From ed7708dba24d79ea816720d59471e7de8a7d880d Mon Sep 17 00:00:00 2001 From: M0Rf30 Date: Wed, 11 Oct 2023 18:55:04 +0200 Subject: [PATCH] feat(ci): add gosec and fix issues --- .github/release-drafter.yml | 1 + .github/workflows/go.yml | 2 +- .github/workflows/gosec.yml | 22 +++++++++++++++++++++ .github/workflows/reviewdog.yml | 2 +- README.md | 35 +++++++++++---------------------- cmd/listTargets.go | 3 ++- project/project.go | 8 +++++--- project/project_test.go | 8 ++++---- utils/file.go | 9 +++++++-- utils/strings.go | 33 ++++++++++++++++++++++++++++--- utils/utils.go | 5 ++++- 11 files changed, 88 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/gosec.yml diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index d788e0f..1d83255 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -3,6 +3,7 @@ tag-template: "$RESOLVED_VERSION" categories: - title: "šŸš€ Features" labels: + - "feat" - "feature" - "enhancement" - title: "šŸ› Bug Fixes" diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 83dc9ec..52156ce 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: 1.21 - name: Build run: go build -v ./... diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml new file mode 100644 index 0000000..11cc4b8 --- /dev/null +++ b/.github/workflows/gosec.yml @@ -0,0 +1,22 @@ +name: Run Gosec + +on: + push: + tags: + - "*" + branches: + - "*" + pull_request: + +jobs: + tests: + runs-on: ubuntu-latest + env: + GO111MODULE: on + steps: + - name: Checkout Source + uses: actions/checkout@v4 + - name: Run Gosec Security Scanner + uses: securego/gosec@master + with: + args: ./... diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 61d3ddf..b083a9c 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -1,4 +1,4 @@ -name: reviewdog +name: Reviewdog on: push: tags: diff --git a/README.md b/README.md index 21ea246..d35be36 100644 --- a/README.md +++ b/README.md @@ -18,19 +18,6 @@ Each distribution is different and will still require different build instructions, but a consistent build process and format can be used for all builds. -## Initialize - -It is recommended to build the OCI images locally instead of pulling each image -from the Docker Hub. A script is located in the docker directory to assist with -this. Always run the `clean.sh` script to clear any existing yap images. -Building the images can take several hours. - -```sh -cd ~/go/src/github.com/M0Rf30/yap/docker -sh clean.sh -sh build.sh -``` - ## Format ```sh @@ -134,17 +121,17 @@ The directives above are sorted from lowest to the highest priority. | `fedora` | all Fedora releases | | `oracle` | all Oracle Linux releases | | `ubuntu` | all Ubuntu releases | -| `amazon-1` | Amazon Linux 1 | -| `amazon-2` | Amazon Linux 2 | -| `debian-jessie` | Debian Jessie | -| `debian-stretch` | Debian Stretch | -| `debian-buster` | Debian Buster | -| `fedora-38` | Fedora 38 | -| `rocky-8` | Rocky Linux 8 | -| `rocky-9` | Rocky Linux 9 | -| `ubuntu-bionic` | Ubuntu Bionic | -| `ubuntu-focal` | Ubuntu Focal | -| `ubuntu-jammy` | Ubuntu Jammy | +| `amazon_1` | Amazon Linux 1 | +| `amazon_2` | Amazon Linux 2 | +| `debian_jessie` | Debian Jessie | +| `debian_stretch` | Debian Stretch | +| `debian_buster` | Debian Buster | +| `fedora_38` | Fedora 38 | +| `rocky_8` | Rocky Linux 8 | +| `rocky_9` | Rocky Linux 9 | +| `ubuntu_bionic` | Ubuntu Bionic | +| `ubuntu_focal` | Ubuntu Focal | +| `ubuntu_jammy` | Ubuntu Jammy | ## Examples diff --git a/cmd/listTargets.go b/cmd/listTargets.go index f880f48..cee81e1 100644 --- a/cmd/listTargets.go +++ b/cmd/listTargets.go @@ -2,6 +2,7 @@ package cmd import ( "fmt" + "strings" "github.com/M0Rf30/yap/constants" "github.com/spf13/cobra" @@ -9,7 +10,7 @@ import ( func ListTargets() { for _, release := range constants.Releases { - fmt.Println(release) + fmt.Println(strings.ReplaceAll(release, "_", "-")) } } diff --git a/project/project.go b/project/project.go index 3066f44..730e6a6 100644 --- a/project/project.go +++ b/project/project.go @@ -235,17 +235,19 @@ func (mpc *MultipleProject) getMakeDeps() { } func (mpc *MultipleProject) readProject(path string) error { - file, err := os.Open(filepath.Join(path, "yap.json")) + cleanFilePath := filepath.Clean(filepath.Join(path, "yap.json")) + + filePath, err := os.Open(cleanFilePath) if err != nil { fmt.Printf("%sāŒ :: %sfailed to open yap.json file within '%s'%s\n", string(constants.ColorBlue), string(constants.ColorYellow), - path, + cleanFilePath, string(constants.ColorWhite)) os.Exit(1) } - prjContent, err := io.ReadAll(file) + prjContent, err := io.ReadAll(filePath) if err != nil { return err } diff --git a/project/project_test.go b/project/project_test.go index cb444e2..a214a06 100644 --- a/project/project_test.go +++ b/project/project_test.go @@ -78,14 +78,14 @@ func TestBuildMultipleProjectFromJSON(t *testing.T) { }`), os.FileMode(0755))) defer os.Remove(packageRaw) - err = os.MkdirAll(filepath.Dir(prj1), os.FileMode(0777)) + err = os.MkdirAll(filepath.Dir(prj1), os.FileMode(0750)) if err != nil { t.Error(err) } defer os.RemoveAll(filepath.Dir(prj1)) - err = os.MkdirAll(filepath.Dir(prj2), os.FileMode(0777)) + err = os.MkdirAll(filepath.Dir(prj2), os.FileMode(0750)) if err != nil { t.Error(err) @@ -93,14 +93,14 @@ func TestBuildMultipleProjectFromJSON(t *testing.T) { defer os.Remove(filepath.Dir(prj2)) - err = os.WriteFile(prj1, []byte(examplePkgbuild), os.FileMode(0755)) + err = os.WriteFile(prj1, []byte(examplePkgbuild), os.FileMode(0750)) if err != nil { t.Error(err) } defer os.Remove(prj1) - err = os.WriteFile(prj2, []byte(examplePkgbuild), os.FileMode(0755)) + err = os.WriteFile(prj2, []byte(examplePkgbuild), os.FileMode(0750)) if err != nil { t.Error(err) } diff --git a/utils/file.go b/utils/file.go index f2bc995..fffd090 100644 --- a/utils/file.go +++ b/utils/file.go @@ -10,6 +10,7 @@ import ( ) func MkdirAll(path string) error { + //#nosec err := os.MkdirAll(path, 0o755) if err != nil { fmt.Printf("%sāŒ :: %sfailed to mkdir '%s'%s\n", @@ -94,7 +95,9 @@ func ExistsMakeDir(path string) error { } func Create(path string) (*os.File, error) { - file, err := os.Create(path) + cleanFilePath := filepath.Clean(path) + + file, err := os.Create(cleanFilePath) if err != nil { fmt.Printf("%sāŒ :: %sfailed to create '%s'%s\n", string(constants.ColorBlue), @@ -128,7 +131,9 @@ func CreateWrite(path string, data string) error { } func Open(path string) (*os.File, error) { - file, err := os.Open(path) + cleanFilePath := filepath.Clean(path) + + file, err := os.Open(cleanFilePath) if err != nil { fmt.Printf("%sāŒ :: %sfailed to open file '%s'%s\n", string(constants.ColorBlue), diff --git a/utils/strings.go b/utils/strings.go index e80402e..bd18c59 100644 --- a/utils/strings.go +++ b/utils/strings.go @@ -2,9 +2,12 @@ package utils import ( "crypto/rand" + "fmt" "math/big" + "os" "strings" + "github.com/M0Rf30/yap/constants" "mvdan.cc/sh/v3/syntax" ) @@ -36,7 +39,15 @@ func StringifyArray(node *syntax.Assign) []string { out := &strings.Builder{} for index := range node.Array.Elems { - syntax.NewPrinter().Print(out, node.Array.Elems[index].Value) + err := syntax.NewPrinter().Print(out, node.Array.Elems[index].Value) + if err != nil { + fmt.Printf("%sāŒ :: %sunable to parse variable: %s\n", + string(constants.ColorBlue), + string(constants.ColorYellow), out.String()) + + os.Exit(1) + } + out.WriteString(" ") fields = append(fields, out.String()) } @@ -47,7 +58,15 @@ func StringifyArray(node *syntax.Assign) []string { // Generates a string from a *syntax.Assign of a variable declaration. func StringifyAssign(node *syntax.Assign) string { out := &strings.Builder{} - syntax.NewPrinter().Print(out, node.Value) + err := syntax.NewPrinter().Print(out, node.Value) + + if err != nil { + fmt.Printf("%sāŒ :: %sunable to parse variable: %s\n", + string(constants.ColorBlue), + string(constants.ColorYellow), out.String()) + + os.Exit(1) + } return strings.Trim(out.String(), "\"") } @@ -57,7 +76,15 @@ func StringifyFuncDecl(node *syntax.FuncDecl) []string { var fields []string out := &strings.Builder{} - syntax.NewPrinter().Print(out, node.Body) + err := syntax.NewPrinter().Print(out, node.Body) + + if err != nil { + fmt.Printf("%sāŒ :: %sunable to parse function: %s\n", + string(constants.ColorBlue), + string(constants.ColorYellow), out.String()) + + os.Exit(1) + } fields = append(fields, out.String()) diff --git a/utils/utils.go b/utils/utils.go index eb6eadb..6d460eb 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -188,6 +188,7 @@ func Unarchive(archiveReader io.Reader, destination string) error { // linux default for new directories is 777 and let the umask handle // if should have other controls + //#nosec err = os.MkdirAll(fileDir, 0777) } @@ -195,7 +196,9 @@ func Unarchive(archiveReader io.Reader, destination string) error { return err } - newFile, err := os.OpenFile(newPath, os.O_CREATE|os.O_WRONLY, archiveFile.Mode()) + cleanNewPath := filepath.Clean(newPath) + + newFile, err := os.OpenFile(cleanNewPath, os.O_CREATE|os.O_WRONLY, archiveFile.Mode()) if err != nil { return err }