From 8f133e03b82bc238e54897c4272a9f17bcc5952f Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Fri, 30 Aug 2019 12:23:10 +0200
Subject: [PATCH] Add 'gosec' to the static-checks

Run static security scanning tool 'gosec' while testing.

URL: https://github.com/securego/gosec
Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 .travis.yml      | 5 +++++
 Makefile         | 1 +
 scripts/gosec.sh | 9 +++++++++
 3 files changed, 15 insertions(+)
 create mode 100755 scripts/gosec.sh

diff --git a/.travis.yml b/.travis.yml
index 53eda458f..a7d11e41a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,6 +22,7 @@ go: 1.12.x
 env:
   global:
     - GOLANGCI_VERSION=v1.17.0
+    - GOSEC_VERSION=2.0.0
     - TEST_COVERAGE=stdout
     - GO_METALINTER_THREADS=1
     - GO_COVER_DIR=_output
@@ -46,6 +47,10 @@ jobs:
         - curl -sf
           "https://install.goreleaser.com/github.com/golangci/golangci-lint.sh"
           | bash -s -- -b $GOPATH/bin "${GOLANGCI_VERSION}"
+        # install gosec
+        - curl -sfL
+          "https://raw.githubusercontent.com/securego/gosec/master/install.sh"
+          | sh -s -- -b $GOPATH/bin "${GOSEC_VERSION}"
         # install helm for helm lint
         - curl -L https://git.io/get_helm.sh | bash
       script:
diff --git a/Makefile b/Makefile
index b0e0a900a..c8d6e2083 100644
--- a/Makefile
+++ b/Makefile
@@ -44,6 +44,7 @@ dep-check:
 static-check:
 	./scripts/lint-go.sh
 	./scripts/lint-text.sh --require-all
+	./scripts/gosec.sh
 
 func-test:
 	go test github.com/ceph/ceph-csi/e2e $(TESTOPTIONS)
diff --git a/scripts/gosec.sh b/scripts/gosec.sh
new file mode 100755
index 000000000..c8faa52a5
--- /dev/null
+++ b/scripts/gosec.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -o pipefail
+
+if [[ -x "$(command -v gosec)" ]]; then
+  find cmd pkg -type d -print0 | xargs --null gosec
+else
+  echo "WARNING: gosec not found, skipping security tests" >&2
+fi