gosec: add ignore comments for reported issues that can be ignored

``` builder/remotecontext/remote.go:48: G107: Potential HTTP request made with variable url (gosec) builder/remotecontext/git/gitutils.go:145: G107: Potential HTTP request made with variable url (gosec) builder/remotecontext/git/gitutils.go:147: G107: Potential HTTP request made with variable url (gosec) pkg/fileutils/fileutils_test.go:185: G303: File creation in shared tmp directory without using ioutil.Tempfile (gosec) pkg/tarsum/tarsum_test.go:7: G501: Blacklisted import `crypto/md5`: weak cryptographic primitive (gosec) pkg/tarsum/tarsum_test.go:9: G505: Blacklisted import `crypto/sha1`: weak cryptographic primitive (gosec) ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-09 12:21:53 -05:00 · 2019-08-28 17:07:29 +02:00 · 2019-08-28 17:07:29 +02:00 · 9419024554
commit 9419024554
parent 9c701fdb6b
4 changed files with 7 additions and 5 deletions
--- a/builder/remotecontext/git/gitutils.go
+++ b/builder/remotecontext/git/gitutils.go
@ -142,9 +142,9 @@ func supportsShallowClone(remoteURL string) bool {
 		serviceURL := remoteURL + "/info/refs?service=git-upload-pack"

 		// Try a HEAD request and fallback to a Get request on error
-		res, err := http.Head(serviceURL)
+		res, err := http.Head(serviceURL) // #nosec G107
 		if err != nil || res.StatusCode != http.StatusOK {
-			res, err = http.Get(serviceURL)
+			res, err = http.Get(serviceURL) // #nosec G107
 			if err == nil {
 				res.Body.Close()
 			}
--- a/builder/remotecontext/remote.go
+++ b/builder/remotecontext/remote.go
@ -45,6 +45,7 @@ func downloadRemote(remoteURL string) (string, io.ReadCloser, error) {
 // GetWithStatusError does an http.Get() and returns an error if the
 // status code is 4xx or 5xx.
 func GetWithStatusError(address string) (resp *http.Response, err error) {
+	// #nosec G107
 	if resp, err = http.Get(address); err != nil {
 		if uerr, ok := err.(*url.Error); ok {
 			if derr, ok := uerr.Err.(*net.DNSError); ok && !derr.IsTimeout {
--- a/pkg/fileutils/fileutils_test.go
+++ b/pkg/fileutils/fileutils_test.go
@ -16,7 +16,7 @@ import (

 // CopyFile with invalid src
 func TestCopyFileWithInvalidSrc(t *testing.T) {
-	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test")
+	tempFolder, err := ioutil.TempDir("", "docker-fileutils-test") // #nosec G303
 	defer os.RemoveAll(tempFolder)
 	if err != nil {
 		t.Fatal(err)
@ -182,6 +182,7 @@ func TestReadSymlinkedDirectoryToFile(t *testing.T) {
 	var err error
 	var file *os.File

+	// #nosec G303
 	if file, err = os.Create("/tmp/testReadSymlinkToFile"); err != nil {
 		t.Fatalf("failed to create file: %s", err)
 	}
--- a/pkg/tarsum/tarsum_test.go
+++ b/pkg/tarsum/tarsum_test.go
@ -4,9 +4,9 @@ import (
 	"archive/tar"
 	"bytes"
 	"compress/gzip"
-	"crypto/md5"
+	"crypto/md5" // #nosec G501
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"