTTP handler: %v\", err)\n", | |
"line": "160", | |
"column": "13", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "22", | |
"url": "https://cwe.mitre.org/data/definitions/22.html" | |
}, | |
"rule_id": "G304", | |
"details": "Potential file inclusion via variable", | |
"file": "/Users/oandriie/projects/tektoncd-results/tools/tkn-results/internal/client/client.go", | |
"code": "101: \tif path := f.cfg.SSL.RootsFilePath; path != \"\" {\n102: \t\tf, err := os.Open(path)\n103: \t\tif err != nil {\n", | |
"line": "102", | |
"column": "13", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "22", | |
"url": "https://cwe.mitre.org/data/definitions/22.html" | |
}, | |
"rule_id": "G304", | |
"details": "Potential file inclusion via variable", | |
"file": "/Users/oandriie/projects/tektoncd-results/test/e2e/grpc_client.go", | |
"code": "77: \n78: \tcert, err := os.ReadFile(certPath)\n79: \tif err != nil {\n", | |
"line": "78", | |
"column": "15", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "276", | |
"url": "https://cwe.mitre.org/data/definitions/276.html" | |
}, | |
"rule_id": "G302", | |
"details": "Expect file permissions to be 0600 or less", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/api/server/v1alpha2/log/file.go", | |
"code": "81: \t// If the file does exist, data is appended instead of overwritten/truncated\n82: \tfile, err := os.OpenFile(fs.path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)\n83: \tif err != nil {\n", | |
"line": "82", | |
"column": "15", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G307", | |
"details": "Deferring unsafe method \"Close\" on type \"io.ReadCloser\"", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/api/server/v1alpha2/log/s3.go", | |
"code": "142: \n143: \tdefer outPut.Body.Close()\n144: \n", | |
"line": "143", | |
"column": "2", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G307", | |
"details": "Deferring unsafe method \"Close\" on type \"*os.File\"", | |
"file": "/Users/oandriie/projects/tektoncd-results/tools/tkn-results/internal/client/client.go", | |
"code": "105: \t\t}\n106: \t\tdefer f.Close()\n107: \t\tb, err := ioutil.ReadAll(f)\n", | |
"line": "106", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G307", | |
"details": "Deferring unsafe method \"Close\" on type \"*os.File\"", | |
"file": "/Users/oandriie/projects/tektoncd-results/cmd/watcher/main.go", | |
"code": "160: \t}\n161: \tdefer f.Close()\n162: \tb, err := io.ReadAll(f)\n", | |
"line": "161", | |
"column": "2", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "MEDIUM", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "200", | |
"url": "https://cwe.mitre.org/data/definitions/200.html" | |
}, | |
"rule_id": "G102", | |
"details": "Binds to all network interfaces", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/internal/test/clients.go", | |
"code": "46: \tpb.RegisterLogsServer(s, srv)\n47: \tlis, err := net.Listen(\"tcp\", port)\n48: \tif err != nil {\n", | |
"line": "47", | |
"column": "14", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/tools/tkn-results/internal/format/format.go", | |
"code": "40: \t\t}\n41: \t\ttw.Flush()\n42: \tcase \"textproto\":\n", | |
"line": "41", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/tools/tkn-results/cmd/root.go", | |
"code": "48: \tpflag.CommandLine.AddGoFlagSet(flag.CommandLine)\n49: \tviper.BindPFlags(cmd.PersistentFlags())\n50: \n", | |
"line": "49", | |
"column": "2", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/internal/test/clients.go", | |
"code": "62: \t\tlis.Close()\n63: \t\tconn.Close()\n64: \t})\n", | |
"line": "63", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/internal/test/clients.go", | |
"code": "61: \t\ts.Stop()\n62: \t\tlis.Close()\n63: \t\tconn.Close()\n", | |
"line": "62", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/api/server/v1alpha2/log/s3.go", | |
"code": "186: \tif err != nil {\n187: \t\ts3s.client.AbortMultipartUpload(s3s.ctx, \u0026s3.AbortMultipartUploadInput{\n188: \t\t\tBucket: \u0026s3s.bucket,\n189: \t\t\tKey: \u0026s3s.key,\n190: \t\t\tUploadId: \u0026s3s.uploadId,\n191: \t\t})\n192: \t\treturn err\n", | |
"line": "187-191", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/api/server/test/db.go", | |
"code": "40: \t\ttmpfile.Close()\n41: \t\tos.Remove(tmpfile.Name())\n42: \t})\n", | |
"line": "41", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
}, | |
{ | |
"severity": "LOW", | |
"confidence": "HIGH", | |
"cwe": { | |
"id": "703", | |
"url": "https://cwe.mitre.org/data/definitions/703.html" | |
}, | |
"rule_id": "G104", | |
"details": "Errors unhandled.", | |
"file": "/Users/oandriie/projects/tektoncd-results/pkg/api/server/test/db.go", | |
"code": "39: \tt.Cleanup(func() {\n40: \t\ttmpfile.Close()\n41: \t\tos.Remove(tmpfile.Name())\n", | |
"line": "40", | |
"column": "3", | |
"nosec": false, | |
"suppressions": null | |
} | |
], | |
"Stats": { | |
"files": 68, | |
"lines": 13502, | |
"nosec": 0, | |
"found": 19 | |
}, | |
"GosecVersion": "dev" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment