github-actions[bot]
commented
1 month ago The benchmark (Benchmark PR (updated linter)) is done!
beego/beego
local
``` client/orm/internal/utils/utils.go:193:12: G115: integer overflow conversion uint64 -> int64 (gosec) d = int64(val.Uint()) ^ core/utils/pagination/utils.go:29:12: G115: integer overflow conversion uint64 -> int64 (gosec) d = int64(val.Uint()) ^ server/web/grace/server.go:123:20: G402: TLS MinVersion too low. (gosec) srv.TLSConfig = &tls.Config{} ^ server/web/grace/server.go:182:20: G402: TLS MinVersion too low. (gosec) srv.TLSConfig = &tls.Config{} ^ server/web/grace/grace.go:129:35: G115: integer overflow conversion int -> uint (gosec) socketPtrOffsetMap[addr] = uint(i) ^ server/web/session/mysql/sess_mysql.go:121:12: G202: SQL string concatenation (gosec) st.c.Exec("UPDATE "+TableName+" set `session_data`=?, `session_expiry`=? where session_key=?", ^ server/web/session/mysql/sess_mysql.go:156:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:160:10: G202: SQL string concatenation (gosec) c.Exec("insert into "+TableName+"(`session_key`,`session_data`,`session_expiry`) values(?,?,?)", ^ server/web/session/mysql/sess_mysql.go:182:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:197:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", oldsid) ^ server/web/session/mysql/sess_mysql.go:201:10: G202: SQL string concatenation (gosec) c.Exec("insert into "+TableName+"(`session_key`,`session_data`,`session_expiry`) values(?,?,?)", oldsid, "", time.Now().Unix()) ^ server/web/session/mysql/sess_mysql.go:203:18: G202: SQL string concatenation (gosec) _, err = c.Exec("update "+TableName+" set `session_key`=? where session_key=?", sid, oldsid) ^ server/web/session/mysql/sess_mysql.go:223:9: G202: SQL string concatenation (gosec) c.Exec("DELETE FROM "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:231:9: G202: SQL string concatenation (gosec) c.Exec("DELETE from "+TableName+" where session_expiry < ?", time.Now().Unix()-mp.maxlifetime) ^ server/web/session/memcache/sess_memcache.go:116:64: G115: integer overflow conversion int64 -> int32 (gosec) item := memcache.Item{Key: rs.sid, Value: b, Expiration: int32(rs.maxlifetime)} ^ server/web/session/memcache/sess_memcache.go:197:26: G115: integer overflow conversion int64 -> int32 (gosec) item.Expiration = int32(rp.maxlifetime) ^ server/web/session/memcache/sess_memcache.go:202:26: G115: integer overflow conversion int64 -> int32 (gosec) item.Expiration = int32(rp.maxlifetime) ^ core/logs/alils/request.go:5:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ core/logs/alils/request.go:26:32: G401: Use of weak cryptographic primitive (gosec) bodyMD5 := fmt.Sprintf("%X", md5.Sum(body)) ^ core/logs/alils/signature.go:5:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ core/logs/alils/alils.go:164:28: G115: integer overflow conversion int64 -> uint32 (gosec) Time: proto.Uint32(uint32(lm.When.Unix())), ^ core/logs/alils/log.pb.go:192:39: G115: integer overflow conversion int -> uint64 (gosec) i = encodeVarintLog(data, i, uint64(msg.Size())) ^ core/logs/alils/log.pb.go:265:39: G115: integer overflow conversion int -> uint64 (gosec) i = encodeVarintLog(data, i, uint64(msg.Size())) ^ core/logs/alils/log.pb.go:318:39: G115: integer overflow conversion int -> uint64 (gosec) i = encodeVarintLog(data, i, uint64(msg.Size())) ^ core/logs/alils/log.pb.go:333:22: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset] = uint8(v) ^ core/logs/alils/log.pb.go:334:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+1] = uint8(v >> 8) ^ core/logs/alils/log.pb.go:335:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+2] = uint8(v >> 16) ^ core/logs/alils/log.pb.go:336:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+3] = uint8(v >> 24) ^ core/logs/alils/log.pb.go:337:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+4] = uint8(v >> 32) ^ core/logs/alils/log.pb.go:338:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+5] = uint8(v >> 40) ^ core/logs/alils/log.pb.go:339:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+6] = uint8(v >> 48) ^ core/logs/alils/log.pb.go:340:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+7] = uint8(v >> 56) ^ core/logs/alils/log.pb.go:345:22: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset] = uint8(v) ^ core/logs/alils/log.pb.go:346:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+1] = uint8(v >> 8) ^ core/logs/alils/log.pb.go:347:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+2] = uint8(v >> 16) ^ core/logs/alils/log.pb.go:348:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+3] = uint8(v >> 24) ^ core/logs/alils/log.pb.go:354:23: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset] = uint8(v&0x7f | 0x80) ^ core/logs/alils/log.pb.go:372:30: G115: integer overflow conversion int -> uint64 (gosec) n += 1 + l + sovLog(uint64(l)) ^ core/logs/alils/log.pb.go:406:30: G115: integer overflow conversion int -> uint64 (gosec) n += 1 + l + sovLog(uint64(l)) ^ core/logs/alils/log.pb.go:434:30: G115: integer overflow conversion int -> uint64 (gosec) n += 1 + l + sovLog(uint64(l)) ^ core/logs/alils/log.pb.go:480:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:481:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:589:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:590:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:617:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:648:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:710:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:711:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:769:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:799:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ ```v1.60.3
``` client/orm/internal/utils/utils.go:72:13: G115: integer overflow conversion int64 -> int8 (gosec) return int8(v), err ^ client/orm/internal/utils/utils.go:78:14: G115: integer overflow conversion int64 -> int16 (gosec) return int16(v), err ^ client/orm/internal/utils/utils.go:84:14: G115: integer overflow conversion int64 -> int32 (gosec) return int32(v), err ^ client/orm/internal/utils/utils.go:110:14: G115: integer overflow conversion uint64 -> uint8 (gosec) return uint8(v), err ^ client/orm/internal/utils/utils.go:116:15: G115: integer overflow conversion uint64 -> uint16 (gosec) return uint16(v), err ^ client/orm/internal/utils/utils.go:122:15: G115: integer overflow conversion uint64 -> uint32 (gosec) return uint32(v), err ^ client/orm/internal/utils/utils.go:193:12: G115: integer overflow conversion uint64 -> int64 (gosec) d = int64(val.Uint()) ^ core/utils/pagination/utils.go:29:12: G115: integer overflow conversion uint64 -> int64 (gosec) d = int64(val.Uint()) ^ server/web/grace/server.go:123:20: G402: TLS MinVersion too low. (gosec) srv.TLSConfig = &tls.Config{} ^ server/web/grace/server.go:182:20: G402: TLS MinVersion too low. (gosec) srv.TLSConfig = &tls.Config{} ^ server/web/session/memcache/sess_memcache.go:116:64: G115: integer overflow conversion int64 -> int32 (gosec) item := memcache.Item{Key: rs.sid, Value: b, Expiration: int32(rs.maxlifetime)} ^ server/web/session/memcache/sess_memcache.go:197:26: G115: integer overflow conversion int64 -> int32 (gosec) item.Expiration = int32(rp.maxlifetime) ^ server/web/session/memcache/sess_memcache.go:202:26: G115: integer overflow conversion int64 -> int32 (gosec) item.Expiration = int32(rp.maxlifetime) ^ server/web/session/mysql/sess_mysql.go:121:12: G202: SQL string concatenation (gosec) st.c.Exec("UPDATE "+TableName+" set `session_data`=?, `session_expiry`=? where session_key=?", ^ server/web/session/mysql/sess_mysql.go:156:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:160:10: G202: SQL string concatenation (gosec) c.Exec("insert into "+TableName+"(`session_key`,`session_data`,`session_expiry`) values(?,?,?)", ^ server/web/session/mysql/sess_mysql.go:182:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:197:20: G202: SQL string concatenation (gosec) row := c.QueryRow("select session_data from "+TableName+" where session_key=?", oldsid) ^ server/web/session/mysql/sess_mysql.go:201:10: G202: SQL string concatenation (gosec) c.Exec("insert into "+TableName+"(`session_key`,`session_data`,`session_expiry`) values(?,?,?)", oldsid, "", time.Now().Unix()) ^ server/web/session/mysql/sess_mysql.go:203:18: G202: SQL string concatenation (gosec) _, err = c.Exec("update "+TableName+" set `session_key`=? where session_key=?", sid, oldsid) ^ server/web/session/mysql/sess_mysql.go:223:9: G202: SQL string concatenation (gosec) c.Exec("DELETE FROM "+TableName+" where session_key=?", sid) ^ server/web/session/mysql/sess_mysql.go:231:9: G202: SQL string concatenation (gosec) c.Exec("DELETE from "+TableName+" where session_expiry < ?", time.Now().Unix()-mp.maxlifetime) ^ core/logs/alils/request.go:5:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ core/logs/alils/request.go:26:32: G401: Use of weak cryptographic primitive (gosec) bodyMD5 := fmt.Sprintf("%X", md5.Sum(body)) ^ core/logs/alils/signature.go:5:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ core/logs/alils/alils.go:164:28: G115: integer overflow conversion int64 -> uint32 (gosec) Time: proto.Uint32(uint32(lm.When.Unix())), ^ core/logs/alils/log.pb.go:333:22: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset] = uint8(v) ^ core/logs/alils/log.pb.go:334:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+1] = uint8(v >> 8) ^ core/logs/alils/log.pb.go:335:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+2] = uint8(v >> 16) ^ core/logs/alils/log.pb.go:336:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+3] = uint8(v >> 24) ^ core/logs/alils/log.pb.go:337:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+4] = uint8(v >> 32) ^ core/logs/alils/log.pb.go:338:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+5] = uint8(v >> 40) ^ core/logs/alils/log.pb.go:339:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+6] = uint8(v >> 48) ^ core/logs/alils/log.pb.go:340:24: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset+7] = uint8(v >> 56) ^ core/logs/alils/log.pb.go:345:22: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset] = uint8(v) ^ core/logs/alils/log.pb.go:346:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+1] = uint8(v >> 8) ^ core/logs/alils/log.pb.go:347:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+2] = uint8(v >> 16) ^ core/logs/alils/log.pb.go:348:24: G115: integer overflow conversion uint32 -> uint8 (gosec) data[offset+3] = uint8(v >> 24) ^ core/logs/alils/log.pb.go:354:23: G115: integer overflow conversion uint64 -> uint8 (gosec) data[offset] = uint8(v&0x7f | 0x80) ^ core/logs/alils/log.pb.go:480:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:481:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:589:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:590:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:617:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:648:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:710:20: G115: integer overflow conversion uint64 -> int32 (gosec) fieldNum := int32(wire >> 3) ^ core/logs/alils/log.pb.go:711:18: G115: integer overflow conversion uint64 -> int (gosec) wireType := int(wire & 0x7) ^ core/logs/alils/log.pb.go:769:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:799:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ core/logs/alils/log.pb.go:829:23: G115: integer overflow conversion uint64 -> int (gosec) intStringLen := int(stringLen) ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
1.573 ± 0.027 | 1.532 | 1.610 | 1.03 ± 0.02 |
v1.60.3 |
1.534 ± 0.023 | 1.485 | 1.557 | 1.00 |
cilium/cilium
| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
13.039 ± 0.114 | 12.905 | 13.268 | 1.00 |
v1.60.3 |
13.080 ± 0.177 | 12.781 | 13.380 | 1.00 ± 0.02 |
spf13/cobra
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
local |
457.9 ± 9.4 | 444.0 | 477.9 | 1.06 ± 0.03 |
v1.60.3 |
431.4 ± 5.6 | 420.5 | 439.7 | 1.00 |
hashicorp/consul
local
``` agent/exec/exec.go:16:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) return exec.Command(args[0], args[1:]...), nil ^ internal/testing/golden/golden.go:39:23: G301: Expect directory permissions to be 0750 or less (gosec) require.NoError(t, os.MkdirAll(dir, 0755)) ^ internal/testing/golden/golden.go:41:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(path, actual, 0644) ^ internal/testing/golden/golden.go:53:19: G304: Potential file inclusion via variable (gosec) expected, err := os.ReadFile(filepath) ^ agent/grpc-external/limiter/limiter.go:168:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) idx := rand.Intn(len(l.sessionIDs)) ^ lib/file/atomic.go:31:13: G304: Potential file inclusion via variable (gosec) fh, err := os.OpenFile(tempPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, filePerms) ^ lib/file/atomic.go:36:3: G104: Errors unhandled. (gosec) fh.Close() ^ lib/file/atomic.go:37:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:41:3: G104: Errors unhandled. (gosec) fh.Close() ^ lib/file/atomic.go:42:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:46:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:50:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic_test.go:30:17: G304: Potential file inclusion via variable (gosec) actual, err := os.ReadFile(path) ^ lib/retry/retry.go:32:35: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return baseTime + time.Duration(rand.Int63n(max)) ^ lib/retry/retry.go:93:12: G115: integer overflow conversion uint -> int (gosec) return int(w.failures) ^ lib/retry/retry_test.go:63:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ lib/retry/retry_test.go:71:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ lib/retry/retry_test.go:79:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ lib/retry/retry_test.go:87:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ lib/retry/retry_test.go:95:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ lib/retry/retry_test.go:108:21: G115: integer overflow conversion int -> uint (gosec) w.failures = uint(i) ^ agent/consul/multilimiter/multilimiter_test.go:523:40: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) c := LimiterConfig{Rate: rate.Limit(rand.Float64()), Burst: rand.Int()} ^ agent/consul/multilimiter/multilimiter_test.go:667:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) ip := rand.Uint32() ^ agent/consul/multilimiter/multilimiter_test.go:603:46: G115: integer overflow conversion int -> uint32 (gosec) binary.LittleEndian.PutUint32(buf, uint32(j)) ^ agent/consul/multilimiter/multilimiter_test.go:642:47: G115: integer overflow conversion int -> uint32 (gosec) binary.LittleEndian.PutUint32(buf, uint32(n)) ^ internal/go-sso/oidcauth/oidcauthtest/testing.go:278:3: G104: Errors unhandled. (gosec) w.Write([]byte("It's not a keyset!")) ^ internal/go-sso/oidcauth/oidcauthtest/testing.go:455:14: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) Config: &http.Server{Handler: handler}, ^ lib/semaphore/semaphore_test.go:23:3: G104: Errors unhandled. (gosec) sem.Acquire(context.Background()) ^ lib/semaphore/semaphore_test.go:24:28: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) time.Sleep(time.Duration(rand.Int63n(int64(maxSleep/time.Nanosecond))) * time.Nanosecond) ^ lib/semaphore/semaphore_test.go:83:2: G104: Errors unhandled. (gosec) sem.Acquire(ctx) ^ lib/semaphore/semaphore_test.go:101:2: G104: Errors unhandled. (gosec) sem.SetSize(4) ^ agent/token/persistence.go:34:7: G101: Potential hardcoded credentials (gosec) const tokensPath = "acl-tokens.json" ^ agent/token/persistence.go:171:14: G304: Potential file inclusion via variable (gosec) buf, err := os.ReadFile(filename) ^ agent/token/persistence_test.go:73:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "golf", "agent_recovery" : "hotel", "default": "india", "replication": "juliet", "config_file_service_registration": "kilo", "dns": "lima" }` agent/token/persistence_test.go:122:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "mike", "agent_recovery" : "november", "default": "oscar", "replication" : "papa", "config_file_service_registration" : "lima", "dns": "kilo" }` agent/token/persistence_test.go:154:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "xray", "agent_recovery" : "zulu" }` logging/logfile.go:69:22: G304: Potential file inclusion via variable (gosec) filePointer, err := os.OpenFile(newfilePath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640) ^ logging/logfile_test.go:100:18: G304: Potential file inclusion via variable (gosec) content, err := os.ReadFile(filepath.Join(tempDir, logFiles[0])) ^ logging/logfile_test.go:104:17: G304: Potential file inclusion via variable (gosec) content, err = os.ReadFile(filepath.Join(tempDir, logFiles[1])) ^ logging/logfile_test.go:140:13: G304: Potential file inclusion via variable (gosec) fh, err := os.Open(name) ^ command/flags/config.go:270:12: G304: Potential file inclusion via variable (gosec) f, err := os.Open(path) ^ command/flags/http.go:146:15: G304: Potential file inclusion via variable (gosec) data, err := os.ReadFile(tokenFile) ^ command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go:59:12: G302: Expect file permissions to be 0600 or less (gosec) f, err := os.OpenFile(args[0], os.O_WRONLY|os.O_APPEND, 0700) ^ internal/go-sso/oidcauth/oidcjwt.go:38:25: G402: TLS MinVersion too low. (gosec) tr.TLSClientConfig = &tls.Config{ RootCAs: certPool, } internal/go-sso/oidcauth/jwt_test.go:697:2: G101: Potential hardcoded credentials: SSH (EC) private key (gosec) badPrivKey string = `-----BEGIN EC PRIVATE KEY----- MHcCAQEEILTAHJm+clBKYCrRDc74Pt7uF7kH+2x2TdL5cH23FEcsoAoGCCqGSM49 AwEHoUQDQgAE+C3CyjVWdeYtIqgluFJlwZmoonphsQbj9Nfo5wrEutv+3RTFnDQh vttUajcFAcl4beR+jHFYC00vSO4i5jZ64g== -----END EC PRIVATE KEY-----` internal/go-sso/oidcauth/oidcjwt.go:230:33: G115: integer overflow conversion uint64 -> int64 (gosec) return strconv.FormatInt(int64(v), 10), true ^ internal/go-sso/oidcauth/oidcjwt.go:232:33: G115: integer overflow conversion uint -> int64 (gosec) return strconv.FormatInt(int64(v), 10), true ^ command/acl/role/formatter_test.go:28:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(golden, []byte(got), 0644) ^ lib/cluster.go:48:30: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return time.Duration(uint64(rand.Int63()) % uint64(intv)) ^ lib/path.go:16:9: G301: Expect directory permissions to be 0750 or less (gosec) return os.MkdirAll(path, 0755) ^ ```v1.60.3
