Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade golang from 1.15-alpine to 1.21.3-alpine #154

Closed
wants to merge 2 commits into from

fix: tools/env-vars-generator/Dockerfile to reduce vulnerabilities

4e07a23
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Closed

[Snyk] Security upgrade golang from 1.15-alpine to 1.21.3-alpine #154

fix: tools/env-vars-generator/Dockerfile to reduce vulnerabilities
4e07a23
Select commit
Loading
Failed to load commit list.
GitHub Actions / Gosec Security Scan Result failed Nov 22, 2023 in 0s

Gosec Security Scan Result

Gosec Security Scanner Result

Details

Results:

Golang errors in file: [/github/workspace/gen/go/v1/config.pb.go]:

[line 10 : column 11] - could not import github.com/golang/protobuf/ptypes/wrappers (invalid package name: "")

[line 11 : column 15] - could not import google.golang.org/protobuf/reflect/protoreflect (invalid package name: "")

[line 12 : column 12] - could not import google.golang.org/protobuf/runtime/protoimpl (invalid package name: "")

Golang errors in file: [/github/workspace/gen/go/v1/config.pbloader.go]:

[line 5 : column 17] - could not import google.golang.org/protobuf/types/known/wrapperspb (invalid package name: "")

Golang errors in file: [/github/workspace/gen/go/v1/loader.go]:

[line 14 : column 2] - could not import github.com/ghodss/yaml (invalid package name: "")

[line 15 : column 2] - could not import google.golang.org/protobuf/encoding/protojson (invalid package name: "")

Golang errors in file: [/github/workspace/gen/go/v1/options.go]:

[line 8 : column 2] - could not import google.golang.org/protobuf/proto (invalid package name: "")

Golang errors in file: [/github/workspace/tools/env-vars-generator/main.go]:

[line 13 : column 2] - could not import github.com/iancoleman/strcase (invalid package name: "")

[line 14 : column 2] - could not import github.com/tallstoat/pbparser (invalid package name: "")

Golang errors in file: [/github/workspace/tools/go-generator/cmd/generator/main.go]:

[line 13 : column 2] - could not import github.com/iancoleman/strcase (invalid package name: "")

[line 14 : column 2] - could not import github.com/tallstoat/pbparser (invalid package name: "")

[/github/workspace/gen/go/v1/loader.go:55] - G109 (CWE-190): Potential Integer overflow made by strconv.Atoi result conversion to int16/32 (Confidence: MEDIUM, Severity: HIGH)
54: intVal, err := strconv.Atoi(val)

55: return int32(intVal), err == nil
56: }

[/github/workspace/tools/go-generator/cmd/generator/template.go:42] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
41:

42: f, err := os.Create(outputFilepath)
43: if err != nil {

[/github/workspace/tools/go-generator/cmd/generator/template.go:24] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
23:

24: content, err := ioutil.ReadFile(fpath)
25: if err != nil {

[/github/workspace/tools/go-generator/cmd/generator/protobuf.go:20] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
19:

20: raw, err := ioutil.ReadFile(modulePath)
21: if err != nil {

[/github/workspace/tools/go-generator/cmd/generator/main.go:323] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
322: func writeToFile(filename string, content []byte) error {

323: f, err := os.Create(filename)
324: if err != nil {

[/github/workspace/tools/go-generator/cmd/generator/main.go:233] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
232: func writeLoadersForProto(cmdDir, protoFilepath, outDir, optModule, envPrefix string) error {

233: f, err := os.Open(protoFilepath)
234: if err != nil {

[/github/workspace/tools/env-vars-generator/main.go:114] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
113: func readTemplate(filepath string) ([]byte, error) {

114: hf, err := os.Open(filepath)
115: if err != nil {

[/github/workspace/tools/env-vars-generator/main.go:51] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
50: filename := flag.Arg(0)

51: f, err := os.Open(filename)
52: if err != nil {

[/github/workspace/tools/env-vars-generator/main.go:30] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
29:

30: raw, err := ioutil.ReadFile(modulePath)
31: if err != nil {

[/github/workspace/gen/go/v1/loader.go:64] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
63: unmarshaler := protojson.UnmarshalOptions{DiscardUnknown: true}

64: fcontent, err := ioutil.ReadFile(filename)
65: if err != nil {

[/github/workspace/tools/go-generator/cmd/generator/template.go:37] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
36:

37: err = os.MkdirAll(path.Dir(outputFilepath), 0755)
38: if err != nil {

Summary:
Gosec : dev
Files : 10
Lines : 2235
Nosec : 0
Issues : 11

View more details on GitHub Actions