build: add gosec

danroc · Oct 31, 2024 · 697221c · 697221c
1 parent b4fb7db
commit 697221c
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 4 deletions.
diff --git a/.github/workflows/build-test-lint.yml b/.github/workflows/build-test-lint.yml
@@ -25,6 +25,7 @@ jobs:
         run: |-
           go install github.com/segmentio/[email protected]
           go install mvdan.cc/[email protected]
+          go install github.com/securego/gosec/v2/cmd/[email protected]
 
       - name: Build
         run: make build

diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ help: ## Show this help
 
 lint: tidy ## Run linter
 	golines -w -m 79 --base-formatter=gofumpt .
+	gosec ./...
 
 tidy: ## Tidy up dependencies
 	go mod tidy

diff --git a/pkg/database/database.go b/pkg/database/database.go
@@ -20,7 +20,7 @@ type Entry struct {
 
 // fetchCsv fetches a CSV file from the given URL and returns its records.
 func fetchCsv(url string) ([][]string, error) {
-	resp, err := http.Get(url)
+	resp, err := http.Get(url) // #nosec G107
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/schema/reader.go b/pkg/schema/reader.go
@@ -31,8 +31,8 @@ func ReadBytes(data []byte) (*Configuration, error) {
 	}
 
 	validate := validator.New()
-	validate.RegisterValidation("duration", isDurationField)
-	validate.RegisterValidation("cidr", isCIDRField)
+	validate.RegisterValidation("duration", isDurationField) // #nosec G104
+	validate.RegisterValidation("cidr", isCIDRField)         // #nosec G104
 
 	if err := validate.Struct(config); err != nil {
 		return nil, err
@@ -52,7 +52,7 @@ func Read(reader io.Reader) (*Configuration, error) {
 
 // ReadFile reads the configuration from the given file.
 func ReadFile(filename string) (*Configuration, error) {
-	data, err := os.ReadFile(filename)
+	data, err := os.ReadFile(filename) // #nosec G304
 	if err != nil {
 		return nil, err
 	}