``` agent/exec/exec.go:16:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) return exec.Command(args[0], args[1:]...), nil ^ agent/metrics/testing.go:25:2: G104: Errors unhandled. (gosec) metrics.NewGlobal(cfg, s) ^ internal/testing/golden/golden.go:39:23: G301: Expect directory permissions to be 0750 or less (gosec) require.NoError(t, os.MkdirAll(dir, 0755)) ^ internal/testing/golden/golden.go:41:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(path, actual, 0644) ^ internal/testing/golden/golden.go:53:19: G304: Potential file inclusion via variable (gosec) expected, err := os.ReadFile(filepath) ^ agent/grpc-external/limiter/limiter.go:168:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) idx := rand.Intn(len(l.sessionIDs)) ^ internal/gossip/libserf/serf.go:51:2: G104: Errors unhandled. (gosec) serf.SetTags(tags) ^ lib/retry/retry.go:32:35: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return baseTime + time.Duration(rand.Int63n(max)) ^ lib/retry/retry.go:93:12: G115: integer overflow conversion uint -> int (gosec) return int(w.failures) ^ internal/go-sso/oidcauth/oidcauthtest/testing.go:278:3: G104: Errors unhandled. (gosec) w.Write([]byte("It's not a keyset!")) ^ internal/go-sso/oidcauth/oidcauthtest/testing.go:455:14: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) Config: &http.Server{Handler: handler}, ^ lib/file/atomic.go:31:13: G304: Potential file inclusion via variable (gosec) fh, err := os.OpenFile(tempPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, filePerms) ^ lib/file/atomic.go:36:3: G104: Errors unhandled. (gosec) fh.Close() ^ lib/file/atomic.go:37:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:41:3: G104: Errors unhandled. (gosec) fh.Close() ^ lib/file/atomic.go:42:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:46:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic.go:50:3: G104: Errors unhandled. (gosec) os.Remove(tempPath) ^ lib/file/atomic_test.go:30:17: G304: Potential file inclusion via variable (gosec) actual, err := os.ReadFile(path) ^ command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go:45:3: G104: Errors unhandled. (gosec) os.RemoveAll(args[0]) ^ command/connect/envoy/pipe-bootstrap/connect_envoy_pipe-bootstrap.go:59:12: G302: Expect file permissions to be 0600 or less (gosec) f, err := os.OpenFile(args[0], os.O_WRONLY|os.O_APPEND, 0700) ^ lib/semaphore/semaphore_test.go:24:28: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) time.Sleep(time.Duration(rand.Int63n(int64(maxSleep/time.Nanosecond))) * time.Nanosecond) ^ command/acl/role/formatter_test.go:28:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(golden, []byte(got), 0644) ^ command/acl/role/formatter_test.go:32:19: G304: Potential file inclusion via variable (gosec) expected, err := os.ReadFile(golden) ^ command/flags/config.go:270:12: G304: Potential file inclusion via variable (gosec) f, err := os.Open(path) ^ command/flags/http.go:146:15: G304: Potential file inclusion via variable (gosec) data, err := os.ReadFile(tokenFile) ^ agent/consul/multilimiter/multilimiter_test.go:523:40: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) c := LimiterConfig{Rate: rate.Limit(rand.Float64()), Burst: rand.Int()} ^ agent/consul/multilimiter/multilimiter_test.go:667:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) ip := rand.Uint32() ^ agent/consul/multilimiter/multilimiter_test.go:603:46: G115: integer overflow conversion int -> uint32 (gosec) binary.LittleEndian.PutUint32(buf, uint32(j)) ^ agent/consul/multilimiter/multilimiter_test.go:642:47: G115: integer overflow conversion int -> uint32 (gosec) binary.LittleEndian.PutUint32(buf, uint32(n)) ^ agent/token/persistence.go:34:7: G101: Potential hardcoded credentials (gosec) const tokensPath = "acl-tokens.json" ^ agent/token/persistence.go:171:14: G304: Potential file inclusion via variable (gosec) buf, err := os.ReadFile(filename) ^ agent/token/persistence_test.go:73:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "golf", "agent_recovery" : "hotel", "default": "india", "replication": "juliet", "config_file_service_registration": "kilo", "dns": "lima" }` agent/token/persistence_test.go:122:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "mike", "agent_recovery" : "november", "default": "oscar", "replication" : "papa", "config_file_service_registration" : "lima", "dns": "kilo" }` agent/token/persistence_test.go:154:3: G101: Potential hardcoded credentials (gosec) tokens := `{ "agent" : "xray", "agent_recovery" : "zulu" }` internal/go-sso/oidcauth/oidcjwt.go:38:25: G402: TLS MinVersion too low. (gosec) tr.TLSClientConfig = &tls.Config{ RootCAs: certPool, } internal/go-sso/oidcauth/jwt_test.go:697:2: G101: Potential hardcoded credentials: SSH (EC) private key (gosec) badPrivKey string = `-----BEGIN EC PRIVATE KEY----- MHcCAQEEILTAHJm+clBKYCrRDc74Pt7uF7kH+2x2TdL5cH23FEcsoAoGCCqGSM49 AwEHoUQDQgAE+C3CyjVWdeYtIqgluFJlwZmoonphsQbj9Nfo5wrEutv+3RTFnDQh vttUajcFAcl4beR+jHFYC00vSO4i5jZ64g== -----END EC PRIVATE KEY-----` internal/go-sso/oidcauth/oidcjwt.go:230:33: G115: integer overflow conversion uint64 -> int64 (gosec) return strconv.FormatInt(int64(v), 10), true ^ internal/go-sso/oidcauth/oidcjwt.go:232:33: G115: integer overflow conversion uint -> int64 (gosec) return strconv.FormatInt(int64(v), 10), true ^ logging/logfile.go:69:22: G304: Potential file inclusion via variable (gosec) filePointer, err := os.OpenFile(newfilePath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640) ^ logging/logfile_test.go:100:18: G304: Potential file inclusion via variable (gosec) content, err := os.ReadFile(filepath.Join(tempDir, logFiles[0])) ^ logging/logfile_test.go:104:17: G304: Potential file inclusion via variable (gosec) content, err = os.ReadFile(filepath.Join(tempDir, logFiles[1])) ^ agent/hcp/config/config.go:53:18: G402: TLS MinVersion too low. (gosec) c.TLSConfig = &tls.Config{} ^ agent/hcp/config/mock_CloudConfig.go:28:63: G402: TLS MinVersion too low. (gosec) func (m *mockHCPCfg) SCADATLSConfig() *tls.Config { return &tls.Config{} } ^ agent/hcp/config/config_test.go:22:15: G402: TLS MinVersion too low. (gosec) TLSConfig: &tls.Config{ ServerName: "old-server-name", }, agent/hcp/config/config_test.go:37:15: G402: TLS MinVersion too low. (gosec) TLSConfig: &tls.Config{ ServerName: "new-server-name", }, lib/cluster.go:48:30: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return time.Duration(uint64(rand.Int63()) % uint64(intv)) ^ lib/path.go:16:9: G301: Expect directory permissions to be 0750 or less (gosec) return os.MkdirAll(path, 0755) ^ agent/envoyextensions/builtin/otel-access-logging/structs.go:174:30: G115: integer overflow conversion int -> uint32 (gosec) PortValue: uint32(port), ^ agent/cache/cache_test.go:1285:33: G115: integer overflow conversion uint64 -> int (gosec) return FetchResult{Value: int(idx * 2), Index: idx} ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
9.945 ± 0.071 | 9.870 | 10.071 | 1.00 ± 0.01 |
v1.60.3 |
9.926 ± 0.085 | 9.780 | 10.080 | 1.00 |
go-delve/delve
local
``` pkg/dwarf/regnum/i386.go:97:33: G115: integer overflow conversion uint64 -> int (gosec) name, ok := i386DwarfToName[int(num)] ^ pkg/dwarf/regnum/ppc64le.go:45:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("r%d", int(num-PPC64LE_FIRST_GPR)) ^ pkg/dwarf/regnum/ppc64le.go:47:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("f%d", int(num-PPC64LE_FIRST_FPR)) ^ pkg/dwarf/regnum/ppc64le.go:49:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("v%d", int(num-PPC64LE_FIRST_VMX)) ^ pkg/dwarf/regnum/ppc64le.go:51:33: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("vs%d", int(num-PPC64LE_FIRST_VSX)) ^ pkg/dwarf/parseutil.go:50:44: G115: integer overflow conversion uint64 -> uint32 (gosec) return binary.Write(writer, order, uint32(data)) ^ pkg/dwarf/parseutil.go:144:21: G115: integer overflow conversion int -> uint32 (gosec) r[off+dwarf.Offset(headerSize)] = version ^ pkg/dwarf/parseutil.go:147:22: G115: integer overflow conversion uint64 -> uint32 (gosec) off += dwarf.Offset(length) ^ pkg/dwarf/leb128/encode_test.go:17:17: G115: integer overflow conversion int -> uint32 (gosec) if c != uint32(len(enc)) { ^ pkg/dwarf/leb128/encode_test.go:35:17: G115: integer overflow conversion int -> uint32 (gosec) if c != uint32(len(enc)) { ^ pkg/dwarf/frame/parser.go:94:17: G115: integer overflow conversion int -> uint32 (gosec) cieid = uint32(start - int(cieid) + 4) ^ pkg/dwarf/frame/parser.go:112:58: G115: integer overflow conversion int -> uint64 (gosec) num := ctx.readEncodedPtr(addrSum(ctx.ehFrameAddr+uint64(startOff), reader), reader, ctx.frame.CIE.ptrEncAddr) ^ pkg/dwarf/frame/parser.go:131:20: G115: integer overflow conversion uint64 -> int64 (gosec) reader.Seek(int64(n), io.SeekCurrent) ^ pkg/dwarf/frame/parser.go:147:22: G115: integer overflow conversion int64 -> uint64 (gosec) return base + uint64(n) ^ pkg/dwarf/frame/parser.go:251:21: G115: integer overflow conversion uint64 -> int16 (gosec) ptr = uint64(int16(ptr)) ^ pkg/dwarf/frame/parser.go:256:21: G115: integer overflow conversion uint64 -> int32 (gosec) ptr = uint64(int32(ptr)) ^ pkg/dwarf/frame/parser.go:261:15: G115: integer overflow conversion int64 -> uint64 (gosec) ptr = uint64(n) ^ pkg/dwarf/frame/table.go:288:48: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[uint64(reg)] = DWRule{Offset: int64(offset) * frame.dataAlignment, Rule: RuleOffset} ^ pkg/dwarf/frame/table.go:319:40: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[reg] = DWRule{Offset: int64(offset) * frame.dataAlignment, Rule: RuleOffset} ^ pkg/dwarf/frame/table.go:370:26: G115: integer overflow conversion uint64 -> int64 (gosec) frame.CFA.Offset = int64(offset) ^ pkg/dwarf/frame/table.go:380:26: G115: integer overflow conversion uint64 -> int64 (gosec) frame.CFA.Offset = int64(offset) ^ pkg/dwarf/frame/table.go:401:28: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/dwarf/frame/table.go:412:30: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/dwarf/frame/table.go:433:40: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[reg] = DWRule{Offset: int64(offset), Rule: RuleValOffset} ^ pkg/dwarf/frame/table.go:449:30: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/dwarf/op/op.go:95:16: G115: integer overflow conversion uint64 -> int64 (gosec) return int64(regs.Uint64Val(ctxt.pieces[0].Val)), ctxt.pieces, nil ^ pkg/dwarf/op/op.go:136:20: G115: integer overflow conversion int64 -> uint64 (gosec) regnum = uint64(n) ^ pkg/dwarf/op/op.go:195:19: G115: integer overflow conversion uint64 -> int (gosec) piece.Size = int(sz) ^ pkg/dwarf/op/op.go:221:39: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack = append(ctxt.stack, int64(stack+ctxt.StaticBase)) ^ pkg/dwarf/op/op.go:228:49: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack[slen-1] = ctxt.stack[slen-1] + int64(num) ^ pkg/dwarf/op/op.go:265:39: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack = append(ctxt.stack, int64(ctxt.Uint64Val(regnum))+offset) ^ pkg/dwarf/op/op.go:275:52: G115: integer overflow conversion uint64 -> int (gosec) ctxt.pieces = append(ctxt.pieces, Piece{Size: int(sz), Kind: ImmPiece, Val: 0}) ^ pkg/dwarf/op/op.go:325:13: G115: integer overflow conversion int64 -> uint64 (gosec) n = uint64(int64(int8(b))) ^ pkg/dwarf/op/op.go:328:25: G115: integer overflow conversion uint64 -> int16 (gosec) n = uint64(int64(int16(n))) ^ pkg/dwarf/op/op.go:331:25: G115: integer overflow conversion uint64 -> int32 (gosec) n = uint64(int64(int32(n))) ^ pkg/dwarf/op/op.go:445:23: G115: integer overflow conversion int64 -> uint64 (gosec) r = second << uint64(top) ^ pkg/dwarf/op/op.go:447:23: G115: integer overflow conversion int64 -> uint64 (gosec) r = second >> uint64(top) ^ pkg/dwarf/op/op.go:449:19: G115: integer overflow conversion int64 -> uint64 (gosec) r = int64(uint64(second) >> uint64(top)) ^ pkg/dwarf/op/op.go:517:75: G115: integer overflow conversion int64 -> uint64 (gosec) return ctxt.closeLoc(DW_OP_stack_value, Piece{Kind: ImmPiece, Val: uint64(val)}) ^ pkg/dwarf/op/op.go:524:11: G115: integer overflow conversion int -> uint64 (gosec) if uint64(n) != sz { ^ pkg/dwarf/op/op.go:560:39: G115: integer overflow conversion int64 -> uint64 (gosec) _, err := ctxt.readMemory(buf, uint64(addr)) ^ pkg/elfwriter/writer.go:108:18: G115: integer overflow conversion int64 -> uint64 (gosec) h.Off = uint64(w.Here()) ^ pkg/elfwriter/writer.go:110:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(len(note.Name))) ^ pkg/elfwriter/writer.go:111:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(len(note.Data))) ^ pkg/elfwriter/writer.go:112:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(note.Type)) ^ pkg/elfwriter/writer.go:130:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(len(w.Progs))) ^ pkg/elfwriter/writer.go:134:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(prog.Type)) ^ pkg/elfwriter/writer.go:180:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(len(w.Sections))) ^ pkg/elfwriter/writer.go:182:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(shstrndx)) ^ pkg/elfwriter/writer.go:186:15: G115: integer overflow conversion int64 -> uint32 (gosec) w.u32(uint32(strToIndex[sect.Name])) ^ ```v1.60.3
``` pkg/dwarf/regnum/i386.go:97:33: G115: integer overflow conversion uint64 -> int (gosec) name, ok := i386DwarfToName[int(num)] ^ pkg/dwarf/regnum/ppc64le.go:45:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("r%d", int(num-PPC64LE_FIRST_GPR)) ^ pkg/dwarf/regnum/ppc64le.go:47:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("f%d", int(num-PPC64LE_FIRST_FPR)) ^ pkg/dwarf/regnum/ppc64le.go:49:32: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("v%d", int(num-PPC64LE_FIRST_VMX)) ^ pkg/dwarf/regnum/ppc64le.go:51:33: G115: integer overflow conversion uint64 -> int (gosec) return fmt.Sprintf("vs%d", int(num-PPC64LE_FIRST_VSX)) ^ pkg/dwarf/parseutil.go:50:44: G115: integer overflow conversion uint64 -> uint32 (gosec) return binary.Write(writer, order, uint32(data)) ^ pkg/dwarf/parseutil.go:144:21: G115: integer overflow conversion int -> uint32 (gosec) r[off+dwarf.Offset(headerSize)] = version ^ pkg/dwarf/parseutil.go:147:22: G115: integer overflow conversion uint64 -> uint32 (gosec) off += dwarf.Offset(length) ^ pkg/dwarf/leb128/encode_test.go:17:17: G115: integer overflow conversion int -> uint32 (gosec) if c != uint32(len(enc)) { ^ pkg/dwarf/leb128/encode_test.go:35:17: G115: integer overflow conversion int -> uint32 (gosec) if c != uint32(len(enc)) { ^ pkg/dwarf/frame/parser.go:94:17: G115: integer overflow conversion int -> uint32 (gosec) cieid = uint32(start - int(cieid) + 4) ^ pkg/dwarf/frame/parser.go:131:20: G115: integer overflow conversion uint64 -> int64 (gosec) reader.Seek(int64(n), io.SeekCurrent) ^ pkg/dwarf/frame/parser.go:251:21: G115: integer overflow conversion uint64 -> int16 (gosec) ptr = uint64(int16(ptr)) ^ pkg/dwarf/frame/parser.go:256:21: G115: integer overflow conversion uint64 -> int32 (gosec) ptr = uint64(int32(ptr)) ^ pkg/dwarf/frame/table.go:288:48: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[uint64(reg)] = DWRule{Offset: int64(offset) * frame.dataAlignment, Rule: RuleOffset} ^ pkg/dwarf/frame/table.go:319:40: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[reg] = DWRule{Offset: int64(offset) * frame.dataAlignment, Rule: RuleOffset} ^ pkg/dwarf/frame/table.go:370:26: G115: integer overflow conversion uint64 -> int64 (gosec) frame.CFA.Offset = int64(offset) ^ pkg/dwarf/frame/table.go:380:26: G115: integer overflow conversion uint64 -> int64 (gosec) frame.CFA.Offset = int64(offset) ^ pkg/dwarf/frame/table.go:401:28: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/dwarf/frame/table.go:412:30: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/dwarf/frame/table.go:433:40: G115: integer overflow conversion uint64 -> int64 (gosec) frame.Regs[reg] = DWRule{Offset: int64(offset), Rule: RuleValOffset} ^ pkg/dwarf/frame/table.go:449:30: G115: integer overflow conversion uint64 -> int (gosec) expr = frame.buf.Next(int(l)) ^ pkg/elfwriter/writer.go:110:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(len(note.Name))) ^ pkg/elfwriter/writer.go:111:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(len(note.Data))) ^ pkg/elfwriter/writer.go:112:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(note.Type)) ^ pkg/elfwriter/writer.go:130:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(len(w.Progs))) ^ pkg/elfwriter/writer.go:134:15: G115: integer overflow conversion int -> uint32 (gosec) w.u32(uint32(prog.Type)) ^ pkg/elfwriter/writer.go:180:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(len(w.Sections))) ^ pkg/elfwriter/writer.go:182:14: G115: integer overflow conversion int -> uint16 (gosec) w.u16(uint16(shstrndx)) ^ pkg/elfwriter/writer.go:186:15: G115: integer overflow conversion int64 -> uint32 (gosec) w.u32(uint32(strToIndex[sect.Name])) ^ pkg/dwarf/op/op.go:95:16: G115: integer overflow conversion uint64 -> int64 (gosec) return int64(regs.Uint64Val(ctxt.pieces[0].Val)), ctxt.pieces, nil ^ pkg/dwarf/op/op.go:195:19: G115: integer overflow conversion uint64 -> int (gosec) piece.Size = int(sz) ^ pkg/dwarf/op/op.go:221:39: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack = append(ctxt.stack, int64(stack+ctxt.StaticBase)) ^ pkg/dwarf/op/op.go:228:49: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack[slen-1] = ctxt.stack[slen-1] + int64(num) ^ pkg/dwarf/op/op.go:265:39: G115: integer overflow conversion uint64 -> int64 (gosec) ctxt.stack = append(ctxt.stack, int64(ctxt.Uint64Val(regnum))+offset) ^ pkg/dwarf/op/op.go:275:52: G115: integer overflow conversion uint64 -> int (gosec) ctxt.pieces = append(ctxt.pieces, Piece{Size: int(sz), Kind: ImmPiece, Val: 0}) ^ pkg/dwarf/op/op.go:328:25: G115: integer overflow conversion uint64 -> int16 (gosec) n = uint64(int64(int16(n))) ^ pkg/dwarf/op/op.go:331:25: G115: integer overflow conversion uint64 -> int32 (gosec) n = uint64(int64(int32(n))) ^ pkg/internal/gosym/pclntab.go:236:22: G115: integer overflow conversion uint64 -> uint32 (gosec) t.nfunctab = uint32(offset(0)) ^ pkg/internal/gosym/pclntab.go:237:22: G115: integer overflow conversion uint64 -> uint32 (gosec) t.nfiletab = uint32(offset(1)) ^ pkg/internal/gosym/pclntab.go:248:22: G115: integer overflow conversion uint64 -> uint32 (gosec) t.nfunctab = uint32(offset(0)) ^ pkg/internal/gosym/pclntab.go:249:22: G115: integer overflow conversion uint64 -> uint32 (gosec) t.nfiletab = uint32(offset(1)) ^ pkg/internal/gosym/pclntab.go:259:22: G115: integer overflow conversion uint64 -> uint32 (gosec) t.nfunctab = uint32(t.uintptr(t.Data[8:])) ^ pkg/internal/gosym/pclntab.go:290:28: G115: integer overflow conversion int -> uint32 (gosec) info := t.funcData(uint32(i)) ^ pkg/internal/gosym/pclntab.go:328:26: G115: integer overflow conversion int -> uint32 (gosec) return t.funcData(uint32(idx)) ^ pkg/internal/gosym/pclntab.go:479:17: G115: integer overflow conversion uint32 -> int32 (gosec) vdelta := int32(uvdelta) ^ pkg/internal/gosym/pclntab.go:521:21: G115: integer overflow conversion uint32 -> int32 (gosec) fileIndex = int32(t.binary.Uint32(cutab[fileVal*4:])) ^ pkg/internal/gosym/pclntab.go:622:54: G115: integer overflow conversion uint32 -> int32 (gosec) pc := t.findFileLine(entry, filetab, linetab, int32(filenum), int32(line), cutab) ^ pkg/internal/gosym/symtab.go:414:16: G115: integer overflow conversion uint64 -> uint16 (gosec) fname[uint16(s.value)] = ts.Name ^ pkg/dwarf/dwarfbuilder/info.go:172:52: G115: integer overflow conversion int -> uint16 (gosec) binary.Write(&b.loc, binary.LittleEndian, uint16(len(locentry.Loc))) ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
1.690 ± 0.077 | 1.634 | 1.899 | 1.05 ± 0.05 |
v1.60.3 |
1.604 ± 0.037 | 1.551 | 1.676 | 1.00 |
etcd-io/etcd
local
