Add 'gosec' to the static-checks

Run static security scanning tool 'gosec' while testing. URL: https://github.com/securego/gosec Signed-off-by: Niels de Vos <ndevos@redhat.com>
2024-11-09 16:00:22 +00:00 · 2019-08-30 12:23:10 +02:00 · 2019-08-30 12:23:10 +02:00 · 8f133e03b8
commit 8f133e03b8
parent dd668e59f1
3 changed files with 15 additions and 0 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -22,6 +22,7 @@ go: 1.12.x
 env:
  global:
    - GOLANGCI_VERSION=v1.17.0
+    - GOSEC_VERSION=2.0.0
    - TEST_COVERAGE=stdout
    - GO_METALINTER_THREADS=1
    - GO_COVER_DIR=_output
@ -46,6 +47,10 @@ jobs:
        - curl -sf
          "https://install.goreleaser.com/github.com/golangci/golangci-lint.sh"
          | bash -s -- -b $GOPATH/bin "${GOLANGCI_VERSION}"
+        # install gosec
+        - curl -sfL
+          "https://raw.githubusercontent.com/securego/gosec/master/install.sh"
+          | sh -s -- -b $GOPATH/bin "${GOSEC_VERSION}"
        # install helm for helm lint
        - curl -L https://git.io/get_helm.sh | bash
      script:
--- a/1
+++ b/1
@ -44,6 +44,7 @@ dep-check:
 static-check:
 	./scripts/lint-go.sh
 	./scripts/lint-text.sh --require-all
+	./scripts/gosec.sh

 func-test:
 	go test github.com/ceph/ceph-csi/e2e $(TESTOPTIONS)
--- a/scripts/gosec.sh
+++ b/scripts/gosec.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -o pipefail
+
+if [[ -x "$(command -v gosec)" ]]; then
+  find cmd pkg -type d -print0 | xargs --null gosec
+else
+  echo "WARNING: gosec not found, skipping security tests" >&2
+fi