| CARVIEW |
Navigation Menu
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Enable gosec linter for golangci-lint #6669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
Hi @henry118. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Build succeeded.
|
| @@ -11,12 +11,22 @@ linters: | |||
| - vet | |||
| - unused | |||
| - misspell | |||
| - gosec | |||
| disable: | |||
| - errcheck | |||
|
|
|||
| issues: | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- How about putting them in the gosec section? We don't have to rely on the textual representation of the errors. https://golangci-lint.run/usage/linters/#gosec
- Are they all irrelevant for this project, or should be addressed later? It would be better to add some context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I made suggested changes in the new version.
As to the excluded issues, they are not related to G601: Implicit memory aliasing in for loop.
Can we cut new tickets to address them separately one by one? as there are many of them. I am happy to take the ownership of it :)
|
Build succeeded.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Can you include the pull request description (or its excerpt) in the commit message itself?
https://github.com/containerd/project/blob/main/CONTRIBUTING.md#commit-messages
`gosec` linter is able to identify issues described in containerd#6584 e.g. $ git revert 54e95e6 [gosec dfc8ca1ec] Revert "fix Implicit memory aliasing in for loop" 2 files changed, 2 deletions(-) $ make check + proto-fmt + check GOGC=75 golangci-lint run containerstore.go:192:54: G601: Implicit memory aliasing in for loop. (gosec) containers = append(containers, containerFromProto(&container)) ^ image_store.go:132:42: G601: Implicit memory aliasing in for loop. (gosec) images = append(images, imageFromProto(&image)) ^ make: *** [check] Error 1 I also disabled following two settings which prevent the linter to show a complete list of issues. * max-issues-per-linter (default 50) * max-same-issues (default 3) Furthermore enabling gosec revealed many other issues. For now I blacklisted the ones except G601. Will create separate tasks to address them one by one moving next. Signed-off-by: Henry Wang <henwang@amazon.com>
Updated |
|
Build succeeded.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Fixes: #6584
goseclinter is able to identify issues described in #6584e.g.
I also disabled following two settings which prevents the linter to show a complete list of issues.
max-issues-per-linter (default 50)max-same-issues (default 3)Furthermore enabling
gosecreveals many other issues. For now I blacklisted the ones exceptG601. Maybe we can create tasks to address them one by one moving forward?Signed-off-by: Henry Wang henwang@amazon.com