``` tools/local-tester/bridge/bridge.go:66:22: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) t := time.Duration(rand.Intn(5)+1) * time.Second ^ tools/local-tester/bridge/bridge.go:121:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(16*1024) == 0 { ^ tools/local-tester/bridge/bridge.go:131:6: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(10) == 0 { ^ tools/local-tester/bridge/bridge.go:301:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) acceptFaults[rand.Intn(len(acceptFaults))]() ^ tools/local-tester/bridge/bridge.go:307:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.Intn(len(connFaults)) ^ tools/local-tester/bridge/bridge.go:308:6: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(100) >= int(100.0*cfg.connFaultRate) { ^ tools/local-tester/bridge/dispatch.go:85:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.Intn(len(outs)) ^ contrib/lock/storage/storage.go:106:9: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.ListenAndServe(":8080", nil) ^ tools/etcd-dump-db/backend.go:84:14: G115: integer overflow conversion uint64 -> int64 (gosec) return int64(binary.BigEndian.Uint64(bytes)) ^ tools/etcd-dump-logs/main.go:350:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(args[0], args[1:]...) ^ tools/etcd-dump-logs/etcd-dump-log_test.go:165:27: G115: integer overflow conversion int -> uint64 (gosec) currentry.Index = uint64(i + 5) ^ tools/etcd-dump-logs/etcd-dump-log_test.go:263:26: G115: integer overflow conversion int -> uint64 (gosec) currentry.Term = uint64(i + 4) ^ tools/etcd-dump-logs/etcd-dump-log_test.go:264:27: G115: integer overflow conversion int -> uint64 (gosec) currentry.Index = uint64(i + 10) ^ contrib/raftexample/httpapi.go:105:9: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) srv := http.Server{ Addr: ":" + strconv.Itoa(port), Handler: &httpKVAPI{ store: kv, confChangeC: confChangeC, }, } contrib/raftexample/raft.go:509:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) err = (&http.Server{Handler: rc.transport.Handler()}).Serve(ln) ^ contrib/raftexample/raft.go:177:27: G115: integer overflow conversion int -> uint64 (gosec) if cc.NodeID == uint64(rc.id) { ^ contrib/raftexample/raft.go:290:35: G115: integer overflow conversion int -> uint64 (gosec) rpeers[i] = raft.Peer{ID: uint64(i + 1)} ^ contrib/raftexample/raft.go:293:36: G115: integer overflow conversion int -> uint64 (gosec) ID: uint64(rc.id), ^ contrib/raftexample/raft.go:310:24: G115: integer overflow conversion int -> uint64 (gosec) ID: types.ID(rc.id), ^ contrib/raftexample/raft.go:321:33: G115: integer overflow conversion int -> uint64 (gosec) rc.transport.AddPeer(types.ID(i+1), []string{rc.peers[i]}) ^ tools/etcd-dump-metrics/install_linux.go:35:15: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(ep) ^ tools/etcd-dump-metrics/main.go:94:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd1 := exec.Command(cs1[0], cs1[1:]...) ^ tools/etcd-dump-metrics/main.go:108:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd2 := exec.Command(cs2[0], cs2[1:]...) ^ tools/benchmark/cmd/put.go:112:31: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) binary.PutVarint(k, int64(rand.Intn(keySpaceSize))) ^ tools/benchmark/cmd/stm.go:124:31: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) binary.PutVarint(k, int64(rand.Intn(stmKeyCount))) ^ tools/benchmark/cmd/txn_mixed.go:121:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Float64() < mixedTxnReadWriteRatio/(1+mixedTxnReadWriteRatio) { ^ tools/benchmark/cmd/put.go:181:58: G115: integer overflow conversion int64 -> uint64 (gosec) rs += fmt.Sprintf("\tDB size: %s", humanize.Bytes(uint64(rt.DbSize))) ^ tools/benchmark/cmd/util.go:146:27: G115: integer overflow conversion uint -> int (gosec) clients[i] = conns[i%int(totalConns)] ^ tools/benchmark/cmd/watch.go:96:18: G115: integer overflow conversion uint -> int (gosec) grpcConns := int(totalClients) ^ tools/benchmark/cmd/watch.go:98:18: G115: integer overflow conversion uint -> int (gosec) grpcConns = int(totalConns) ^ tools/benchmark/cmd/watch.go:195:17: G115: integer overflow conversion int -> int32 (gosec) nrRxed := int32(eventsTotal) ^ ```v1.60.3
``` tools/local-tester/bridge/bridge.go:66:22: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) t := time.Duration(rand.Intn(5)+1) * time.Second ^ tools/local-tester/bridge/bridge.go:121:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(16*1024) == 0 { ^ tools/local-tester/bridge/bridge.go:131:6: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(10) == 0 { ^ tools/local-tester/bridge/bridge.go:301:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) acceptFaults[rand.Intn(len(acceptFaults))]() ^ tools/local-tester/bridge/bridge.go:307:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.Intn(len(connFaults)) ^ tools/local-tester/bridge/bridge.go:308:6: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Intn(100) >= int(100.0*cfg.connFaultRate) { ^ tools/local-tester/bridge/dispatch.go:85:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.Intn(len(outs)) ^ contrib/lock/storage/storage.go:106:9: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.ListenAndServe(":8080", nil) ^ tools/etcd-dump-db/backend.go:84:14: G115: integer overflow conversion uint64 -> int64 (gosec) return int64(binary.BigEndian.Uint64(bytes)) ^ contrib/raftexample/httpapi.go:105:9: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) srv := http.Server{ Addr: ":" + strconv.Itoa(port), Handler: &httpKVAPI{ store: kv, confChangeC: confChangeC, }, } contrib/raftexample/raft.go:509:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) err = (&http.Server{Handler: rc.transport.Handler()}).Serve(ln) ^ tools/etcd-dump-logs/main.go:350:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(args[0], args[1:]...) ^ tools/benchmark/cmd/put.go:112:31: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) binary.PutVarint(k, int64(rand.Intn(keySpaceSize))) ^ tools/benchmark/cmd/stm.go:124:31: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) binary.PutVarint(k, int64(rand.Intn(stmKeyCount))) ^ tools/benchmark/cmd/txn_mixed.go:121:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) if rand.Float64() < mixedTxnReadWriteRatio/(1+mixedTxnReadWriteRatio) { ^ tools/benchmark/cmd/util.go:146:27: G115: integer overflow conversion uint -> int (gosec) clients[i] = conns[i%int(totalConns)] ^ tools/benchmark/cmd/watch.go:96:18: G115: integer overflow conversion uint -> int (gosec) grpcConns := int(totalClients) ^ tools/benchmark/cmd/watch.go:98:18: G115: integer overflow conversion uint -> int (gosec) grpcConns = int(totalConns) ^ tools/benchmark/cmd/watch.go:195:17: G115: integer overflow conversion int -> int32 (gosec) nrRxed := int32(eventsTotal) ^ tools/etcd-dump-metrics/install_linux.go:35:15: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(ep) ^ tools/etcd-dump-metrics/main.go:94:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd1 := exec.Command(cs1[0], cs1[1:]...) ^ tools/etcd-dump-metrics/main.go:108:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd2 := exec.Command(cs2[0], cs2[1:]...) ^ ```| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
local |
628.6 ± 16.5 | 607.5 | 667.0 | 1.06 ± 0.04 |
v1.60.3 |
591.2 ± 13.4 | 569.6 | 622.3 | 1.00 |
go-gitea/gitea
local
``` contrib/backport/backport.go:261:13: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output() ^ models/auth/twofactor.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ models/auth/twofactor.go:96:7: G401: Use of weak cryptographic primitive (gosec) k := md5.Sum([]byte(setting.SecretKey)) ^ models/avatars/avatar.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ models/avatars/avatar.go:94:7: G401: Use of weak cryptographic primitive (gosec) m := md5.New() ^ modules/auth/password/hash/argon2.go:65:22: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.time = uint32(parsed) ^ modules/auth/password/hash/argon2.go:68:24: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.memory = uint32(parsed) ^ modules/auth/password/hash/argon2.go:71:24: G115: integer overflow conversion uint64 -> uint8 (gosec) hasher.threads = uint8(parsed) ^ modules/auth/password/hash/argon2.go:74:24: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.keyLen = uint32(parsed) ^ modules/auth/password/password.go:135:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(buffer.String()) ^ modules/auth/password/pwn/pwn.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/auth/password/pwn/pwn.go:20:7: G101: Potential hardcoded credentials (gosec) const passwordURL = "https://api.pwnedpasswords.com/range/" ^ modules/auth/password/pwn/pwn.go:80:9: G401: Use of weak cryptographic primitive (gosec) sha := sha1.New() ^ modules/base/tool.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/base/tool.go:70:64: G401: Use of weak cryptographic primitive (gosec) retCode = CreateTimeLimitCode(data, aliveTime, startTimeStr, sha1.New()) // TODO: this is only for the support of legacy codes, remove this in/after 1.23 ^ modules/graceful/server_http.go:15:16: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) httpServer := http.Server{ Handler: handler, BaseContext: func(net.Listener) context.Context { return GetManager().HammerContext() }, } modules/highlight/highlight.go:69:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)), "" ^ modules/highlight/highlight.go:122:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)) ^ modules/highlight/highlight.go:128:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)) ^ modules/highlight/highlight.go:134:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(strings.TrimSuffix(htmlbuf.String(), "\n")) ^ modules/highlight/highlight.go:192:25: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) lines = append(lines, template.HTML(htmlBuf.String())) ^ modules/highlight/highlight.go:212:8: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) s := template.HTML(gohtml.EscapeString(content)) ^ modules/log/logger_impl.go:76:21: G115: integer overflow conversion int -> int32 (gosec) l.level.Store(int32(lowestLevel)) ^ modules/log/logger_impl.go:84:31: G115: integer overflow conversion int -> int32 (gosec) l.stacktraceLevel.Store(int32(lowestLevel)) ^ modules/log/logger_impl.go:199:38: G115: integer overflow conversion int -> int32 (gosec) if l.stacktraceLevel.Load() <= int32(level) { ^ modules/nosql/manager_leveldb.go:153:38: G115: integer overflow conversion int -> uint (gosec) opts.Compression = opt.Compression(val) ^ modules/nosql/manager_leveldb.go:178:28: G115: integer overflow conversion int -> uint (gosec) opts.Strict = opt.Strict(val) ^ modules/nosql/manager_redis.go:237:16: G402: TLS MinVersion too low. (gosec) tlsConfig := &tls.Config{} ^ modules/proxyprotocol/conn.go:242:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:266:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:322:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:332:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:342:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:380:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:392:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/secret/secret.go:30:31: G407: Use of hardcoded IV/nonce for encryption by passing hardcoded slice/array (gosec) cfb := cipher.NewCFBEncrypter(block, iv) ^ modules/secret/secret.go:46:31: G407: Use of hardcoded IV/nonce for encryption by passing hardcoded slice/array (gosec) cfb := cipher.NewCFBDecrypter(block, iv) ^ modules/setting/admin.go:31:2: G101: Potential hardcoded credentials (gosec) UserFeatureManageCredentials = "manage_credentials" ^ modules/setting/log.go:153:35: G115: integer overflow conversion int -> uint (gosec) writerOption.MaxSize = 1 << uint(ConfigInheritedKey(sec, "MAX_SIZE_SHIFT").MustInt(28)) ^ modules/translation/i18n/localestore.go:146:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(l.TrString(trKey, args...)) ^ modules/translation/mock.go:28:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(sprintAny(s, args...)) ^ modules/translation/mock.go:32:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(sprintAny(key1, args...)) ^ modules/uri/uri.go:32:13: G107: Potential HTTP request made with variable url (gosec) f, err := http.Get(uriStr) ^ modules/util/color.go:33:35: G115: integer overflow conversion uint64 -> uint32 (gosec) r := float64(uint8(0xFF & (uint32(color) >> 16))) ^ modules/util/color.go:34:35: G115: integer overflow conversion uint64 -> uint32 (gosec) g := float64(uint8(0xFF & (uint32(color) >> 8))) ^ modules/util/color.go:35:34: G115: integer overflow conversion uint64 -> uint32 (gosec) b := float64(uint8(0xFF & uint32(color))) ^ modules/util/file_unix.go:25:31: G115: integer overflow conversion int -> uint32 (gosec) mod := newMode & ^os.FileMode(defaultUmask) ^ modules/util/legacy.go:85:28: G407: Use of hardcoded IV/nonce for encryption by passing hardcoded slice/array (gosec) plainText, err := gcm.Open(nil, nonce, ciphertext, nil) ^ modules/util/util.go:143:16: G115: integer overflow conversion uint -> int64 (gosec) value = int64(v) ^ modules/util/util.go:151:16: G115: integer overflow conversion uint64 -> int64 (gosec) value = int64(v) ^ ```v1.60.3
``` contrib/backport/backport.go:261:13: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output() ^ models/auth/twofactor.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ models/auth/twofactor.go:96:7: G401: Use of weak cryptographic primitive (gosec) k := md5.Sum([]byte(setting.SecretKey)) ^ models/avatars/avatar.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ models/avatars/avatar.go:94:7: G401: Use of weak cryptographic primitive (gosec) m := md5.New() ^ modules/auth/password/hash/argon2.go:65:22: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.time = uint32(parsed) ^ modules/auth/password/hash/argon2.go:68:24: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.memory = uint32(parsed) ^ modules/auth/password/hash/argon2.go:71:24: G115: integer overflow conversion uint64 -> uint8 (gosec) hasher.threads = uint8(parsed) ^ modules/auth/password/hash/argon2.go:74:24: G115: integer overflow conversion uint64 -> uint32 (gosec) hasher.keyLen = uint32(parsed) ^ modules/auth/password/pwn/pwn.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/auth/password/pwn/pwn.go:20:7: G101: Potential hardcoded credentials (gosec) const passwordURL = "https://api.pwnedpasswords.com/range/" ^ modules/auth/password/pwn/pwn.go:80:9: G401: Use of weak cryptographic primitive (gosec) sha := sha1.New() ^ modules/base/tool.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/base/tool.go:70:64: G401: Use of weak cryptographic primitive (gosec) retCode = CreateTimeLimitCode(data, aliveTime, startTimeStr, sha1.New()) // TODO: this is only for the support of legacy codes, remove this in/after 1.23 ^ modules/graceful/server_http.go:15:16: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) httpServer := http.Server{ Handler: handler, BaseContext: func(net.Listener) context.Context { return GetManager().HammerContext() }, } modules/highlight/highlight.go:69:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)), "" ^ modules/highlight/highlight.go:122:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)) ^ modules/highlight/highlight.go:128:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(template.HTMLEscapeString(code)) ^ modules/highlight/highlight.go:134:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(strings.TrimSuffix(htmlbuf.String(), "\n")) ^ modules/highlight/highlight.go:192:25: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) lines = append(lines, template.HTML(htmlBuf.String())) ^ modules/highlight/highlight.go:212:8: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) s := template.HTML(gohtml.EscapeString(content)) ^ modules/log/logger_impl.go:76:21: G115: integer overflow conversion int -> int32 (gosec) l.level.Store(int32(lowestLevel)) ^ modules/log/logger_impl.go:84:31: G115: integer overflow conversion int -> int32 (gosec) l.stacktraceLevel.Store(int32(lowestLevel)) ^ modules/log/logger_impl.go:199:38: G115: integer overflow conversion int -> int32 (gosec) if l.stacktraceLevel.Load() <= int32(level) { ^ modules/markup/camo.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/nosql/manager_redis.go:237:16: G402: TLS MinVersion too low. (gosec) tlsConfig := &tls.Config{} ^ modules/packages/alpine/metadata.go:10:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/packages/npm/creator.go:8:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ modules/packages/npm/creator.go:265:11: G401: Use of weak cryptographic primitive (gosec) tmp := sha1.Sum(data) ^ modules/proxyprotocol/conn.go:242:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:266:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:322:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:332:67: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:342:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:380:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/proxyprotocol/conn.go:392:68: G115: integer overflow conversion uint16 -> uint8 (gosec) return &ErrBadHeader{append(v2Prefix, version, familyByte, uint8(addressLen>>8), uint8(addressLen&0xff))} ^ modules/setting/admin.go:31:2: G101: Potential hardcoded credentials (gosec) UserFeatureManageCredentials = "manage_credentials" ^ modules/setting/packages.go:117:14: G115: integer overflow conversion uint64 -> int64 (gosec) return int64(bytes) ^ modules/setting/server.go:245:32: G115: integer overflow conversion uint64 -> uint32 (gosec) UnixSocketPermission = uint32(UnixSocketPermissionParsed) ^ modules/svg/svg.go:71:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(svgStr) ^ modules/translation/i18n/localestore.go:146:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(l.TrString(trKey, args...)) ^ modules/translation/mock.go:28:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(sprintAny(s, args...)) ^ modules/translation/mock.go:32:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(sprintAny(key1, args...)) ^ modules/uri/uri.go:32:13: G107: Potential HTTP request made with variable url (gosec) f, err := http.Get(uriStr) ^ modules/util/color.go:33:35: G115: integer overflow conversion uint64 -> uint32 (gosec) r := float64(uint8(0xFF & (uint32(color) >> 16))) ^ modules/util/color.go:34:35: G115: integer overflow conversion uint64 -> uint32 (gosec) g := float64(uint8(0xFF & (uint32(color) >> 8))) ^ modules/util/color.go:35:34: G115: integer overflow conversion uint64 -> uint32 (gosec) b := float64(uint8(0xFF & uint32(color))) ^ modules/util/file_unix.go:25:31: G115: integer overflow conversion int -> uint32 (gosec) mod := newMode & ^os.FileMode(defaultUmask) ^ modules/util/util.go:143:16: G115: integer overflow conversion uint -> int64 (gosec) value = int64(v) ^ modules/util/util.go:151:16: G115: integer overflow conversion uint64 -> int64 (gosec) value = int64(v) ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
6.419 ± 0.066 | 6.347 | 6.534 | 1.01 ± 0.01 |
v1.60.3 |
6.385 ± 0.048 | 6.341 | 6.479 | 1.00 |
google/go-github
| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
3.197 ± 0.033 | 3.150 | 3.256 | 1.02 ± 0.01 |
v1.60.3 |
3.122 ± 0.021 | 3.099 | 3.162 | 1.00 |
golangci/golangci-lint
| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
1.239 ± 0.015 | 1.214 | 1.257 | 1.01 ± 0.04 |
v1.60.3 |
1.223 ± 0.043 | 1.189 | 1.334 | 1.00 |
goreleaser/goreleaser
local
``` internal/golden/golden.go:68:23: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(tb, os.WriteFile(golden, out, 0o655)) ^ internal/gio/chtimes_test.go:17:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/chtimes_test.go:35:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/chtimes_test.go:43:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/copy_test.go:49:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(b, []byte("hello world"), 0o644)) ^ internal/gio/copy_test.go:79:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(src.Name(), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:88:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcDir, testFile), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:100:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcDir, testFile), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:101:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcLevel2, testFile), []byte("foo"), 0o644)) ^ pkg/archive/zip/zip.go:68:15: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err = io.Copy(ww, rr); err != nil { ^ pkg/archive/zip/zip_test.go:97:13: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(&link, rc) ^ internal/artifact/artifact_test.go:329:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(file, []byte("lorem ipsum"), 0o644)) ^ internal/testlib/git.go:143:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command( "git", "-C", url, "show", branch+":"+name, ).CombinedOutput() internal/pipe/smtp/smtp.go:80:48: G402: TLS InsecureSkipVerify may be true. (gosec) d.TLSConfig = &tls.Config{InsecureSkipVerify: ctx.Config.Announce.SMTP.InsecureSkipVerify} ^ internal/pipe/gomod/gomod.go:37:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.CommandContext(ctx, ctx.Config.GoMod.GoBinary, flags...) ^ internal/pipe/gomod/gomod_proxy.go:161:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.CommandContext(ctx, ctx.Config.GoMod.GoBinary, "get", ctx.ModulePath+"@"+ctx.Git.CurrentTag) ^ internal/http/http.go:330:21: G402: TLS MinVersion too low. (gosec) TLSClientConfig: &tls.Config{}, ^ internal/pipe/docker/docker_test.go:58:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command("docker", "images", "-q", "--filter", "reference=*/"+image, "--filter", filter) ^ internal/pipe/docker/docker_test.go:246:18: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.CommandContext(ctx, parts[0], parts[1:]...).CombinedOutput() ^ pkg/archive/tar/tar.go:44:16: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err := io.Copy(w.tw, r); err != nil { ^ internal/pipe/sign/sign_test.go:36:2: G101: Potential hardcoded credentials (gosec) passwordUserTmpl = "{{ .Env.GPG_PASSWORD }}" ^ internal/pipe/sign/sign_test.go:41:10: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand := rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/pipe/universalbinary/universalbinary.go:196:40: G115: integer overflow conversion int -> uint32 (gosec) hdr := []uint32{macho.MagicFat, uint32(len(inputs))} ^ internal/pipe/universalbinary/universalbinary.go:202:27: G115: integer overflow conversion int64 -> uint32 (gosec) hdr = append(hdr, uint32(i.offset)) ^ internal/pipe/universalbinary/universalbinary.go:203:27: G115: integer overflow conversion int -> uint32 (gosec) hdr = append(hdr, uint32(len(i.data))) ^ internal/pipe/webhook/webhook.go:78:23: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: ctx.Config.Announce.Webhook.SkipTLSVerify, ^ internal/pipe/nix/nix.go:582:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command(p.bin, url).Output() ^ internal/pipe/krew/krew_test.go:1025:15: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command( "validate-krew-manifest", "-skip-install", "-manifest=testdata/"+strings.TrimSuffix(t.Name(), "/valid")+".yaml", ).CombinedOutput() internal/client/client_test.go:97:18: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) b[i] = letters[rand.Intn(len(letters))] ^ ```v1.60.3
``` internal/golden/golden.go:68:23: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(tb, os.WriteFile(golden, out, 0o655)) ^ internal/gio/chtimes_test.go:17:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/chtimes_test.go:35:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/chtimes_test.go:43:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(path, nil, 0o644)) ^ internal/gio/copy_test.go:49:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(b, []byte("hello world"), 0o644)) ^ internal/gio/copy_test.go:79:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(src.Name(), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:88:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcDir, testFile), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:100:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcDir, testFile), []byte("foo"), 0o644)) ^ internal/gio/copy_test.go:101:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(filepath.Join(srcLevel2, testFile), []byte("foo"), 0o644)) ^ internal/artifact/artifact_test.go:329:21: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(file, []byte("lorem ipsum"), 0o644)) ^ pkg/archive/zip/zip.go:68:15: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err = io.Copy(ww, rr); err != nil { ^ pkg/archive/zip/zip_test.go:97:13: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(&link, rc) ^ internal/pipe/smtp/smtp.go:80:48: G402: TLS InsecureSkipVerify may be true. (gosec) d.TLSConfig = &tls.Config{InsecureSkipVerify: ctx.Config.Announce.SMTP.InsecureSkipVerify} ^ internal/testlib/git.go:143:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command( "git", "-C", url, "show", branch+":"+name, ).CombinedOutput() pkg/archive/tar/tar.go:44:16: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err := io.Copy(w.tw, r); err != nil { ^ internal/http/http.go:330:21: G402: TLS MinVersion too low. (gosec) TLSClientConfig: &tls.Config{}, ^ internal/pipe/nix/nix.go:582:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command(p.bin, url).Output() ^ internal/pipe/gomod/gomod.go:37:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.CommandContext(ctx, ctx.Config.GoMod.GoBinary, flags...) ^ internal/pipe/gomod/gomod_proxy.go:161:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.CommandContext(ctx, ctx.Config.GoMod.GoBinary, "get", ctx.ModulePath+"@"+ctx.Git.CurrentTag) ^ internal/pipe/krew/krew_test.go:1025:15: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command( "validate-krew-manifest", "-skip-install", "-manifest=testdata/"+strings.TrimSuffix(t.Name(), "/valid")+".yaml", ).CombinedOutput() internal/pipe/sign/sign_test.go:36:2: G101: Potential hardcoded credentials (gosec) passwordUserTmpl = "{{ .Env.GPG_PASSWORD }}" ^ internal/pipe/sign/sign_test.go:41:10: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand := rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/pipe/docker/docker_test.go:58:12: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command("docker", "images", "-q", "--filter", "reference=*/"+image, "--filter", filter) ^ internal/pipe/docker/docker_test.go:246:18: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.CommandContext(ctx, parts[0], parts[1:]...).CombinedOutput() ^ internal/pipe/webhook/webhook.go:78:23: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: ctx.Config.Announce.Webhook.SkipTLSVerify, ^ internal/pipe/universalbinary/universalbinary.go:196:40: G115: integer overflow conversion int -> uint32 (gosec) hdr := []uint32{macho.MagicFat, uint32(len(inputs))} ^ internal/pipe/universalbinary/universalbinary.go:202:27: G115: integer overflow conversion int64 -> uint32 (gosec) hdr = append(hdr, uint32(i.offset)) ^ internal/pipe/universalbinary/universalbinary.go:203:27: G115: integer overflow conversion int -> uint32 (gosec) hdr = append(hdr, uint32(len(i.data))) ^ internal/client/client_test.go:97:18: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) b[i] = letters[rand.Intn(len(letters))] ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
2.354 ± 0.080 | 2.275 | 2.571 | 1.03 ± 0.04 |
v1.60.3 |
2.281 ± 0.044 | 2.199 | 2.347 | 1.00 |
grpc/grpc-go
local
``` internal/backoff/backoff.go:70:35: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) backoff *= 1 + bc.Config.Jitter*(rand.Float64()*2-1) ^ balancer/rls/internal/adaptive/adaptive.go:31:40: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) randFunc = func() float64 { return rand.Float64() } ^ grpclog/glogger/glogger.go:103:31: G115: integer overflow conversion int -> int32 (gosec) return bool(glog.V(glog.Level(l))) ^ benchmark/primitives/code_string_test.go:91:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:98:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:106:25: G115: integer overflow conversion int -> uint32 (gosec) c := codes.Code(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:114:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 18)) ^ benchmark/primitives/code_string_test.go:122:25: G115: integer overflow conversion int -> uint32 (gosec) c := codes.Code(uint32(i % 18)) ^ benchmark/primitives/syncmap_test.go:148:30: G115: integer overflow conversion int -> uint64 (gosec) if m.result(cat) != uint64(bb.goroutineCount*b.N) { ^ internal/status/status.go:52:44: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(code), Message: message}} ^ internal/status/status.go:57:44: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(code), Message: message}} ^ internal/status/status.go:59:21: G115: integer overflow conversion uint32 -> int32 (gosec) if st.Code == int32(code) { ^ internal/status/status.go:77:43: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(c), Message: msg}} ^ internal/status/status.go:105:19: G115: integer overflow conversion int32 -> uint32 (gosec) return codes.Code(s.s.Code) ^ internal/resolver/dns/dns_resolver.go:428:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return rand.Intn(100)+1 <= *a ^ balancer/conn_state_evaluator.go:46:24: G115: integer overflow conversion int -> uint64 (gosec) updateVal := 2*uint64(idx) - 1 // -1 for oldState and +1 for new. ^ codes/codes_test.go:41:15: G115: integer overflow conversion int32 -> uint32 (gosec) want := Code(v) ^ codes/codes_test.go:79:12: G115: integer overflow conversion int -> uint32 (gosec) c := Code(i) ^ internal/serviceconfig/duration_test.go:71:19: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) got := Duration(rand.Uint64()) ^ internal/profiling/buffer/buffer.go:109:36: G115: integer overflow conversion int -> uint32 (gosec) floorExponent := bits.Len32(uint32(runtime.NumCPU())) - 1 ^ internal/profiling/buffer/buffer.go:113:20: G115: integer overflow conversion int -> uint32 (gosec) return 1 << uint32(floorExponent) ^ internal/profiling/buffer/buffer_test.go:53:11: G115: integer overflow conversion int -> uint32 (gosec) if uint32(len(result)) != size/2 { ^ internal/profiling/buffer/buffer_test.go:63:23: G115: integer overflow conversion int -> uint32 (gosec) for i = 0; i < uint32(len(result)); i++ { ^ credentials/sts/sts.go:54:2: G101: Potential hardcoded credentials (gosec) tokenExchangeGrantType = "urn:ietf:params:oauth:grant-type:token-exchange" ^ credentials/sts/sts.go:200:22: G402: TLS MinVersion too low. (gosec) TLSClientConfig: &tls.Config{ RootCAs: roots, }, credentials/sts/sts_test.go:44:2: G101: Potential hardcoded credentials (gosec) requestedTokenType = "urn:ietf:params:oauth:token-type:access-token" ^ credentials/sts/sts_test.go:45:2: G101: Potential hardcoded credentials (gosec) actorTokenPath = "/var/run/secrets/token.jwt" ^ credentials/sts/sts_test.go:46:2: G101: Potential hardcoded credentials (gosec) actorTokenType = "urn:ietf:params:oauth:token-type:refresh_token" ^ credentials/sts/sts_test.go:47:2: G101: Potential hardcoded credentials (gosec) actorTokenContents = "actorToken.jwt.contents" ^ credentials/sts/sts_test.go:49:2: G101: Potential hardcoded credentials (gosec) subjectTokenPath = "/var/run/secrets/token.jwt" ^ credentials/sts/sts_test.go:50:2: G101: Potential hardcoded credentials (gosec) subjectTokenType = "urn:ietf:params:oauth:token-type:id_token" ^ credentials/tls/certprovider/pemfile/watcher_test.go:160:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(dst, data, os.ModePerm); err != nil { ^ balancer/roundrobin/roundrobin.go:63:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) next: uint32(rand.Intn(len(scs))), ^ internal/wrr/wrr_test.go:149:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) weight := rand.Int63n(maxWeight + 1) ^ internal/wrr/wrr_test.go:191:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(0)) ^ internal/testutils/tls_creds.go:47:29: G402: TLS MinVersion too low. (gosec) return credentials.NewTLS(&tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: roots, ServerName: "x.test.example.com", }) internal/testutils/tls_creds.go:71:29: G402: TLS MinVersion too low. (gosec) return credentials.NewTLS(&tls.Config{ ClientAuth: clientAuth, Certificates: []tls.Certificate{cert}, ClientCAs: ca, }) internal/testutils/xds_bootstrap.go:42:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(f.Name(), bootstrapContents, 0644); err != nil { ^ credentials/alts/internal/conn/aes128gcm_test.go:154:48: G601: Implicit memory aliasing in for loop. (gosec) testGCMEncryptionDecryption(client, server, &test, false, t) ^ credentials/alts/internal/conn/aes128gcm_test.go:156:48: G601: Implicit memory aliasing in for loop. (gosec) testGCMEncryptionDecryption(server, client, &test, false, t) ^ credentials/alts/internal/conn/aeadrekey.go:75:23: G407: Use of hardcoded IV/nonce for encryption by passing pointer which points to hardcoded variable (gosec) return s.gcmAEAD.Seal(dst, s.nonceBuf, plaintext, additionalData) ^ credentials/alts/internal/conn/aeadrekey.go:85:23: G407: Use of hardcoded IV/nonce for encryption by passing pointer which points to hardcoded variable (gosec) return s.gcmAEAD.Open(dst, s.nonceBuf, ciphertext, additionalData) ^ internal/binarylog/method_logger_test.go:342:40: G115: integer overflow conversion int -> uint64 (gosec) tc.want.SequenceIdWithinCall = uint64(i + 1) ^ internal/binarylog/method_logger_test.go:540:31: G115: integer overflow conversion uint64 -> int (gosec) if len(tc.msgPb.Data) != int(tc.ml.messageMaxLen) { ^ status/status_test.go:161:17: G115: integer overflow conversion uint32 -> int32 (gosec) Code: int32(c.Code), ^ internal/credentials/util.go:48:11: G402: TLS MinVersion too low. (gosec) return &tls.Config{} ^ benchmark/latency/latency.go:133:75: G115: integer overflow conversion int -> int32 (gosec) hdr := header{ReadTime: c.lastSendEnd.Add(c.delay).UnixNano(), Sz: int32(len(pkt))} ^ internal/channelz/syscall_test.go:44:13: G102: Binds to all network interfaces (gosec) ln, err := net.Listen(network, addr) ^ credentials/tls.go:233:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}) ^ credentials/tls.go:253:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}), nil ^ ```v1.60.3
``` internal/backoff/backoff.go:70:35: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) backoff *= 1 + bc.Config.Jitter*(rand.Float64()*2-1) ^ balancer/rls/internal/adaptive/adaptive.go:31:40: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) randFunc = func() float64 { return rand.Float64() } ^ grpclog/glogger/glogger.go:103:31: G115: integer overflow conversion int -> int32 (gosec) return bool(glog.V(glog.Level(l))) ^ internal/syscall/syscall_linux.go:82:34: G115: integer overflow conversion uintptr -> int (gosec) err = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, int(timeout/time.Millisecond)) ^ internal/syscall/syscall_linux.go:104:39: G115: integer overflow conversion uintptr -> int (gosec) opt, err = syscall.GetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT) ^ internal/tcp_keepalive_unix.go:50:27: G115: integer overflow conversion uintptr -> int (gosec) unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_KEEPALIVE, 1) ^ internal/status/status.go:52:44: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(code), Message: message}} ^ internal/status/status.go:57:44: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(code), Message: message}} ^ internal/status/status.go:59:21: G115: integer overflow conversion uint32 -> int32 (gosec) if st.Code == int32(code) { ^ internal/status/status.go:77:43: G115: integer overflow conversion uint32 -> int32 (gosec) return &Status{s: &spb.Status{Code: int32(c), Message: msg}} ^ benchmark/primitives/code_string_test.go:91:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:98:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:106:25: G115: integer overflow conversion int -> uint32 (gosec) c := codes.Code(uint32(i % 17)) ^ benchmark/primitives/code_string_test.go:114:24: G115: integer overflow conversion int -> uint32 (gosec) c := codeBench(uint32(i % 18)) ^ benchmark/primitives/code_string_test.go:122:25: G115: integer overflow conversion int -> uint32 (gosec) c := codes.Code(uint32(i % 18)) ^ internal/channelz/syscall_linux.go:39:40: G115: integer overflow conversion uintptr -> int (gosec) if v, err := unix.GetsockoptLinger(int(fd), syscall.SOL_SOCKET, syscall.SO_LINGER); err == nil { ^ internal/channelz/syscall_linux.go:42:41: G115: integer overflow conversion uintptr -> int (gosec) if v, err := unix.GetsockoptTimeval(int(fd), syscall.SOL_SOCKET, syscall.SO_RCVTIMEO); err == nil { ^ internal/channelz/syscall_linux.go:45:41: G115: integer overflow conversion uintptr -> int (gosec) if v, err := unix.GetsockoptTimeval(int(fd), syscall.SOL_SOCKET, syscall.SO_SNDTIMEO); err == nil { ^ internal/channelz/syscall_linux.go:48:41: G115: integer overflow conversion uintptr -> int (gosec) if v, err := unix.GetsockoptTCPInfo(int(fd), syscall.SOL_TCP, syscall.TCP_INFO); err == nil { ^ internal/resolver/dns/dns_resolver.go:428:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return rand.Intn(100)+1 <= *a ^ internal/profiling/buffer/buffer.go:109:36: G115: integer overflow conversion int -> uint32 (gosec) floorExponent := bits.Len32(uint32(runtime.NumCPU())) - 1 ^ internal/profiling/buffer/buffer.go:113:20: G115: integer overflow conversion int -> uint32 (gosec) return 1 << uint32(floorExponent) ^ internal/profiling/buffer/buffer_test.go:53:11: G115: integer overflow conversion int -> uint32 (gosec) if uint32(len(result)) != size/2 { ^ internal/profiling/buffer/buffer_test.go:63:23: G115: integer overflow conversion int -> uint32 (gosec) for i = 0; i < uint32(len(result)); i++ { ^ internal/profiling/buffer/buffer_test.go:74:11: G115: integer overflow conversion int -> uint32 (gosec) if uint32(len(result)) != size { ^ internal/credentials/util.go:48:11: G402: TLS MinVersion too low. (gosec) return &tls.Config{} ^ internal/wrr/wrr_test.go:149:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) weight := rand.Int63n(maxWeight + 1) ^ internal/wrr/wrr_test.go:191:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(0)) ^ internal/channelz/syscall_test.go:44:13: G102: Binds to all network interfaces (gosec) ln, err := net.Listen(network, addr) ^ internal/channelz/syscall_test.go:64:35: G115: integer overflow conversion uintptr -> int (gosec) err := unix.SetsockoptLinger(int(fd), syscall.SOL_SOCKET, syscall.SO_LINGER, l) ^ internal/channelz/syscall_test.go:66:69: G115: integer overflow conversion uintptr -> int (gosec) t.Fatalf("failed to SetsockoptLinger(%v,%v,%v,%v) due to %v", int(fd), syscall.SOL_SOCKET, syscall.SO_LINGER, l, err) ^ internal/channelz/syscall_test.go:68:35: G115: integer overflow conversion uintptr -> int (gosec) err = unix.SetsockoptTimeval(int(fd), syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, recvTimeout) ^ status/status_test.go:161:17: G115: integer overflow conversion uint32 -> int32 (gosec) Code: int32(c.Code), ^ credentials/tls.go:233:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}) ^ credentials/tls.go:253:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}), nil ^ credentials/tls.go:258:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{Certificates: []tls.Certificate{*cert}}) ^ credentials/tls.go:268:17: G402: TLS MinVersion too low. (gosec) return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil ^ credentials/credentials_test.go:285:54: G402: TLS InsecureSkipVerify set true. (gosec) clientTLS := NewTLS(&tls.Config{InsecureSkipVerify: true}) ^ credentials/credentials_test.go:300:22: G402: TLS MinVersion too low. (gosec) serverTLSConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, NextProtos: []string{"h2"}, } credentials/credentials_test.go:314:23: G402: TLS InsecureSkipVerify set true. (gosec) InsecureSkipVerify: true, // NOLINT ^ internal/binarylog/method_logger_test.go:540:31: G115: integer overflow conversion uint64 -> int (gosec) if len(tc.msgPb.Data) != int(tc.ml.messageMaxLen) { ^ codes/codes.go:241:12: G115: integer overflow conversion uint64 -> uint32 (gosec) *c = Code(ci) ^ credentials/alts/internal/conn/aes128gcm_test.go:154:48: G601: Implicit memory aliasing in for loop. (gosec) testGCMEncryptionDecryption(client, server, &test, false, t) ^ credentials/alts/internal/conn/aes128gcm_test.go:156:48: G601: Implicit memory aliasing in for loop. (gosec) testGCMEncryptionDecryption(server, client, &test, false, t) ^ benchmark/latency/latency.go:133:75: G115: integer overflow conversion int -> int32 (gosec) hdr := header{ReadTime: c.lastSendEnd.Add(c.delay).UnixNano(), Sz: int32(len(pkt))} ^ internal/serviceconfig/duration_test.go:71:19: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) got := Duration(rand.Uint64()) ^ balancer/roundrobin/roundrobin.go:63:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) next: uint32(rand.Intn(len(scs))), ^ internal/credentials/xds/handshake_info.go:138:23: G402: TLS InsecureSkipVerify set true. (gosec) InsecureSkipVerify: true, ^ internal/credentials/xds/handshake_info.go:161:10: G402: TLS MinVersion too low. (gosec) cfg := &tls.Config{ ClientAuth: tls.NoClientCert, NextProtos: []string{"h2"}, } internal/testutils/tls_creds.go:47:29: G402: TLS MinVersion too low. (gosec) return credentials.NewTLS(&tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: roots, ServerName: "x.test.example.com", }) ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
3.267 ± 0.071 | 3.198 | 3.449 | 1.03 ± 0.02 |
v1.60.3 |
3.180 ± 0.012 | 3.157 | 3.194 | 1.00 |
gohugoio/hugo
local
``` tpl/internal/go_templates/testenv/testenv.go:444:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(dstPath, icfg.Bytes(), 0o666); err != nil { ^ tpl/internal/go_templates/testenv/testenv_notwin.go:34:13: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(fpath, nil, 0644); err != nil { ^ tpl/internal/go_templates/texttemplate/link_test.go:45:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(filepath.Join(td, "x.go"), []byte(prog), 0o644); err != nil { ^ tpl/internal/go_templates/texttemplate/link_test.go:48:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(testenv.GoToolPath(t), "build", "-o", "x.exe", "x.go") ^ markup/tableofcontents/tableofcontents.go:148:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(b.s.String()) ^ lazy/init_test.go:29:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rnd = rand.New(rand.NewSource(time.Now().UnixNano())) ^ lazy/init.go:56:12: G115: integer overflow conversion uint64 -> int (gosec) return int(i) ^ common/types/hstring/stringtypes.go:35:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(s) ^ common/types/hstring/stringtypes_test.go:29:11: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) c.Assert(template.HTML(HTML("Hugo")), qt.Equals, template.HTML("Hugo")) ^ identity/identity.go:255:12: G115: integer overflow conversion uint64 -> int (gosec) return int(atomic.AddUint64(&c.counter, uint64(1))) ^ related/inverted_index_test.go:274:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ related/inverted_index_test.go:282:13: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ related/inverted_index_test.go:345:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ resources/images/exif/exif.go:287:17: G115: integer overflow conversion int64 -> int8 (gosec) return int8(i), nil ^ resources/images/exif/exif.go:289:18: G115: integer overflow conversion int64 -> int16 (gosec) return int16(i), nil ^ resources/images/exif/exif.go:291:18: G115: integer overflow conversion int64 -> int32 (gosec) return int32(i), nil ^ resources/images/exif/exif.go:302:17: G115: integer overflow conversion uint64 -> uint8 (gosec) return uint8(i), nil ^ resources/images/exif/exif.go:304:18: G115: integer overflow conversion uint64 -> uint16 (gosec) return uint16(i), nil ^ resources/images/exif/exif.go:306:18: G115: integer overflow conversion uint64 -> uint32 (gosec) return uint32(i), nil ^ resources/images/exif/exif_test.go:297:46: G115: integer overflow conversion int64 -> uint32 (gosec) r, err := imagemeta.NewRat[uint32](uint32(tt.want.vN), uint32(tt.want.vD)) ^ common/math/math.go:45:15: G115: integer overflow conversion uint64 -> int64 (gosec) bi = int64(bu) // may overflow ^ common/math/math.go:72:15: G115: integer overflow conversion uint64 -> int64 (gosec) ai = int64(au) // may overflow ^ common/hashing/hashing.go:18:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ common/hashing/hashing.go:59:7: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ htesting/test_helpers.go:72:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var Rnd = rand.New(rand.NewSource(time.Now().UnixNano())) ^ common/hugio/hasBytesWriter_test.go:29:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/warpc/warpc.go:360:72: G115: integer overflow conversion int -> uint32 (gosec) runtimeConfig := wazero.NewRuntimeConfig().WithMemoryLimitPages(uint32(numPages)) ^ internal/warpc/warpc_test.go:104:36: G115: integer overflow conversion int -> uint32 (gosec) inputMessage.Header.ID = uint32(j + 1) ^ internal/warpc/warpc_test.go:145:17: G115: integer overflow conversion int -> uint32 (gosec) id := uint32(base + j) ^ internal/warpc/warpc_test.go:199:17: G115: integer overflow conversion int -> uint32 (gosec) id := uint32(base + j) ^ internal/warpc/warpc_test.go:248:20: G115: integer overflow conversion int -> uint32 (gosec) ID: uint32(i + 1), ^ internal/warpc/warpc_test.go:374:20: G115: integer overflow conversion int -> uint32 (gosec) ID: uint32(i + 1), ^ tpl/internal/go_templates/texttemplate/funcs.go:194:12: G115: integer overflow conversion uint64 -> int64 (gosec) x = int64(index.Uint()) ^ tpl/internal/go_templates/texttemplate/funcs.go:485:38: G115: integer overflow conversion int64 -> uint64 (gosec) truth = arg1.Int() >= 0 && uint64(arg1.Int()) == arg.Uint() ^ tpl/internal/go_templates/texttemplate/funcs.go:487:52: G115: integer overflow conversion int64 -> uint64 (gosec) truth = arg.Int() >= 0 && arg1.Uint() == uint64(arg.Int()) ^ tpl/internal/go_templates/texttemplate/funcs.go:552:36: G115: integer overflow conversion int64 -> uint64 (gosec) truth = arg1.Int() < 0 || uint64(arg1.Int()) < arg2.Uint() ^ tpl/internal/go_templates/texttemplate/funcs.go:554:51: G115: integer overflow conversion int64 -> uint64 (gosec) truth = arg2.Int() >= 0 && arg1.Uint() < uint64(arg2.Int()) ^ markup/highlight/highlight.go:119:16: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) highlighted: template.HTML(highlighted), ^ tpl/internal/go_templates/htmltemplate/exec_test.go:1789:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return htmltemplate.HTML(sb.String()), nil ^ navigation/menu_cache_test.go:63:69: G115: integer overflow conversion int -> uint64 (gosec) c.Assert(ca, qt.Equals, !atomic.CompareAndSwapUint64(&o1, uint64(k), uint64(k+1))) ^ navigation/menu_cache_test.go:73:69: G115: integer overflow conversion int -> uint64 (gosec) c.Assert(c3, qt.Equals, !atomic.CompareAndSwapUint64(&o2, uint64(k), uint64(k+1))) ^ livereload/gen/main.go:26:16: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(liveReloadSourceURL) ^ livereload/gen/main.go:34:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile("../livereload.js", b, 0o644) ^ internal/warpc/gen/main.go:64:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(filepath.FromSlash(of.Path), of.Contents, 0o644); err != nil { ^ common/hugo/hugo.go:86:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(fmt.Sprintf(``, CurrentVersion.String())) ^ helpers/content.go:91:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(string(b)) ^ helpers/general.go:40:12: G102: Binds to all network interfaces (gosec) l, err := net.Listen("tcp", ":0") ^ helpers/processing_stats.go:66:34: G115: integer overflow conversion int -> uint64 (gosec) atomic.AddUint64(counter, uint64(amount)) ^ helpers/processing_stats.go:75:47: G115: integer overflow conversion uint64 -> int (gosec) data[i] = []string{tv.name, strconv.Itoa(int(tv.val))} ^ helpers/processing_stats.go:104:49: G115: integer overflow conversion uint64 -> int (gosec) data[j] = []string{tv.name, strconv.Itoa(int(tv.val))} ^ ```v1.60.3
``` tpl/internal/go_templates/testenv/testenv.go:444:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(dstPath, icfg.Bytes(), 0o666); err != nil { ^ tpl/internal/go_templates/testenv/testenv_notwin.go:34:13: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(fpath, nil, 0644); err != nil { ^ common/types/hstring/stringtypes.go:35:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(s) ^ common/types/hstring/stringtypes_test.go:29:11: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) c.Assert(template.HTML(HTML("Hugo")), qt.Equals, template.HTML("Hugo")) ^ common/hashing/hashing.go:18:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ common/hashing/hashing.go:59:7: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ related/inverted_index_test.go:274:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ related/inverted_index_test.go:282:13: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ related/inverted_index_test.go:345:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) start := rand.Intn(len(allKeywords)) ^ resources/images/exif/exif.go:287:17: G115: integer overflow conversion int64 -> int8 (gosec) return int8(i), nil ^ resources/images/exif/exif.go:289:18: G115: integer overflow conversion int64 -> int16 (gosec) return int16(i), nil ^ resources/images/exif/exif.go:291:18: G115: integer overflow conversion int64 -> int32 (gosec) return int32(i), nil ^ resources/images/exif/exif.go:302:17: G115: integer overflow conversion uint64 -> uint8 (gosec) return uint8(i), nil ^ resources/images/exif/exif.go:304:18: G115: integer overflow conversion uint64 -> uint16 (gosec) return uint16(i), nil ^ resources/images/exif/exif.go:306:18: G115: integer overflow conversion uint64 -> uint32 (gosec) return uint32(i), nil ^ resources/images/exif/exif_test.go:297:46: G115: integer overflow conversion int64 -> uint32 (gosec) r, err := imagemeta.NewRat[uint32](uint32(tt.want.vN), uint32(tt.want.vD)) ^ markup/tableofcontents/tableofcontents.go:148:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(b.s.String()) ^ common/math/math.go:45:15: G115: integer overflow conversion uint64 -> int64 (gosec) bi = int64(bu) // may overflow ^ common/math/math.go:72:15: G115: integer overflow conversion uint64 -> int64 (gosec) ai = int64(au) // may overflow ^ identity/identity.go:255:12: G115: integer overflow conversion uint64 -> int (gosec) return int(atomic.AddUint64(&c.counter, uint64(1))) ^ lazy/init_test.go:29:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rnd = rand.New(rand.NewSource(time.Now().UnixNano())) ^ lazy/init.go:56:12: G115: integer overflow conversion uint64 -> int (gosec) return int(i) ^ tpl/internal/go_templates/texttemplate/link_test.go:45:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(filepath.Join(td, "x.go"), []byte(prog), 0o644); err != nil { ^ tpl/internal/go_templates/texttemplate/link_test.go:48:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(testenv.GoToolPath(t), "build", "-o", "x.exe", "x.go") ^ htesting/test_helpers.go:72:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var Rnd = rand.New(rand.NewSource(time.Now().UnixNano())) ^ common/hugio/hasBytesWriter_test.go:29:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/warpc/warpc.go:360:72: G115: integer overflow conversion int -> uint32 (gosec) runtimeConfig := wazero.NewRuntimeConfig().WithMemoryLimitPages(uint32(numPages)) ^ internal/warpc/warpc_test.go:104:36: G115: integer overflow conversion int -> uint32 (gosec) inputMessage.Header.ID = uint32(j + 1) ^ internal/warpc/warpc_test.go:145:17: G115: integer overflow conversion int -> uint32 (gosec) id := uint32(base + j) ^ internal/warpc/warpc_test.go:199:17: G115: integer overflow conversion int -> uint32 (gosec) id := uint32(base + j) ^ internal/warpc/warpc_test.go:248:20: G115: integer overflow conversion int -> uint32 (gosec) ID: uint32(i + 1), ^ internal/warpc/warpc_test.go:374:20: G115: integer overflow conversion int -> uint32 (gosec) ID: uint32(i + 1), ^ tpl/internal/go_templates/texttemplate/funcs.go:194:12: G115: integer overflow conversion uint64 -> int64 (gosec) x = int64(index.Uint()) ^ markup/highlight/highlight.go:119:16: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) highlighted: template.HTML(highlighted), ^ tpl/internal/go_templates/htmltemplate/exec_test.go:1789:10: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return htmltemplate.HTML(sb.String()), nil ^ internal/warpc/gen/main.go:64:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(filepath.FromSlash(of.Path), of.Contents, 0o644); err != nil { ^ livereload/gen/main.go:26:16: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(liveReloadSourceURL) ^ livereload/gen/main.go:34:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile("../livereload.js", b, 0o644) ^ common/hugo/hugo.go:86:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(fmt.Sprintf(``, CurrentVersion.String())) ^ helpers/content.go:91:9: G203: The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input. (gosec) return template.HTML(string(b)) ^ helpers/general.go:40:12: G102: Binds to all network interfaces (gosec) l, err := net.Listen("tcp", ":0") ^ helpers/processing_stats.go:75:47: G115: integer overflow conversion uint64 -> int (gosec) data[i] = []string{tv.name, strconv.Itoa(int(tv.val))} ^ helpers/processing_stats.go:104:49: G115: integer overflow conversion uint64 -> int (gosec) data[j] = []string{tv.name, strconv.Itoa(int(tv.val))} ^ helpers/processing_stats.go:106:47: G115: integer overflow conversion uint64 -> int (gosec) data[j] = append(data[j], strconv.Itoa(int(tv.val))) ^ resources/images/color.go:76:37: G115: integer overflow conversion uint32 -> uint8 (gosec) c.luminance = 0.2126*c.toSRGB(uint8(r)) + 0.7152*c.toSRGB(uint8(g)) + 0.0722*c.toSRGB(uint8(b)) ^ resources/images/color.go:117:26: G115: integer overflow conversion uint32 -> uint8 (gosec) rgba := color.RGBA{uint8(r), uint8(g), uint8(b), uint8(a)} ^ resources/images/smartcrop.go:53:46: G115: integer overflow conversion uint -> int (gosec) result, _ := r.p.Filter(img, gift.Resize(int(width), int(height), r.filter)) ^ deploy/deploy.go:23:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ deploy/deploy.go:460:7: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ deploy/deploy.go:603:11: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
4.192 ± 0.161 | 4.065 | 4.597 | 1.01 ± 0.05 |
v1.60.3 |
4.143 ± 0.121 | 4.037 | 4.458 | 1.00 |
kubernetes/kubernetes
local
``` test/integration/benchmark/jsonify/main.go:89:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(os.Args[1], formatted.Bytes(), 0664) ^ cmd/dependencyverifier/dependencyverifier.go:60:7: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) c := exec.Command(cmd[0], cmd[1:]...) ^ test/images/regression-issue-74839/tcp.go:135:17: G115: integer overflow conversion uint16 -> uint8 (gosec) pkt[16] = uint8(checksum & 0xff) ^ test/images/regression-issue-74839/tcp.go:136:17: G115: integer overflow conversion uint16 -> uint8 (gosec) pkt[17] = uint8(checksum >> 8) ^ test/images/regression-issue-74839/tcp.go:154:54: G115: integer overflow conversion int -> uint16 (gosec) binary.BigEndian.PutUint16(pseudoHeader[2:], uint16(len(data)+len(tcpHeader))) ^ test/images/regression-issue-74839/tcp.go:163:50: G115: integer overflow conversion int -> uint32 (gosec) binary.BigEndian.PutUint32(pseudoHeader, uint32(len(data)+len(tcpHeader))) ^ test/images/regression-issue-74839/tcp.go:193:16: G115: integer overflow conversion uint32 -> uint16 (gosec) return ^uint16(ret) ^ pkg/registry/core/service/allocator/bitmap.go:75:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ pkg/kubelet/cm/topologymanager/bitmask/bitmask.go:184:27: G115: integer overflow conversion uint64 -> int (gosec) bits = append(bits, int(i)) ^ pkg/kubelet/cm/topologymanager/bitmask/bitmask_test.go:619:33: G115: integer overflow conversion int -> uint (gosec) expectedNumMasks := (1 << uint(tc.numbits)) - 1 ^ test/conformance/image/go-runner/cmd.go:96:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(env.Getenv(ginkgoEnvKey), args...) ^ cmd/kubeadm/test/cmd/token_test.go:25:2: G101: Potential hardcoded credentials (gosec) TokenExpectedRegex = "^\\S{6}\\.\\S{16}\n$" ^ test/featuregates_linter/cmd/feature_gates.go:166:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filePath, data, 0644) ^ test/images/agnhost/liveness/server.go:66:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(":8080", nil)) ^ pkg/controller/util/selectors/bimultimap_test.go:431:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return pods[rand.Intn(len(pods))] ^ pkg/controller/util/selectors/bimultimap_test.go:444:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return labels[rand.Intn(len(labels))] ^ pkg/controller/util/selectors/bimultimap_test.go:452:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return hpas[rand.Intn(len(hpas))] ^ pkg/controller/util/selectors/bimultimap_test.go:461:20: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return selectors[rand.Intn(len(selectors))] ^ pkg/controller/util/selectors/bimultimap_test.go:464:10: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) switch rand.Intn(4) { ^ pkg/volume/util/subpath/subpath_linux.go:151:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err = ioutil.WriteFile(bindPathTarget, []byte{}, 0640); err != nil { ^ pkg/kubelet/util/ioutils/ioutils_test.go:29:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(1234)) // Fixed source to prevent flakes. ^ test/images/agnhost/serve-hostname/serve_hostname.go:120:14: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil)) ^ pkg/proxy/util/nfacct/handler.go:66:17: G115: integer overflow conversion int -> uint16 (gosec) Type: uint16(cmd | (unix.NFNL_SUBSYS_ACCT << 8)), ^ pkg/util/oom/oom_linux.go:68:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(oomScoreAdjPath, []byte(value), 0700) ^ cmd/gotemplate/gotemplate_test.go:61:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(path.Join(tmp, fileName), []byte(fileContent), 0666) ^ pkg/kubelet/nodeshutdown/systemd/inhibit_linux.go:195:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(logindOverridePath, []byte(inhibitOverride), 0644); err != nil { ^ pkg/kubelet/nodeshutdown/systemd/inhibit_linux.go:79:27: G115: integer overflow conversion uint64 -> int64 (gosec) duration := time.Duration(delay) * time.Microsecond ^ pkg/kubelet/nodeshutdown/systemd/inhibit_linux_test.go:111:66: G115: integer overflow conversion int64 -> uint64 (gosec) "org.freedesktop.login1.Manager.InhibitDelayMaxUSec": uint64(thirtySeconds / time.Microsecond), ^ test/images/agnhost/net/main.go:120:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(flags.Serve, nil)) ^ test/images/resource-consumer/resource_consumer.go:31:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), resourceConsumerHandler)) ^ test/images/agnhost/resource-consumer-controller/controller.go:82:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), mgr)) ^ test/images/agnhost/resource-consumer-controller/controller.go:250:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MillicoresQuery: {strconv.Itoa(millicores)}, common.DurationSecQuery: {strconv.Itoa(durationSec)}}) ^ test/images/agnhost/resource-consumer-controller/controller.go:264:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MegabytesQuery: {strconv.Itoa(megabytes)}, common.DurationSecQuery: {strconv.Itoa(durationSec)}}) ^ test/images/agnhost/resource-consumer-controller/controller.go:278:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MetricNameQuery: {customMetricName}, common.DurationSecQuery: {strconv.Itoa(durationSec)}, common.DeltaQuery: {strconv.Itoa(delta)}}) test/images/agnhost/test-webserver/test-webserver.go:46:46: G111: Potential directory traversal (gosec) fs := http.StripPrefix("/", http.FileServer(http.Dir("/"))) ^ test/images/agnhost/test-webserver/test-webserver.go:60:15: G114: Use of net/http serve function that has no support for setting timeouts (gosec) go log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil)) ^ test/images/agnhost/fakegitserver/gitserver.go:45:2: G114: Use of net/http serve function that has no support for setting timeouts (gosec) http.ListenAndServe(":8000", nil) ^ test/images/agnhost/porter/porter.go:98:8: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) s := &http.Server{ Addr: "0.0.0.0:" + port, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { body := value if JSONResponse { j, err := json.Marshal(&jsonResponse{ Method: r.Method, Body: value}) if err != nil { http.Error(w, fmt.Sprintf("Internal Server Error: %v", err), 500) return } w.Header().Set("Content-Type", "application/json") body = string(j) } fmt.Fprint(w, body) }), } test/images/agnhost/porter/porter.go:120:8: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) s := &http.Server{ Addr: "0.0.0.0:" + port, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { body := value if JSONResponse { j, err := json.Marshal(&jsonResponse{ Method: r.Method, Body: value}) if err != nil { http.Error(w, fmt.Sprintf("Internal Server Error: %v", err), 500) return } w.Header().Set("Content-Type", "application/json") body = string(j) } fmt.Fprint(w, body) }), } test/utils/oidc/testserver.go:96:20: G402: TLS MinVersion too low. (gosec) httpServer.TLS = &tls.Config{ Certificates: []tls.Certificate{cert}, } test/images/agnhost/guestbook/guestbook.go:129:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", port), nil)) ^ test/images/agnhost/netexec/netexec.go:220:13: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := &http.Server{Addr: fmt.Sprintf(":%d", httpPort)} ^ cmd/kubeadm/app/constants/constants.go:395:2: G101: Potential hardcoded credentials (gosec) KubeadmCertsSecret = "kubeadm-certs" ^ cmd/kubeadm/app/constants/constants.go:523:19: G115: integer overflow conversion uint -> int (gosec) minor := uint(int(ver.Minor()) + n) ^ cmd/kubeadm/app/constants/constants.go:534:44: G115: integer overflow conversion uint -> uint8 (gosec) desiredVersion, etcdStringVersion := uint8(kubernetesVersion.Minor()), "" ^ pkg/apis/core/types.go:6035:2: G101: Potential hardcoded credentials (gosec) SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token" ^ pkg/apis/core/types.go:6054:2: G101: Potential hardcoded credentials (gosec) SecretTypeDockercfg SecretType = "kubernetes.io/dockercfg" ^ pkg/apis/core/types.go:6063:2: G101: Potential hardcoded credentials (gosec) SecretTypeDockerConfigJSON SecretType = "kubernetes.io/dockerconfigjson" ^ pkg/apis/core/types.go:6073:2: G101: Potential hardcoded credentials (gosec) SecretTypeBasicAuth SecretType = "kubernetes.io/basic-auth" ^ pkg/apis/core/types.go:6084:2: G101: Potential hardcoded credentials (gosec) SecretTypeSSHAuth SecretType = "kubernetes.io/ssh-auth" ^ ```v1.60.3
``` test/integration/benchmark/jsonify/main.go:89:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(os.Args[1], formatted.Bytes(), 0664) ^ cmd/dependencyverifier/dependencyverifier.go:60:7: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) c := exec.Command(cmd[0], cmd[1:]...) ^ pkg/kubelet/cm/topologymanager/bitmask/bitmask.go:184:27: G115: integer overflow conversion uint64 -> int (gosec) bits = append(bits, int(i)) ^ test/conformance/image/go-runner/cmd.go:96:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(env.Getenv(ginkgoEnvKey), args...) ^ test/images/regression-issue-74839/tcp.go:135:17: G115: integer overflow conversion uint16 -> uint8 (gosec) pkt[16] = uint8(checksum & 0xff) ^ test/images/regression-issue-74839/tcp.go:136:17: G115: integer overflow conversion uint16 -> uint8 (gosec) pkt[17] = uint8(checksum >> 8) ^ test/images/regression-issue-74839/tcp.go:154:54: G115: integer overflow conversion int -> uint16 (gosec) binary.BigEndian.PutUint16(pseudoHeader[2:], uint16(len(data)+len(tcpHeader))) ^ test/images/regression-issue-74839/tcp.go:163:50: G115: integer overflow conversion int -> uint32 (gosec) binary.BigEndian.PutUint32(pseudoHeader, uint32(len(data)+len(tcpHeader))) ^ test/images/regression-issue-74839/tcp.go:193:16: G115: integer overflow conversion uint32 -> uint16 (gosec) return ^uint16(ret) ^ pkg/registry/core/service/allocator/bitmap.go:75:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ cmd/kubeadm/test/cmd/token_test.go:25:2: G101: Potential hardcoded credentials (gosec) TokenExpectedRegex = "^\\S{6}\\.\\S{16}\n$" ^ test/featuregates_linter/cmd/feature_gates.go:166:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filePath, data, 0644) ^ pkg/volume/util/fsquota/common/quota_common_linux_impl.go:227:16: G115: integer overflow conversion int64 -> int32 (gosec) return QuotaID(projid), nil ^ test/images/agnhost/test-webserver/test-webserver.go:46:46: G111: Potential directory traversal (gosec) fs := http.StripPrefix("/", http.FileServer(http.Dir("/"))) ^ test/images/agnhost/test-webserver/test-webserver.go:60:15: G114: Use of net/http serve function that has no support for setting timeouts (gosec) go log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil)) ^ test/images/agnhost/net/main.go:120:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(flags.Serve, nil)) ^ test/images/agnhost/fakegitserver/gitserver.go:45:2: G114: Use of net/http serve function that has no support for setting timeouts (gosec) http.ListenAndServe(":8000", nil) ^ test/images/agnhost/resource-consumer-controller/controller.go:82:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), mgr)) ^ test/images/agnhost/resource-consumer-controller/controller.go:250:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MillicoresQuery: {strconv.Itoa(millicores)}, common.DurationSecQuery: {strconv.Itoa(durationSec)}}) ^ test/images/agnhost/resource-consumer-controller/controller.go:264:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MegabytesQuery: {strconv.Itoa(megabytes)}, common.DurationSecQuery: {strconv.Itoa(durationSec)}}) ^ test/images/agnhost/resource-consumer-controller/controller.go:278:12: G107: Potential HTTP request made with variable url (gosec) _, err := http.PostForm(query, url.Values{common.MetricNameQuery: {customMetricName}, common.DurationSecQuery: {strconv.Itoa(durationSec)}, common.DeltaQuery: {strconv.Itoa(delta)}}) test/images/agnhost/porter/porter.go:98:8: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) s := &http.Server{ Addr: "0.0.0.0:" + port, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { body := value if JSONResponse { j, err := json.Marshal(&jsonResponse{ Method: r.Method, Body: value}) if err != nil { http.Error(w, fmt.Sprintf("Internal Server Error: %v", err), 500) return } w.Header().Set("Content-Type", "application/json") body = string(j) } fmt.Fprint(w, body) }), } test/images/agnhost/porter/porter.go:120:8: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) s := &http.Server{ Addr: "0.0.0.0:" + port, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { body := value if JSONResponse { j, err := json.Marshal(&jsonResponse{ Method: r.Method, Body: value}) if err != nil { http.Error(w, fmt.Sprintf("Internal Server Error: %v", err), 500) return } w.Header().Set("Content-Type", "application/json") body = string(j) } fmt.Fprint(w, body) }), } test/images/agnhost/liveness/server.go:66:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(":8080", nil)) ^ test/images/agnhost/serve-hostname/serve_hostname.go:120:14: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil)) ^ test/images/resource-consumer/resource_consumer.go:31:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), resourceConsumerHandler)) ^ pkg/volume/util/subpath/subpath_linux.go:151:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err = ioutil.WriteFile(bindPathTarget, []byte{}, 0640); err != nil { ^ pkg/kubelet/util/ioutils/ioutils_test.go:29:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) r := rand.New(rand.NewSource(1234)) // Fixed source to prevent flakes. ^ test/images/agnhost/guestbook/guestbook.go:129:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", port), nil)) ^ pkg/proxy/util/nfacct/handler.go:66:17: G115: integer overflow conversion int -> uint16 (gosec) Type: uint16(cmd | (unix.NFNL_SUBSYS_ACCT << 8)), ^ pkg/kubelet/nodeshutdown/systemd/inhibit_linux.go:195:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(logindOverridePath, []byte(inhibitOverride), 0644); err != nil { ^ pkg/kubelet/nodeshutdown/systemd/inhibit_linux.go:79:27: G115: integer overflow conversion uint64 -> int64 (gosec) duration := time.Duration(delay) * time.Microsecond ^ pkg/controller/util/selectors/bimultimap_test.go:431:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return pods[rand.Intn(len(pods))] ^ pkg/controller/util/selectors/bimultimap_test.go:444:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return labels[rand.Intn(len(labels))] ^ pkg/controller/util/selectors/bimultimap_test.go:452:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return hpas[rand.Intn(len(hpas))] ^ pkg/controller/util/selectors/bimultimap_test.go:461:20: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return selectors[rand.Intn(len(selectors))] ^ pkg/controller/util/selectors/bimultimap_test.go:464:10: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) switch rand.Intn(4) { ^ pkg/util/iptables/iptables_linux.go:100:23: G115: integer overflow conversion uintptr -> int (gosec) return unix.Flock(int(f.Fd()), unix.LOCK_EX|unix.LOCK_NB) ^ test/utils/image/csi_manifest.go:129:30: G602: slice index out of range (gosec) if child, ok := object[path[0]]; ok { ^ test/utils/image/csi_manifest.go:130:34: G602: slice bounds out of range (gosec) findStrings(child, visit, path[1:]...) ^ test/images/agnhost/netexec/netexec.go:220:13: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := &http.Server{Addr: fmt.Sprintf(":%d", httpPort)} ^ pkg/util/oom/oom_linux.go:68:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(oomScoreAdjPath, []byte(value), 0700) ^ cmd/gotemplate/gotemplate_test.go:61:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(path.Join(tmp, fileName), []byte(fileContent), 0666) ^ test/utils/oidc/testserver.go:96:20: G402: TLS MinVersion too low. (gosec) httpServer.TLS = &tls.Config{ Certificates: []tls.Certificate{cert}, } pkg/api/v1/endpoints/util.go:21:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ pkg/api/v1/endpoints/util.go:157:12: G401: Use of weak cryptographic primitive (gosec) hasher := md5.New() ^ pkg/api/v1/endpoints/util.go:213:12: G401: Use of weak cryptographic primitive (gosec) hasher := md5.New() ^ pkg/api/v1/endpoints/util.go:232:12: G401: Use of weak cryptographic primitive (gosec) hasher := md5.New() ^ pkg/probe/dialer_others.go:37:33: G115: integer overflow conversion uintptr -> int (gosec) syscall.SetsockoptLinger(int(fd), syscall.SOL_SOCKET, syscall.SO_LINGER, &syscall.Linger{Onoff: 1, Linger: 1}) ^ test/e2e_node/plugins/gcp-credential-provider/main.go:32:7: G101: Potential hardcoded credentials (gosec) const metadataTokenEndpoint = "http://metadata.google.internal./computeMetadata/v1/instance/service-accounts/default/token" ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
29.860 ± 0.240 | 29.524 | 30.155 | 1.02 ± 0.01 |
v1.60.3 |
29.351 ± 0.150 | 29.084 | 29.574 | 1.00 |
go-acme/lego
local
``` acme/api/order_test.go:23:22: G403: RSA keys should be at least 2048 bits (gosec) privateKey, errK := rsa.GenerateKey(rand.Reader, 512) ^ certcrypto/crypto_test.go:25:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ certcrypto/crypto_test.go:110:14: G403: RSA keys should be at least 2048 bits (gosec) key, err := rsa.GenerateKey(reader, 32) ^ challenge/http01/http_challenge_server.go:72:2: G104: Errors unhandled. (gosec) s.listener.Close() ^ challenge/http01/http_challenge_server.go:126:17: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) httpServer := &http.Server{Handler: mux} ^ challenge/http01/http_challenge_test.go:100:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ challenge/http01/http_challenge_test.go:169:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ challenge/http01/http_challenge_test.go:193:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 128) ^ challenge/http01/http_challenge_test.go:414:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ challenge/tlsalpn01/tls_alpn_challenge_server.go:75:10: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.Serve(s.listener, nil) ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:32:24: G402: TLS InsecureSkipVerify set true. (gosec) InsecureSkipVerify: true, ^ e2e/loader/loader.go:91:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(l.lego, arg...) ^ e2e/loader/loader.go:122:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(cmdNamePebble, l.PebbleOptions.Args...) ^ e2e/loader/loader.go:141:101: G402: TLS InsecureSkipVerify set true. (gosec) client := &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}} ^ e2e/loader/loader.go:182:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(cmdNameChallSrv, l.ChallSrv.Args...) ^ e2e/loader/loader.go:252:9: G204: Subprocess launched with variable (gosec) cmd := exec.Command(toolPath, "build", "-o", binary) ^ internal/dnsdocs/generator.go:119:15: G304: Potential file inclusion via variable (gosec) file, err := os.Create(filename) ^ internal/dnsdocs/generator.go:203:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(readmePath, buffer.Bytes(), 0o666) ^ internal/release.go:189:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filename, source, 0o644) ^ platform/config/env/env.go:156:23: G304: Potential file inclusion via variable (gosec) fileContents, err := os.ReadFile(fileVarValue) ^ platform/config/env/env_test.go:374:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(file.Name(), []byte("lego_file\n"), 0o644) ^ platform/config/env/env_test.go:399:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(file.Name(), []byte("lego_file"), 0o644) ^ platform/tester/env.go:106:3: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env.go:141:4: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env_test.go:30:4: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env_test.go:338:2: G104: Errors unhandled. (gosec) os.Setenv(envVar01, "A") ^ platform/tester/env_test.go:339:2: G104: Errors unhandled. (gosec) os.Setenv(envVar02, "B") ^ platform/tester/env_test.go:352:2: G104: Errors unhandled. (gosec) os.Setenv(envVar01, "A") ^ platform/tester/env_test.go:353:2: G104: Errors unhandled. (gosec) os.Setenv(envVar02, "B") ^ platform/tester/env_test.go:354:2: G104: Errors unhandled. (gosec) os.Setenv("EXTRA_LEGO_TEST", "X") ^ providers/dns/bluecat/internal/identity_test.go:14:7: G101: Potential hardcoded credentials (gosec) const fakeToken = "BAMAuthToken: dQfuRMTUxNjc3MjcyNDg1ODppcGFybXM=" ^ providers/dns/constellix/internal/auth.go:5:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/constellix/internal/auth.go:14:7: G101: Potential hardcoded credentials (gosec) const securityTokenHeader = "x-cns-security-token" ^ providers/dns/cpanel/internal/whm/client_test.go:31:16: G304: Potential file inclusion via variable (gosec) open, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/dnsmadeeasy/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/dyn/internal/client_test.go:51:16: G304: Potential file inclusion via variable (gosec) open, err := os.Open(filepath.Join("fixtures", file)) ^ providers/dns/dyn/internal/client_test.go:86:16: G304: Potential file inclusion via variable (gosec) open, err := os.Open(filepath.Join("fixtures", file)) ^ providers/dns/gandiv5/internal/client.go:21:7: G101: Potential hardcoded credentials (gosec) const APIKeyHeader = "X-Api-Key" ^ providers/dns/hyperone/internal/token_test.go:13:7: G101: Potential hardcoded credentials: RSA private key (gosec) const privateKey = `-----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgGFfgMY+DuO8l0RYrMLhcl6U/NigNIiOVhoo/xnYyoQALpWxBaBR +iVJiBUYunQjKA33yAiY0AasCfSn1JB6asayQvGGn73xztLjkeCVLT+9e4nJ0A/o dK8SOKBg9FFe70KJrWjJd626el0aVDJjtCE+QxJExA0UZbQp+XIyveQXAgMBAAEC gYBHcL1XNWLRPaWx9GlUVfoGYMMd4HSKl/ueF+QKP59dt5B2LTnWhS7FOqzH5auu 17hkfx3ZCNzfeEuZn6T6F4bMtsQ6A5iT/DeRlG8tOPiCVZ/L0j6IFM78iIUT8XyA miwnSy1xGSBA67yUmsLxFg2DtGCjamAkY0C5pccadaB7oQJBAKsIPpMXMni+Oo1I kVxRyoIZgDxsMJiihG2YLVqo8rPtdErl+Lyg3ziVyg9KR6lFMaTBkYBTLoCPof3E AB/jyucCQQCRv1cVnYNx+bfnXsBlcsCFDV2HkEuLTpxj7hauD4P3GcyLidSsUkn1 PiPunZqKpsQaIoxc/BzTOCcP19ifgqdRAkBJ8Cp9FE4xfKt7YJ/WtVVCoRubA3qO wdNWPa99vgQOXN0lc/3wLevSXo8XxRjtyIgJndT1EQDNe0qglhcnsiaJAkBziAcR /VAq0tZys2szf6kYTyXqxfj8Lo5NsHeN9oKXJ346xkEtb/VsT5vQFGJishsU1HoL Y1W+IO7l4iW3G6xhAkACNwtqxSRRbVsNCUMENpKmYhsyN8QXJ8V+o2A9s+pl21Kz HIIm179mUYCgO6iAHmkqxlFHFwprUBKdPrmP8qF9 -----END RSA PRIVATE KEY-----` providers/dns/internetbs/internal/client.go:150:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(filepath.Join("fixtures", strings.Join(fields, "_")+".json"), raw, 0o666) ^ providers/dns/internetbs/internal/client_test.go:245:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filename) ^ providers/dns/mythicbeasts/internal/client_test.go:46:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/nicmanager/internal/client.go:20:2: G101: Potential hardcoded credentials (gosec) headerTOTPToken = "X-Auth-Token" ^ providers/dns/nicmanager/internal/client_test.go:132:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/nifcloud/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/otc/internal/mock.go:16:7: G101: Potential hardcoded credentials (gosec) const fakeOTCToken = "62244bc21da68d03ebac94e6636ff01f" ^ providers/dns/variomedia/internal/client_test.go:47:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filename) ^ providers/dns/versio/internal/client_test.go:35:15: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/websupport/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ registration/registar_test.go:30:14: G403: RSA keys should be at least 2048 bits (gosec) key, err := rsa.GenerateKey(rand.Reader, 512) ^ ```v1.60.3
``` acme/api/order_test.go:23:22: G403: RSA keys should be at least 2048 bits (gosec) privateKey, errK := rsa.GenerateKey(rand.Reader, 512) ^ certcrypto/crypto_test.go:25:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ certcrypto/crypto_test.go:110:14: G403: RSA keys should be at least 2048 bits (gosec) key, err := rsa.GenerateKey(reader, 32) ^ challenge/http01/http_challenge_server.go:72:2: G104: Errors unhandled. (gosec) s.listener.Close() ^ challenge/http01/http_challenge_server.go:126:17: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) httpServer := &http.Server{Handler: mux} ^ challenge/tlsalpn01/tls_alpn_challenge_server.go:75:10: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.Serve(s.listener, nil) ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:32:24: G402: TLS InsecureSkipVerify set true. (gosec) InsecureSkipVerify: true, ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:69:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:98:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 128) ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:135:24: G402: TLS InsecureSkipVerify set true. (gosec) InsecureSkipVerify: true, ^ challenge/tlsalpn01/tls_alpn_challenge_test.go:170:21: G403: RSA keys should be at least 2048 bits (gosec) privateKey, err := rsa.GenerateKey(rand.Reader, 512) ^ e2e/loader/loader.go:91:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(l.lego, arg...) ^ e2e/loader/loader.go:122:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(cmdNamePebble, l.PebbleOptions.Args...) ^ e2e/loader/loader.go:141:101: G402: TLS InsecureSkipVerify set true. (gosec) client := &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}} ^ e2e/loader/loader.go:182:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(cmdNameChallSrv, l.ChallSrv.Args...) ^ e2e/loader/loader.go:252:9: G204: Subprocess launched with variable (gosec) cmd := exec.Command(toolPath, "build", "-o", binary) ^ internal/dnsdocs/generator.go:119:15: G304: Potential file inclusion via variable (gosec) file, err := os.Create(filename) ^ internal/dnsdocs/generator.go:203:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(readmePath, buffer.Bytes(), 0o666) ^ internal/release.go:189:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filename, source, 0o644) ^ platform/config/env/env_test.go:374:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(file.Name(), []byte("lego_file\n"), 0o644) ^ platform/config/env/env_test.go:399:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(file.Name(), []byte("lego_file"), 0o644) ^ platform/tester/env.go:106:3: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env.go:141:4: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env_test.go:30:4: G104: Errors unhandled. (gosec) os.Setenv(key, value) ^ platform/tester/env_test.go:338:2: G104: Errors unhandled. (gosec) os.Setenv(envVar01, "A") ^ platform/tester/env_test.go:339:2: G104: Errors unhandled. (gosec) os.Setenv(envVar02, "B") ^ platform/tester/env_test.go:352:2: G104: Errors unhandled. (gosec) os.Setenv(envVar01, "A") ^ platform/tester/env_test.go:353:2: G104: Errors unhandled. (gosec) os.Setenv(envVar02, "B") ^ platform/tester/env_test.go:354:2: G104: Errors unhandled. (gosec) os.Setenv("EXTRA_LEGO_TEST", "X") ^ providers/dns/allinkl/internal/client_test.go:144:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/bluecat/internal/identity_test.go:14:7: G101: Potential hardcoded credentials (gosec) const fakeToken = "BAMAuthToken: dQfuRMTUxNjc3MjcyNDg1ODppcGFybXM=" ^ providers/dns/brandit/internal/client_test.go:20:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/constellix/internal/auth.go:5:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/constellix/internal/auth.go:14:7: G101: Potential hardcoded credentials (gosec) const securityTokenHeader = "x-cns-security-token" ^ providers/dns/dnsmadeeasy/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/gandiv5/internal/client.go:21:7: G101: Potential hardcoded credentials (gosec) const APIKeyHeader = "X-Api-Key" ^ providers/dns/hosttech/internal/client_test.go:249:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/hyperone/internal/token_test.go:13:7: G101: Potential hardcoded credentials: RSA private key (gosec) const privateKey = `-----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgGFfgMY+DuO8l0RYrMLhcl6U/NigNIiOVhoo/xnYyoQALpWxBaBR +iVJiBUYunQjKA33yAiY0AasCfSn1JB6asayQvGGn73xztLjkeCVLT+9e4nJ0A/o dK8SOKBg9FFe70KJrWjJd626el0aVDJjtCE+QxJExA0UZbQp+XIyveQXAgMBAAEC gYBHcL1XNWLRPaWx9GlUVfoGYMMd4HSKl/ueF+QKP59dt5B2LTnWhS7FOqzH5auu 17hkfx3ZCNzfeEuZn6T6F4bMtsQ6A5iT/DeRlG8tOPiCVZ/L0j6IFM78iIUT8XyA miwnSy1xGSBA67yUmsLxFg2DtGCjamAkY0C5pccadaB7oQJBAKsIPpMXMni+Oo1I kVxRyoIZgDxsMJiihG2YLVqo8rPtdErl+Lyg3ziVyg9KR6lFMaTBkYBTLoCPof3E AB/jyucCQQCRv1cVnYNx+bfnXsBlcsCFDV2HkEuLTpxj7hauD4P3GcyLidSsUkn1 PiPunZqKpsQaIoxc/BzTOCcP19ifgqdRAkBJ8Cp9FE4xfKt7YJ/WtVVCoRubA3qO wdNWPa99vgQOXN0lc/3wLevSXo8XxRjtyIgJndT1EQDNe0qglhcnsiaJAkBziAcR /VAq0tZys2szf6kYTyXqxfj8Lo5NsHeN9oKXJ346xkEtb/VsT5vQFGJishsU1HoL Y1W+IO7l4iW3G6xhAkACNwtqxSRRbVsNCUMENpKmYhsyN8QXJ8V+o2A9s+pl21Kz HIIm179mUYCgO6iAHmkqxlFHFwprUBKdPrmP8qF9 -----END RSA PRIVATE KEY-----` providers/dns/internetbs/internal/client.go:150:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = os.WriteFile(filepath.Join("fixtures", strings.Join(fields, "_")+".json"), raw, 0o666) ^ providers/dns/limacity/internal/client_test.go:46:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/mythicbeasts/internal/client_test.go:46:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/nicmanager/internal/client.go:20:2: G101: Potential hardcoded credentials (gosec) headerTOTPToken = "X-Auth-Token" ^ providers/dns/nicmanager/internal/client_test.go:132:16: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/nifcloud/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/otc/internal/mock.go:16:7: G101: Potential hardcoded credentials (gosec) const fakeOTCToken = "62244bc21da68d03ebac94e6636ff01f" ^ providers/dns/versio/internal/client_test.go:35:15: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath.Join("fixtures", filename)) ^ providers/dns/websupport/internal/client.go:7:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ providers/dns/websupport/internal/client_test.go:31:16: G304: Potential file inclusion via variable (gosec) open, err := os.Open(file) ^ providers/dns/yandex360/internal/client_test.go:31:16: G304: Potential file inclusion via variable (gosec) open, err := os.Open(filepath.Join("fixtures", filename)) ^ registration/registar_test.go:30:14: G403: RSA keys should be at least 2048 bits (gosec) key, err := rsa.GenerateKey(rand.Reader, 512) ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
3.109 ± 0.061 | 3.027 | 3.206 | 1.03 ± 0.02 |
v1.60.3 |
3.019 ± 0.023 | 2.982 | 3.059 | 1.00 |
pact-foundation/pact-go
local
``` proxy/http.go:101:10: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.ListenAndServe(fmt.Sprintf(":%d", port), wrapper(proxy)) ^ installer/installer.go:22:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ installer/installer.go:421:15: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(src) ^ installer/installer.go:432:11: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(f, archive) ^ installer/installer.go:509:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(pactConfigPath, bytes, 0644) ^ installer/installer.go:527:7: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ provider/verifier.go:64:6: G114: Use of net/http serve function that has no support for setting timeouts (gosec) _ = http.ListenAndServe(fmt.Sprintf("%s:%d", v.Hostname, port), mux) ^ provider/verifier.go:141:20: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ provider/verify_request.go:188:72: G115: integer overflow conversion int -> uint16 (gosec) handle.SetProviderInfo(v.Provider, url.Scheme, url.Hostname(), uint16(port), url.Path) ^ ```v1.60.3
``` proxy/http.go:101:10: G114: Use of net/http serve function that has no support for setting timeouts (gosec) err := http.ListenAndServe(fmt.Sprintf(":%d", port), wrapper(proxy)) ^ installer/installer.go:22:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ installer/installer.go:421:15: G107: Potential HTTP request made with variable url (gosec) resp, err := http.Get(src) ^ installer/installer.go:432:11: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(f, archive) ^ installer/installer.go:509:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(pactConfigPath, bytes, 0644) ^ installer/installer.go:527:7: G401: Use of weak cryptographic primitive (gosec) h := md5.New() ^ provider/verifier.go:64:6: G114: Use of net/http serve function that has no support for setting timeouts (gosec) _ = http.ListenAndServe(fmt.Sprintf("%s:%d", v.Hostname, port), mux) ^ provider/verifier.go:141:20: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ provider/verify_request.go:188:72: G115: integer overflow conversion int -> uint16 (gosec) handle.SetProviderInfo(v.Provider, url.Scheme, url.Hostname(), uint16(port), url.Path) ^ ```| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
local |
551.2 ± 9.5 | 538.7 | 569.9 | 1.07 ± 0.03 |
v1.60.3 |
513.8 ± 8.8 | 504.9 | 533.6 | 1.00 |
rclone/rclone
local
``` backend/hidrive/hidrivehash/hidrivehash.go:11:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ backend/hidrive/hidrivehash/hidrivehash.go:153:13: G401: Use of weak cryptographic primitive (gosec) l.hasher = sha1.New() ^ backend/hidrive/hidrivehash/hidrivehash.go:314:16: G401: Use of weak cryptographic primitive (gosec) h.blockHash = sha1.New() ^ backend/hidrive/hidrivehash/hidrivehash.go:60:26: G115: integer overflow conversion int -> uint32 (gosec) *bytesInBlock += uint32(c) ^ backend/hidrive/hidrivehash/hidrivehash.go:138:41: G115: integer overflow conversion int -> uint32 (gosec) return writeByBlock(p, l.hasher, uint32(l.BlockSize()), &l.bytesInHasher, &l.onlyNullBytesInHasher, onBlockWritten) ^ backend/hidrive/hidrivehash/hidrivehash.go:125:29: G115: integer overflow conversion int -> uint32 (gosec) l.bytesInHasher += uint32(c) ^ backend/hidrive/hidrivehash/hidrivehash.go:376:31: G115: integer overflow conversion uint64 -> int (gosec) h.levels = make([]*level, int(amount)) ^ backend/hidrive/hidrivehash/hidrivehash.go:379:16: G115: integer overflow conversion uint64 -> int (gosec) length := int(binary.BigEndian.Uint64(b[offset:])) ^ backend/mailru/mrhash/mrhash.go:9:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ backend/mailru/mrhash/mrhash.go:89:10: G401: Use of weak cryptographic primitive (gosec) clone = sha1.New() ^ backend/mailru/mrhash/mrhash.go:96:10: G401: Use of weak cryptographic primitive (gosec) d.sha = sha1.New() ^ fs/hash/hash.go:5:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ fs/hash/hash.go:6:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ fs/hash/hash.go:348:13: G115: integer overflow conversion int -> uint64 (gosec) x := uint64(h) ^ fs/hash/hash.go:354:12: G115: integer overflow conversion uint64 -> int (gosec) return int(x >> 56) ^ lib/encoder/internal/gen/main.go:215:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rng = rand.New(rand.NewSource(*seed)) ^ bin/not-in-stable.go:29:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command("git", "log", "--oneline", from+".."+to) ^ cmd/test/info/internal/build_csv/main.go:25:13: G304: Potential file inclusion via variable (gosec) f, err := os.Open(fn) ^ lib/ranges/ranges_test.go:131:22: G601: Implicit memory aliasing in for loop. (gosec) gotMerged := merge(&test.new, &test.dst) ^ lib/ranges/ranges_test.go:286:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) Pos: rand.Int63n(100), ^ lib/ranges/ranges_test.go:287:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) Size: rand.Int63n(10) + 1, ^ lib/pacer/pacers.go:212:65: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return time.Second<v1.60.3
``` backend/hidrive/hidrivehash/hidrivehash.go:11:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ backend/hidrive/hidrivehash/hidrivehash.go:153:13: G401: Use of weak cryptographic primitive (gosec) l.hasher = sha1.New() ^ backend/hidrive/hidrivehash/hidrivehash.go:314:16: G401: Use of weak cryptographic primitive (gosec) h.blockHash = sha1.New() ^ backend/hidrive/hidrivehash/hidrivehash.go:60:26: G115: integer overflow conversion int -> uint32 (gosec) *bytesInBlock += uint32(c) ^ backend/hidrive/hidrivehash/hidrivehash.go:138:41: G115: integer overflow conversion int -> uint32 (gosec) return writeByBlock(p, l.hasher, uint32(l.BlockSize()), &l.bytesInHasher, &l.onlyNullBytesInHasher, onBlockWritten) ^ backend/hidrive/hidrivehash/hidrivehash.go:125:29: G115: integer overflow conversion int -> uint32 (gosec) l.bytesInHasher += uint32(c) ^ backend/hidrive/hidrivehash/hidrivehash.go:376:31: G115: integer overflow conversion uint64 -> int (gosec) h.levels = make([]*level, int(amount)) ^ backend/hidrive/hidrivehash/hidrivehash.go:379:16: G115: integer overflow conversion uint64 -> int (gosec) length := int(binary.BigEndian.Uint64(b[offset:])) ^ bin/not-in-stable.go:29:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command("git", "log", "--oneline", from+".."+to) ^ cmd/test/info/internal/build_csv/main.go:25:13: G304: Potential file inclusion via variable (gosec) f, err := os.Open(fn) ^ fs/hash/hash.go:5:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ fs/hash/hash.go:6:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ fs/hash/hash.go:354:12: G115: integer overflow conversion uint64 -> int (gosec) return int(x >> 56) ^ lib/encoder/internal/gen/main.go:215:8: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rng = rand.New(rand.NewSource(*seed)) ^ backend/mailru/mrhash/mrhash.go:9:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ backend/mailru/mrhash/mrhash.go:89:10: G401: Use of weak cryptographic primitive (gosec) clone = sha1.New() ^ backend/mailru/mrhash/mrhash.go:96:10: G401: Use of weak cryptographic primitive (gosec) d.sha = sha1.New() ^ lib/encoder/filename/decode.go:63:53: G115: integer overflow conversion uint64 -> int (gosec) return string(bytes.Repeat(data[len(data)-1:], int(n))), nil ^ lib/terminal/terminal.go:81:21: G115: integer overflow conversion uintptr -> int (gosec) if !IsTerminal(int(f.Fd())) { ^ lib/terminal/terminal_normal.go:15:31: G115: integer overflow conversion uintptr -> int (gosec) w, h, err := term.GetSize(int(os.Stdout.Fd())) ^ fstest/testserver/testserver.go:52:9: G204: Subprocess launched with variable (gosec) cmd := exec.Command(cmdPath, command) ^ lib/ranges/ranges_test.go:131:22: G601: Implicit memory aliasing in for loop. (gosec) gotMerged := merge(&test.new, &test.dst) ^ lib/ranges/ranges_test.go:286:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) Pos: rand.Int63n(100), ^ lib/ranges/ranges_test.go:287:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) Size: rand.Int63n(10) + 1, ^ vfs/test_vfs/test_vfs.go:51:11: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) isDir: rand.Intn(2) == 0, ^ vfs/test_vfs/test_vfs.go:89:7: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) i := rand.Intn(len(t.tests)) ^ vfs/test_vfs/test_vfs.go:232:9: G301: Expect directory permissions to be 0750 or less (gosec) err := os.Mkdir(t.path(), 0777) ^ fs/fspath/path_test.go:464:23: G301: Expect directory permissions to be 0750 or less (gosec) require.NoError(t, os.MkdirAll("corpus", 0777)) ^ fs/fspath/path_test.go:465:23: G306: Expect WriteFile permissions to be 0600 or less (gosec) require.NoError(t, os.WriteFile(fmt.Sprintf("corpus/%02d", testNumber), []byte(test.in), 0666)) ^ lib/pacer/pacers.go:212:65: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) return time.Second<| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
4.149 ± 0.031 | 4.114 | 4.211 | 1.02 ± 0.01 |
v1.60.3 |
4.064 ± 0.027 | 4.027 | 4.103 | 1.00 |
hashicorp/terraform
local
``` internal/copy/copy_dir_test.go:41:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(subModuleDir, "main.tf"), []byte("hello"), 0644) ^ internal/copy/copy_dir_test.go:77:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(moduleDir, "main.tf"), []byte("hello"), 0644) ^ internal/copy/copy_value_test.go:67:21: G602: slice bounds out of range (gosec) fullInput := input[0:4] ^ internal/lang/funcs/crypto.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/lang/funcs/crypto.go:9:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ internal/lang/funcs/crypto_test.go:686:2: G101: Potential hardcoded credentials: RSA private key (gosec) PrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG Y+DfJJNd9i6TbIDWu8254/erAS6bKMhW/3q7f2kCgYAZ7Id/BiKJAWRpqTRBXlvw BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/lang/funcs/crypto_test.go:744:2: G101: Potential hardcoded credentials: RSA private key (gosec) WrongPrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAlrCgnEVgmNKCq7KPc+zUU5IrxPu1ClMNJS7RTsTPEkbwe5SB p+6V6WtCbD/X/lDRRGbOENChh1Phulb7lViqgrdpHydgsrKoS5ah3DfSIxLFLE00 9Yo4TCYwgw6+s59j16ZAFVinaQ9l6Kmrb2ll136hMrz8QKh+qw+onOLd38WFgm+W ZtUqSXf2LANzfzzy4OWFNyFqKaCAolSkPdTS9Nz+svtScvp002DQp8OdP1AgPO+l o5N3M38Fftapwg0pCtJ5Zq0NRWIXEonXiTEMA6zy3gEZVOmDxoIFUWnmrqlMJLFy 5S6LDrHSdqJhCxDK6WRZj43X9j8spktk3eGhMwIDAQABAoIBAAem8ID/BOi9x+Tw LFi2rhGQWqimH4tmrEQ3HGnjlKBY+d1MrUjZ1MMFr1nP5CgF8pqGnfA8p/c3Sz8r K5tp5T6+EZiDZ2WrrOApxg5ox0MAsQKO6SGO40z6o3wEQ6rbbTaGOrraxaWQIpyu AQanU4Sd6ZGqByVBaS1GnklZO+shCHqw73b7g1cpLEmFzcYnKHYHlUUIsstMe8E1 BaCY0CH7JbWBjcbiTnBVwIRZuu+EjGiQuhTilYL2OWqoMVg1WU0L2IFpR8lkf/2W SBx5J6xhwbBGASOpM+qidiN580GdPzGhWYSqKGroHEzBm6xPSmV1tadNA26WFG4p pthLiAECgYEA5BsPRpNYJAQLu5B0N7mj9eEp0HABVEgL/MpwiImjaKdAwp78HM64 IuPvJxs7r+xESiIz4JyjR8zrQjYOCKJsARYkmNlEuAz0SkHabCw1BdEBwUhjUGVB efoERK6GxfAoNqmSDwsOvHFOtsmDIlbHmg7G2rUxNVpeou415BSB0B8CgYEAqR4J YHKk2Ibr9rU+rBU33TcdTGw0aAkFNAVeqM9j0haWuFXmV3RArgoy09lH+2Ha6z/g fTX2xSDAWV7QUlLOlBRIhurPAo2jO2yCrGHPZcWiugstrR2hTTInigaSnCmK3i7F 6sYmL3S7K01IcVNxSlWvGijtClT92Cl2WUCTfG0CgYAiEjyk4QtQTd5mxLvnOu5X oqs5PBGmwiAwQRiv/EcRMbJFn7Oupd3xMDSflbzDmTnWDOfMy/jDl8MoH6TW+1PA kcsjnYhbKWwvz0hN0giVdtOZSDO1ZXpzOrn6fEsbM7T9/TQY1SD9WrtUKCNTNL0Z sM1ZC6lu+7GZCpW4HKwLJwKBgQCRT0yxQXBg1/UxwuO5ynV4rx2Oh76z0WRWIXMH S0MyxdP1SWGkrS/SGtM3cg/GcHtA/V6vV0nUcWK0p6IJyjrTw2XZ/zGluPuTWJYi 9dvVT26Vunshrz7kbH7KuwEICy3V4IyQQHeY+QzFlR70uMS0IVFWAepCoWqHbIDT CYhwNQKBgGPcLXmjpGtkZvggl0aZr9LsvCTckllSCFSI861kivL/rijdNoCHGxZv dfDkLTLcz9Gk41rD9Gxn/3sqodnTAc3Z2PxFnzg1Q/u3+x6YAgBwI/g/jE2xutGW H7CurtMwALQ/n/6LUKFmjRZjqbKX9SO2QSaC3grd6sY9Tu+bZjLe -----END RSA PRIVATE KEY----- ` internal/lang/funcs/crypto_test.go:773:2: G101: Potential hardcoded credentials: RSA private key (gosec) BadPrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/addrs/resource.go:588:22: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var deposedKeyRand = rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/registry/test/mock_registry.go:56:2: G101: Potential hardcoded credentials (gosec) testCred = "test-auth-token" ^ internal/communicator/ssh/communicator.go:112:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) randShared = rand.New(rand.NewSource( time.Now().UnixNano() * int64(os.Getpid()))) internal/communicator/ssh/provisioner.go:330:16: G106: Use of ssh InsecureIgnoreHostKey should be audited (gosec) hkCallback := ssh.InsecureIgnoreHostKey() ^ internal/communicator/ssh/communicator_test.go:32:7: G101: Potential hardcoded credentials: RSA private key (gosec) const testServerPrivateKey = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA19lGVsTqIT5iiNYRgnoY1CwkbETW5cq+Rzk5v/kTlf31XpSU 70HVWkbTERECjaYdXM2gGcbb+sxpq6GtXf1M3kVomycqhxwhPv4Cr6Xp4WT/jkFx 9z+FFzpeodGJWjOH6L2H5uX1Cvr9EDdQp9t9/J32/qBFntY8GwoUI/y/1MSTmMiF tupdMODN064vd3gyMKTwrlQ8tZM6aYuyOPsutLlUY7M5x5FwMDYvnPDSeyT/Iw0z s3B+NCyqeeMd2T7YzQFnRATj0M7rM5LoSs7DVqVriOEABssFyLj31PboaoLhOKgc qoM9khkNzr7FHVvi+DhYM2jD0DwvqZLN6NmnLwIDAQABAoIBAQCGVj+kuSFOV1lT +IclQYA6bM6uY5mroqcSBNegVxCNhWU03BxlW//BE9tA/+kq53vWylMeN9mpGZea riEMIh25KFGWXqXlOOioH8bkMsqA8S7sBmc7jljyv+0toQ9vCCtJ+sueNPhxQQxH D2YvUjfzBQ04I9+wn30BByDJ1QA/FoPsunxIOUCcRBE/7jxuLYcpR+JvEF68yYIh atXRld4W4in7T65YDR8jK1Uj9XAcNeDYNpT/M6oFLx1aPIlkG86aCWRO19S1jLPT b1ZAKHHxPMCVkSYW0RqvIgLXQOR62D0Zne6/2wtzJkk5UCjkSQ2z7ZzJpMkWgDgN ifCULFPBAoGBAPoMZ5q1w+zB+knXUD33n1J+niN6TZHJulpf2w5zsW+m2K6Zn62M MXndXlVAHtk6p02q9kxHdgov34Uo8VpuNjbS1+abGFTI8NZgFo+bsDxJdItemwC4 KJ7L1iz39hRN/ZylMRLz5uTYRGddCkeIHhiG2h7zohH/MaYzUacXEEy3AoGBANz8 e/msleB+iXC0cXKwds26N4hyMdAFE5qAqJXvV3S2W8JZnmU+sS7vPAWMYPlERPk1 D8Q2eXqdPIkAWBhrx4RxD7rNc5qFNcQWEhCIxC9fccluH1y5g2M+4jpMX2CT8Uv+ 3z+NoJ5uDTXZTnLCfoZzgZ4nCZVZ+6iU5U1+YXFJAoGBANLPpIV920n/nJmmquMj orI1R/QXR9Cy56cMC65agezlGOfTYxk5Cfl5Ve+/2IJCfgzwJyjWUsFx7RviEeGw 64o7JoUom1HX+5xxdHPsyZ96OoTJ5RqtKKoApnhRMamau0fWydH1yeOEJd+TRHhc XStGfhz8QNa1dVFvENczja1vAoGABGWhsd4VPVpHMc7lUvrf4kgKQtTC2PjA4xoc QJ96hf/642sVE76jl+N6tkGMzGjnVm4P2j+bOy1VvwQavKGoXqJBRd5Apppv727g /SM7hBXKFc/zH80xKBBgP/i1DR7kdjakCoeu4ngeGywvu2jTS6mQsqzkK+yWbUxJ I7mYBsECgYB/KNXlTEpXtz/kwWCHFSYA8U74l7zZbVD8ul0e56JDK+lLcJ0tJffk gqnBycHj6AhEycjda75cs+0zybZvN4x65KZHOGW/O/7OAWEcZP5TPb3zf9ned3Hl NsZoFj52ponUM6+99A2CmezFCN16c4mbA//luWF+k3VVqR6BpkrhKw== -----END RSA PRIVATE KEY-----` internal/communicator/ssh/communicator_test.go:463:7: G101: Potential hardcoded credentials: RSA private key (gosec) const SERVER_PEM = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA8CkDr7uxCFt6lQUVwS8NyPO+fQNxORoGnMnN/XhVJZvpqyKR Uji9R0d8D66bYxUUsabXjP2y4HTVzbZtnvXFZZshk0cOtJjjekpYJaLK2esPR/iX wvSltNkrDQDPN/RmgEEMIevW8AgrPsqrnybFHxTpd7rEUHXBOe4nMNRIg3XHykB6 jZk8q5bBPUe3I/f0DK5TJEBpTc6dO3P/j93u55VUqr39/SPRHnld2mCw+c8v6UOh sssO/DIZFPScD3DYqsk2N+/nz9zXfcOTdWGhawgxuIo1DTokrNQbG3pDrLqcWgqj 13vqJFCmRA0O2CQIwJePd6+Np/XO3Uh/KL6FlQIDAQABAoIBAQCmvQMXNmvCDqk7 30zsVDvw4fHGH+azK3Od1aqTqcEMHISOUbCtckFPxLzIsoSltRQqB1kuRVG07skm Stsu+xny4lLcSwBVuLRuykEK2EyYIc/5Owo6y9pkhkaSf5ZfFes4bnD6+B/BhRpp PRMMq0E+xCkX/G6iIi9mhgdlqm0x/vKtjzQeeshw9+gRcRLUpX+UeKFKXMXcDayx qekr1bAaQKNBhTK+CbZjcqzG4f+BXVGRTZ9nsPAV+yTnWUCU0TghwPmtthHbebqa 9hlkum7qik/bQj/tjJ8/b0vTfHQSVxhtPG/ZV2Tn9ZuL/vrkYqeyMU8XkJ/uaEvH WPyOcB4BAoGBAP5o5JSEtPog+U3JFrLNSRjz5ofZNVkJzice+0XyqlzJDHhX5tF8 mriYQZLLXYhckBm4IdkhTn/dVbXNQTzyy2WVuO5nU8bkCMvGL9CGpW4YGqwGf7NX e4H3emtRjLv8VZpUHe/RUUDhmYvMSt1qmXuskfpROuGfLhQBUd6A4J+BAoGBAPGp UcMKjrxZ5qjYU6DLgS+xeca4Eu70HgdbSQbRo45WubXjyXvTRFij36DrpxJWf1D7 lIsyBifoTra/lAuC1NQXGYWjTCdk2ey8Ll5qOgiXvE6lINHABr+U/Z90/g6LuML2 VzaZbq/QLcT3yVsdyTogKckzCaKsCpusyHE1CXAVAoGAd6kMglKc8N0bhZukgnsN +5+UeacPcY6sGTh4RWErAjNKGzx1A2lROKvcg9gFaULoQECcIw2IZ5nKW5VsLueg BWrTrcaJ4A2XmYjhKnp6SvspaGoyHD90hx/Iw7t6r1yzQsB3yDmytwqldtyjBdvC zynPC2azhDWjraMlR7tka4ECgYAxwvLiHa9sm3qCtCDsUFtmrb3srITBjaUNUL/F 1q8+JR+Sk7gudj9xnTT0VvINNaB71YIt83wPBagHu4VJpYQbtDH+MbUBu6OgOtO1 f1w53rzY2OncJxV8p7pd9mJGLoE6LC2jQY7oRw7Vq0xcJdME1BCmrIrEY3a/vaF8 pjYuTQKBgQCIOH23Xita8KmhH0NdlWxZfcQt1j3AnOcKe6UyN4BsF8hqS7eTA52s WjG5X2IBl7gs1eMM1qkqR8npS9nwfO/pBmZPwjiZoilypXxWj+c+P3vwre2yija4 bXgFVj4KFBwhr1+8KcobxC0SAPEouMvSkxzjjw+gnebozUtPlud9jA== -----END RSA PRIVATE KEY----- ` internal/communicator/ssh/communicator_test.go:492:7: G101: Potential hardcoded credentials: RSA private key (gosec) const CLIENT_PEM = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAsruexO8yFkchFrmojoopDkmShY28C5KRPX26BXyy7DVCY+M8 PuW2VCbc1ivK6D44C/LNaD53K6OcLk7SNjbuH5KXhStB2996OhMpLLo+DpuPulHp p9UBHG9G2aivGcoPQ4PXXj+y3hNL+/G+f42WnxYMMb/v7DITND0Q9+DQg2HGJpJB 5b0LUFhQHWz1woIITm3nWcmHaKmVboU7IjzFrUEv3HPTOLb+pjzrkJYWbd0fzof5 MFMruOaBkW+W4TuCYnKMxUt6HgpaVPlDG4LJZMwKSasWQVje/jwxUmYSpNhrJcns j+LB9xN9GdNMlYv5UGIJkLAfh4OgpXpjUDDbvwIDAQABAoIBAEu2ctFVyk/pnbi0 uRR4rl+hBvKQUeJNGj2ELvL4Ggs5nIAX2IOEZ7JKLC6FqpSrFq7pEd5g57aSvixX s3DH4CN7w7fj1ShBCNPlHgIWewdRGpeA74vrDWdwNAEsFdDE6aZeCTOhpDGy1vNJ OrtpzS5i9pN0jTvvEneEjtWSZIHiiVlN+0hsFaiwZ6KXON+sDccZPmnP6Fzwj5Rc WS0dKSwnxnx0otWgwWFs8nr306nSeMsNmQkHsS9lz4DEVpp9owdzrX1JmbQvNYAV ohmB3ET4JYFgerqPXJfed9poueGuWCP6MYhsjNeHN35QhofxdO5/0i3JlZfqwZei tNq/0oECgYEA6SqjRqDiIp3ajwyB7Wf0cIQG/P6JZDyN1jl//htgniliIH5UP1Tm uAMG5MincV6X9lOyXyh6Yofu5+NR0yt9SqbDZVJ3ZCxKTun7pxJvQFd7wl5bMkiJ qVfS08k6gQHHDoO+eel+DtpIfWc+e3tvX0aihSU0GZEMqDXYkkphLGECgYEAxDxb +JwJ3N5UEjjkuvFBpuJnmjIaN9HvQkTv3inlx1gLE4iWBZXXsu4aWF8MCUeAAZyP 42hQDSkCYX/A22tYCEn/jfrU6A+6rkWBTjdUlYLvlSkhosSnO+117WEItb5cUE95 hF4UY7LNs1AsDkV4WE87f/EjpxSwUAjB2Lfd/B8CgYAJ/JiHsuZcozQ0Qk3iVDyF ATKnbWOHFozgqw/PW27U92LLj32eRM2o/gAylmGNmoaZt1YBe2NaiwXxiqv7hnZU VzYxRcn1UWxRWvY7Xq/DKrwTRCVVzwOObEOMbKcD1YaoGX50DEso6bKHJH/pnAzW INlfKIvFuI+5OK0w/tyQoQKBgQCf/jpaOxaLfrV62eobRQJrByLDBGB97GsvU7di IjTWz8DQH0d5rE7d8uWF8ZCFrEcAiV6DYZQK9smbJqbd/uoacAKtBro5rkFdPwwK 8m/DKqsdqRhkdgOHh7bjYH7Sdy8ax4Fi27WyB6FQtmgFBrz0+zyetsODwQlzZ4Bs qpSRrwKBgQC0vWHrY5aGIdF+b8EpP0/SSLLALpMySHyWhDyxYcPqdhszYbjDcavv xrrLXNUD2duBHKPVYE+7uVoDkpZXLUQ4x8argo/IwQM6Kh2ma1y83TYMT6XhL1+B 5UPcl6RXZBCkiU7nFIG6/0XKFqVWc3fU8e09X+iJwXIJ5Jatywtg+g== -----END RSA PRIVATE KEY----- ` internal/communicator/ssh/communicator_test.go:642:27: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) source := io.LimitReader(rand.New(rand.NewSource(0)), size) ^ internal/communicator/ssh/communicator_test.go:338:19: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/communicator/ssh/communicator_test.go:370:24: G115: integer overflow conversion int -> uint16 (gosec) connInfo.Port = uint16(port) ^ internal/communicator/ssh/communicator_test.go:413:19: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/communicator/ssh/communicator_test.go:445:24: G115: integer overflow conversion int -> uint16 (gosec) connInfo.Port = uint16(port) ^ internal/communicator/ssh/communicator_test.go:535:22: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/communicator/winrm/communicator.go:52:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ internal/command/cliconfig/credentials_test.go:96:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:119:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:165:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:190:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/moduletest/mocking/generate.go:121:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) b[i] = chars[rand.Intn(len(chars))] ^ internal/moduletest/mocking/fill_test.go:202:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) testRand = rand.New(rand.NewSource(0)) ^ internal/moduletest/mocking/values_test.go:981:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) testRand = rand.New(rand.NewSource(0)) ^ internal/configs/configload/copy_dir_test.go:41:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(subModuleDir, "main.tf"), []byte("hello"), 0644) ^ internal/configs/configload/copy_dir_test.go:77:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(moduleDir, "main.tf"), []byte("hello"), 0644) ^ internal/providers/schemas.go:22:27: G115: integer overflow conversion int64 -> uint64 (gosec) return res.Block, uint64(res.Version) ^ internal/lang/functions_test.go:1382:2: G101: Potential hardcoded credentials: RSA private key (gosec) PrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG Y+DfJJNd9i6TbIDWu8254/erAS6bKMhW/3q7f2kCgYAZ7Id/BiKJAWRpqTRBXlvw BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/states/statefile/version3_upgrade.go:34:27: G115: integer overflow conversion int64 -> uint64 (gosec) Serial: uint64(old.Serial), ^ internal/states/statefile/version3_upgrade.go:274:26: G115: integer overflow conversion int -> uint64 (gosec) schemaVersion = uint64(tv) ^ internal/states/statemgr/locker.go:23:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var rngSource = rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/states/statemgr/filesystem_test.go:64:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command("go", "run", "testdata/lockstate.go", s.path).CombinedOutput() ^ internal/states/remote/remote_test.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/states/remote/remote_test.go:48:14: G401: Use of weak cryptographic primitive (gosec) checksum := md5.Sum(c.current) ^ internal/states/remote/remote_test.go:97:14: G401: Use of weak cryptographic primitive (gosec) checksum := md5.Sum(c.current) ^ internal/cloud/cloudplan/saved_plan.go:69:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(filepath, data, 0644) ^ internal/command/workdir/plugin_dirs.go:84:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) return ioutil.WriteFile(filePath, raw, 0644) ^ internal/backend/remote-state/inmem/client.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/backend/remote-state/inmem/client.go:32:9: G401: Use of weak cryptographic primitive (gosec) md5 := md5.Sum(data) ^ internal/e2e/e2e.go:122:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(b.binPath, args...) ^ internal/backend/remote-state/http/backend.go:288:34: G402: TLS InsecureSkipVerify set true. (gosec) tlsConfig.InsecureSkipVerify = true ^ internal/backend/remote-state/http/client.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/backend/remote-state/http/client.go:66:11: G401: Use of weak cryptographic primitive (gosec) hash := md5.Sum(*data) ^ internal/backend/remote-state/http/client.go:199:11: G401: Use of weak cryptographic primitive (gosec) hash := md5.Sum(payload.Data) ^ internal/backend/remote-state/http/server_test.go:245:11: G402: TLS MinVersion too low. (gosec) s.TLS = &tls.Config{ ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: clientCAs, Certificates: []tls.Certificate{cert}, } ```v1.60.3
``` internal/terminal/impl_others.go:45:28: G115: integer overflow conversion uintptr -> int (gosec) return term.IsTerminal(int(f.Fd())) ^ internal/terminal/impl_others.go:49:35: G115: integer overflow conversion uintptr -> int (gosec) width, _, err := term.GetSize(int(f.Fd())) ^ internal/copy/copy_dir_test.go:41:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(subModuleDir, "main.tf"), []byte("hello"), 0644) ^ internal/copy/copy_dir_test.go:77:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(moduleDir, "main.tf"), []byte("hello"), 0644) ^ internal/copy/copy_value_test.go:67:21: G602: slice bounds out of range (gosec) fullInput := input[0:4] ^ internal/dag/marshal.go:164:26: G115: integer overflow conversion uintptr -> int (gosec) return strconv.Itoa(int(val.Pointer())) ^ internal/lang/funcs/crypto.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/lang/funcs/crypto.go:9:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ internal/lang/funcs/crypto_test.go:686:2: G101: Potential hardcoded credentials: RSA private key (gosec) PrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG Y+DfJJNd9i6TbIDWu8254/erAS6bKMhW/3q7f2kCgYAZ7Id/BiKJAWRpqTRBXlvw BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/lang/funcs/crypto_test.go:744:2: G101: Potential hardcoded credentials: RSA private key (gosec) WrongPrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAlrCgnEVgmNKCq7KPc+zUU5IrxPu1ClMNJS7RTsTPEkbwe5SB p+6V6WtCbD/X/lDRRGbOENChh1Phulb7lViqgrdpHydgsrKoS5ah3DfSIxLFLE00 9Yo4TCYwgw6+s59j16ZAFVinaQ9l6Kmrb2ll136hMrz8QKh+qw+onOLd38WFgm+W ZtUqSXf2LANzfzzy4OWFNyFqKaCAolSkPdTS9Nz+svtScvp002DQp8OdP1AgPO+l o5N3M38Fftapwg0pCtJ5Zq0NRWIXEonXiTEMA6zy3gEZVOmDxoIFUWnmrqlMJLFy 5S6LDrHSdqJhCxDK6WRZj43X9j8spktk3eGhMwIDAQABAoIBAAem8ID/BOi9x+Tw LFi2rhGQWqimH4tmrEQ3HGnjlKBY+d1MrUjZ1MMFr1nP5CgF8pqGnfA8p/c3Sz8r K5tp5T6+EZiDZ2WrrOApxg5ox0MAsQKO6SGO40z6o3wEQ6rbbTaGOrraxaWQIpyu AQanU4Sd6ZGqByVBaS1GnklZO+shCHqw73b7g1cpLEmFzcYnKHYHlUUIsstMe8E1 BaCY0CH7JbWBjcbiTnBVwIRZuu+EjGiQuhTilYL2OWqoMVg1WU0L2IFpR8lkf/2W SBx5J6xhwbBGASOpM+qidiN580GdPzGhWYSqKGroHEzBm6xPSmV1tadNA26WFG4p pthLiAECgYEA5BsPRpNYJAQLu5B0N7mj9eEp0HABVEgL/MpwiImjaKdAwp78HM64 IuPvJxs7r+xESiIz4JyjR8zrQjYOCKJsARYkmNlEuAz0SkHabCw1BdEBwUhjUGVB efoERK6GxfAoNqmSDwsOvHFOtsmDIlbHmg7G2rUxNVpeou415BSB0B8CgYEAqR4J YHKk2Ibr9rU+rBU33TcdTGw0aAkFNAVeqM9j0haWuFXmV3RArgoy09lH+2Ha6z/g fTX2xSDAWV7QUlLOlBRIhurPAo2jO2yCrGHPZcWiugstrR2hTTInigaSnCmK3i7F 6sYmL3S7K01IcVNxSlWvGijtClT92Cl2WUCTfG0CgYAiEjyk4QtQTd5mxLvnOu5X oqs5PBGmwiAwQRiv/EcRMbJFn7Oupd3xMDSflbzDmTnWDOfMy/jDl8MoH6TW+1PA kcsjnYhbKWwvz0hN0giVdtOZSDO1ZXpzOrn6fEsbM7T9/TQY1SD9WrtUKCNTNL0Z sM1ZC6lu+7GZCpW4HKwLJwKBgQCRT0yxQXBg1/UxwuO5ynV4rx2Oh76z0WRWIXMH S0MyxdP1SWGkrS/SGtM3cg/GcHtA/V6vV0nUcWK0p6IJyjrTw2XZ/zGluPuTWJYi 9dvVT26Vunshrz7kbH7KuwEICy3V4IyQQHeY+QzFlR70uMS0IVFWAepCoWqHbIDT CYhwNQKBgGPcLXmjpGtkZvggl0aZr9LsvCTckllSCFSI861kivL/rijdNoCHGxZv dfDkLTLcz9Gk41rD9Gxn/3sqodnTAc3Z2PxFnzg1Q/u3+x6YAgBwI/g/jE2xutGW H7CurtMwALQ/n/6LUKFmjRZjqbKX9SO2QSaC3grd6sY9Tu+bZjLe -----END RSA PRIVATE KEY----- ` internal/lang/funcs/crypto_test.go:773:2: G101: Potential hardcoded credentials: RSA private key (gosec) BadPrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/addrs/resource.go:588:22: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var deposedKeyRand = rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/communicator/ssh/communicator.go:112:16: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) randShared = rand.New(rand.NewSource( time.Now().UnixNano() * int64(os.Getpid()))) internal/communicator/ssh/provisioner.go:330:16: G106: Use of ssh InsecureIgnoreHostKey should be audited (gosec) hkCallback := ssh.InsecureIgnoreHostKey() ^ internal/communicator/ssh/communicator_test.go:32:7: G101: Potential hardcoded credentials: RSA private key (gosec) const testServerPrivateKey = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA19lGVsTqIT5iiNYRgnoY1CwkbETW5cq+Rzk5v/kTlf31XpSU 70HVWkbTERECjaYdXM2gGcbb+sxpq6GtXf1M3kVomycqhxwhPv4Cr6Xp4WT/jkFx 9z+FFzpeodGJWjOH6L2H5uX1Cvr9EDdQp9t9/J32/qBFntY8GwoUI/y/1MSTmMiF tupdMODN064vd3gyMKTwrlQ8tZM6aYuyOPsutLlUY7M5x5FwMDYvnPDSeyT/Iw0z s3B+NCyqeeMd2T7YzQFnRATj0M7rM5LoSs7DVqVriOEABssFyLj31PboaoLhOKgc qoM9khkNzr7FHVvi+DhYM2jD0DwvqZLN6NmnLwIDAQABAoIBAQCGVj+kuSFOV1lT +IclQYA6bM6uY5mroqcSBNegVxCNhWU03BxlW//BE9tA/+kq53vWylMeN9mpGZea riEMIh25KFGWXqXlOOioH8bkMsqA8S7sBmc7jljyv+0toQ9vCCtJ+sueNPhxQQxH D2YvUjfzBQ04I9+wn30BByDJ1QA/FoPsunxIOUCcRBE/7jxuLYcpR+JvEF68yYIh atXRld4W4in7T65YDR8jK1Uj9XAcNeDYNpT/M6oFLx1aPIlkG86aCWRO19S1jLPT b1ZAKHHxPMCVkSYW0RqvIgLXQOR62D0Zne6/2wtzJkk5UCjkSQ2z7ZzJpMkWgDgN ifCULFPBAoGBAPoMZ5q1w+zB+knXUD33n1J+niN6TZHJulpf2w5zsW+m2K6Zn62M MXndXlVAHtk6p02q9kxHdgov34Uo8VpuNjbS1+abGFTI8NZgFo+bsDxJdItemwC4 KJ7L1iz39hRN/ZylMRLz5uTYRGddCkeIHhiG2h7zohH/MaYzUacXEEy3AoGBANz8 e/msleB+iXC0cXKwds26N4hyMdAFE5qAqJXvV3S2W8JZnmU+sS7vPAWMYPlERPk1 D8Q2eXqdPIkAWBhrx4RxD7rNc5qFNcQWEhCIxC9fccluH1y5g2M+4jpMX2CT8Uv+ 3z+NoJ5uDTXZTnLCfoZzgZ4nCZVZ+6iU5U1+YXFJAoGBANLPpIV920n/nJmmquMj orI1R/QXR9Cy56cMC65agezlGOfTYxk5Cfl5Ve+/2IJCfgzwJyjWUsFx7RviEeGw 64o7JoUom1HX+5xxdHPsyZ96OoTJ5RqtKKoApnhRMamau0fWydH1yeOEJd+TRHhc XStGfhz8QNa1dVFvENczja1vAoGABGWhsd4VPVpHMc7lUvrf4kgKQtTC2PjA4xoc QJ96hf/642sVE76jl+N6tkGMzGjnVm4P2j+bOy1VvwQavKGoXqJBRd5Apppv727g /SM7hBXKFc/zH80xKBBgP/i1DR7kdjakCoeu4ngeGywvu2jTS6mQsqzkK+yWbUxJ I7mYBsECgYB/KNXlTEpXtz/kwWCHFSYA8U74l7zZbVD8ul0e56JDK+lLcJ0tJffk gqnBycHj6AhEycjda75cs+0zybZvN4x65KZHOGW/O/7OAWEcZP5TPb3zf9ned3Hl NsZoFj52ponUM6+99A2CmezFCN16c4mbA//luWF+k3VVqR6BpkrhKw== -----END RSA PRIVATE KEY-----` internal/communicator/ssh/communicator_test.go:463:7: G101: Potential hardcoded credentials: RSA private key (gosec) const SERVER_PEM = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA8CkDr7uxCFt6lQUVwS8NyPO+fQNxORoGnMnN/XhVJZvpqyKR Uji9R0d8D66bYxUUsabXjP2y4HTVzbZtnvXFZZshk0cOtJjjekpYJaLK2esPR/iX wvSltNkrDQDPN/RmgEEMIevW8AgrPsqrnybFHxTpd7rEUHXBOe4nMNRIg3XHykB6 jZk8q5bBPUe3I/f0DK5TJEBpTc6dO3P/j93u55VUqr39/SPRHnld2mCw+c8v6UOh sssO/DIZFPScD3DYqsk2N+/nz9zXfcOTdWGhawgxuIo1DTokrNQbG3pDrLqcWgqj 13vqJFCmRA0O2CQIwJePd6+Np/XO3Uh/KL6FlQIDAQABAoIBAQCmvQMXNmvCDqk7 30zsVDvw4fHGH+azK3Od1aqTqcEMHISOUbCtckFPxLzIsoSltRQqB1kuRVG07skm Stsu+xny4lLcSwBVuLRuykEK2EyYIc/5Owo6y9pkhkaSf5ZfFes4bnD6+B/BhRpp PRMMq0E+xCkX/G6iIi9mhgdlqm0x/vKtjzQeeshw9+gRcRLUpX+UeKFKXMXcDayx qekr1bAaQKNBhTK+CbZjcqzG4f+BXVGRTZ9nsPAV+yTnWUCU0TghwPmtthHbebqa 9hlkum7qik/bQj/tjJ8/b0vTfHQSVxhtPG/ZV2Tn9ZuL/vrkYqeyMU8XkJ/uaEvH WPyOcB4BAoGBAP5o5JSEtPog+U3JFrLNSRjz5ofZNVkJzice+0XyqlzJDHhX5tF8 mriYQZLLXYhckBm4IdkhTn/dVbXNQTzyy2WVuO5nU8bkCMvGL9CGpW4YGqwGf7NX e4H3emtRjLv8VZpUHe/RUUDhmYvMSt1qmXuskfpROuGfLhQBUd6A4J+BAoGBAPGp UcMKjrxZ5qjYU6DLgS+xeca4Eu70HgdbSQbRo45WubXjyXvTRFij36DrpxJWf1D7 lIsyBifoTra/lAuC1NQXGYWjTCdk2ey8Ll5qOgiXvE6lINHABr+U/Z90/g6LuML2 VzaZbq/QLcT3yVsdyTogKckzCaKsCpusyHE1CXAVAoGAd6kMglKc8N0bhZukgnsN +5+UeacPcY6sGTh4RWErAjNKGzx1A2lROKvcg9gFaULoQECcIw2IZ5nKW5VsLueg BWrTrcaJ4A2XmYjhKnp6SvspaGoyHD90hx/Iw7t6r1yzQsB3yDmytwqldtyjBdvC zynPC2azhDWjraMlR7tka4ECgYAxwvLiHa9sm3qCtCDsUFtmrb3srITBjaUNUL/F 1q8+JR+Sk7gudj9xnTT0VvINNaB71YIt83wPBagHu4VJpYQbtDH+MbUBu6OgOtO1 f1w53rzY2OncJxV8p7pd9mJGLoE6LC2jQY7oRw7Vq0xcJdME1BCmrIrEY3a/vaF8 pjYuTQKBgQCIOH23Xita8KmhH0NdlWxZfcQt1j3AnOcKe6UyN4BsF8hqS7eTA52s WjG5X2IBl7gs1eMM1qkqR8npS9nwfO/pBmZPwjiZoilypXxWj+c+P3vwre2yija4 bXgFVj4KFBwhr1+8KcobxC0SAPEouMvSkxzjjw+gnebozUtPlud9jA== -----END RSA PRIVATE KEY----- ` internal/communicator/ssh/communicator_test.go:492:7: G101: Potential hardcoded credentials: RSA private key (gosec) const CLIENT_PEM = `-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAsruexO8yFkchFrmojoopDkmShY28C5KRPX26BXyy7DVCY+M8 PuW2VCbc1ivK6D44C/LNaD53K6OcLk7SNjbuH5KXhStB2996OhMpLLo+DpuPulHp p9UBHG9G2aivGcoPQ4PXXj+y3hNL+/G+f42WnxYMMb/v7DITND0Q9+DQg2HGJpJB 5b0LUFhQHWz1woIITm3nWcmHaKmVboU7IjzFrUEv3HPTOLb+pjzrkJYWbd0fzof5 MFMruOaBkW+W4TuCYnKMxUt6HgpaVPlDG4LJZMwKSasWQVje/jwxUmYSpNhrJcns j+LB9xN9GdNMlYv5UGIJkLAfh4OgpXpjUDDbvwIDAQABAoIBAEu2ctFVyk/pnbi0 uRR4rl+hBvKQUeJNGj2ELvL4Ggs5nIAX2IOEZ7JKLC6FqpSrFq7pEd5g57aSvixX s3DH4CN7w7fj1ShBCNPlHgIWewdRGpeA74vrDWdwNAEsFdDE6aZeCTOhpDGy1vNJ OrtpzS5i9pN0jTvvEneEjtWSZIHiiVlN+0hsFaiwZ6KXON+sDccZPmnP6Fzwj5Rc WS0dKSwnxnx0otWgwWFs8nr306nSeMsNmQkHsS9lz4DEVpp9owdzrX1JmbQvNYAV ohmB3ET4JYFgerqPXJfed9poueGuWCP6MYhsjNeHN35QhofxdO5/0i3JlZfqwZei tNq/0oECgYEA6SqjRqDiIp3ajwyB7Wf0cIQG/P6JZDyN1jl//htgniliIH5UP1Tm uAMG5MincV6X9lOyXyh6Yofu5+NR0yt9SqbDZVJ3ZCxKTun7pxJvQFd7wl5bMkiJ qVfS08k6gQHHDoO+eel+DtpIfWc+e3tvX0aihSU0GZEMqDXYkkphLGECgYEAxDxb +JwJ3N5UEjjkuvFBpuJnmjIaN9HvQkTv3inlx1gLE4iWBZXXsu4aWF8MCUeAAZyP 42hQDSkCYX/A22tYCEn/jfrU6A+6rkWBTjdUlYLvlSkhosSnO+117WEItb5cUE95 hF4UY7LNs1AsDkV4WE87f/EjpxSwUAjB2Lfd/B8CgYAJ/JiHsuZcozQ0Qk3iVDyF ATKnbWOHFozgqw/PW27U92LLj32eRM2o/gAylmGNmoaZt1YBe2NaiwXxiqv7hnZU VzYxRcn1UWxRWvY7Xq/DKrwTRCVVzwOObEOMbKcD1YaoGX50DEso6bKHJH/pnAzW INlfKIvFuI+5OK0w/tyQoQKBgQCf/jpaOxaLfrV62eobRQJrByLDBGB97GsvU7di IjTWz8DQH0d5rE7d8uWF8ZCFrEcAiV6DYZQK9smbJqbd/uoacAKtBro5rkFdPwwK 8m/DKqsdqRhkdgOHh7bjYH7Sdy8ax4Fi27WyB6FQtmgFBrz0+zyetsODwQlzZ4Bs qpSRrwKBgQC0vWHrY5aGIdF+b8EpP0/SSLLALpMySHyWhDyxYcPqdhszYbjDcavv xrrLXNUD2duBHKPVYE+7uVoDkpZXLUQ4x8argo/IwQM6Kh2ma1y83TYMT6XhL1+B 5UPcl6RXZBCkiU7nFIG6/0XKFqVWc3fU8e09X+iJwXIJ5Jatywtg+g== -----END RSA PRIVATE KEY----- ` internal/communicator/ssh/communicator_test.go:642:27: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) source := io.LimitReader(rand.New(rand.NewSource(0)), size) ^ internal/communicator/ssh/communicator_test.go:338:19: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/communicator/ssh/communicator_test.go:370:24: G115: integer overflow conversion int -> uint16 (gosec) connInfo.Port = uint16(port) ^ internal/communicator/ssh/communicator_test.go:413:19: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/communicator/ssh/communicator_test.go:445:24: G115: integer overflow conversion int -> uint16 (gosec) connInfo.Port = uint16(port) ^ internal/communicator/ssh/communicator_test.go:535:22: G115: integer overflow conversion int -> uint16 (gosec) Port: uint16(port), ^ internal/registry/test/mock_registry.go:56:2: G101: Potential hardcoded credentials (gosec) testCred = "test-auth-token" ^ internal/communicator/winrm/communicator.go:52:9: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ internal/moduletest/mocking/generate.go:121:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) b[i] = chars[rand.Intn(len(chars))] ^ internal/moduletest/mocking/fill_test.go:202:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) testRand = rand.New(rand.NewSource(0)) ^ internal/moduletest/mocking/values_test.go:981:15: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) testRand = rand.New(rand.NewSource(0)) ^ internal/command/cliconfig/credentials_test.go:96:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:119:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:165:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/command/cliconfig/credentials_test.go:190:3: G101: Potential hardcoded credentials (gosec) expectedToken := "configured-by-env" ^ internal/configs/configload/copy_dir_test.go:41:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(subModuleDir, "main.tf"), []byte("hello"), 0644) ^ internal/configs/configload/copy_dir_test.go:77:8: G306: Expect WriteFile permissions to be 0600 or less (gosec) err = ioutil.WriteFile(filepath.Join(moduleDir, "main.tf"), []byte("hello"), 0644) ^ internal/lang/functions_test.go:1382:2: G101: Potential hardcoded credentials: RSA private key (gosec) PrivateKey = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAgUElV5mwqkloIrM8ZNZ72gSCcnSJt7+/Usa5G+D15YQUAdf9 c1zEekTfHgDP+04nw/uFNFaE5v1RbHaPxhZYVg5ZErNCa/hzn+x10xzcepeS3KPV Xcxae4MR0BEegvqZqJzN9loXsNL/c3H/B+2Gle3hTxjlWFb3F5qLgR+4Mf4ruhER 1v6eHQa/nchi03MBpT4UeJ7MrL92hTJYLdpSyCqmr8yjxkKJDVC2uRrr+sTSxfh7 r6v24u/vp/QTmBIAlNPgadVAZw17iNNb7vjV7Gwl/5gHXonCUKURaV++dBNLrHIZ pqcAM8wHRph8mD1EfL9hsz77pHewxolBATV+7QIDAQABAoIBAC1rK+kFW3vrAYm3 +8/fQnQQw5nec4o6+crng6JVQXLeH32qXShNf8kLLG/Jj0vaYcTPPDZw9JCKkTMQ 0mKj9XR/5DLbBMsV6eNXXuvJJ3x4iKW5eD9WkLD4FKlNarBRyO7j8sfPTqXW7uat NxWdFH7YsSRvNh/9pyQHLWA5OituidMrYbc3EUx8B1GPNyJ9W8Q8znNYLfwYOjU4 Wv1SLE6qGQQH9Q0WzA2WUf8jklCYyMYTIywAjGb8kbAJlKhmj2t2Igjmqtwt1PYc pGlqbtQBDUiWXt5S4YX/1maIQ/49yeNUajjpbJiH3DbhJbHwFTzP3pZ9P9GHOzlG kYR+wSECgYEAw/Xida8kSv8n86V3qSY/I+fYQ5V+jDtXIE+JhRnS8xzbOzz3v0WS Oo5H+o4nJx5eL3Ghb3Gcm0Jn46dHrxinHbm+3RjXv/X6tlbxIYjRSQfHOTSMCTvd qcliF5vC6RCLXuc7R+IWR1Ky6eDEZGtrvt3DyeYABsp9fRUFR/6NluUCgYEAqNsw 1aSl7WJa27F0DoJdlU9LWerpXcazlJcIdOz/S9QDmSK3RDQTdqfTxRmrxiYI9LEs mkOkvzlnnOBMpnZ3ZOU5qIRfprecRIi37KDAOHWGnlC0EWGgl46YLb7/jXiWf0AG Y+DfJJNd9i6TbIDWu8254/erAS6bKMhW/3q7f2kCgYAZ7Id/BiKJAWRpqTRBXlvw BhXoKvjI2HjYP21z/EyZ+PFPzur/lNaZhIUlMnUfibbwE9pFggQzzf8scM7c7Sf+ mLoVSdoQ/Rujz7CqvQzi2nKSsM7t0curUIb3lJWee5/UeEaxZcmIufoNUrzohAWH BJOIPDM4ssUTLRq7wYM9uQKBgHCBau5OP8gE6mjKuXsZXWUoahpFLKwwwmJUp2vQ pOFPJ/6WZOlqkTVT6QPAcPUbTohKrF80hsZqZyDdSfT3peFx4ZLocBrS56m6NmHR UYHMvJ8rQm76T1fryHVidz85g3zRmfBeWg8yqT5oFg4LYgfLsPm1gRjOhs8LfPvI OLlRAoGBAIZ5Uv4Z3s8O7WKXXUe/lq6j7vfiVkR1NW/Z/WLKXZpnmvJ7FgxN4e56 RXT7GwNQHIY8eDjDnsHxzrxd+raOxOZeKcMHj3XyjCX3NHfTscnsBPAGYpY/Wxzh T8UYnFu6RzkixElTf2rseEav7rkdKkI3LAeIZy7B0HulKKsmqVQ7 -----END RSA PRIVATE KEY----- ` internal/states/statemgr/locker.go:23:17: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) var rngSource = rand.New(rand.NewSource(time.Now().UnixNano())) ^ internal/states/statemgr/filesystem_test.go:64:14: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) out, err := exec.Command("go", "run", "testdata/lockstate.go", s.path).CombinedOutput() ^ internal/cloud/cloudplan/saved_plan.go:69:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) err := os.WriteFile(filepath, data, 0644) ^ internal/states/remote/remote_test.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/states/remote/remote_test.go:48:14: G401: Use of weak cryptographic primitive (gosec) checksum := md5.Sum(c.current) ^ internal/states/remote/remote_test.go:97:14: G401: Use of weak cryptographic primitive (gosec) checksum := md5.Sum(c.current) ^ internal/command/workdir/plugin_dirs.go:84:10: G306: Expect WriteFile permissions to be 0600 or less (gosec) return ioutil.WriteFile(filePath, raw, 0644) ^ internal/backend/remote-state/inmem/client.go:7:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/backend/remote-state/inmem/client.go:32:9: G401: Use of weak cryptographic primitive (gosec) md5 := md5.Sum(data) ^ internal/e2e/e2e.go:122:9: G204: Subprocess launched with a potential tainted input or cmd arguments (gosec) cmd := exec.Command(b.binPath, args...) ^ internal/backend/remote-state/http/backend.go:288:34: G402: TLS InsecureSkipVerify set true. (gosec) tlsConfig.InsecureSkipVerify = true ^ internal/backend/remote-state/http/client.go:8:2: G501: Blocklisted import crypto/md5: weak cryptographic primitive (gosec) "crypto/md5" ^ internal/backend/remote-state/http/client.go:66:11: G401: Use of weak cryptographic primitive (gosec) hash := md5.Sum(*data) ^ internal/backend/remote-state/http/client.go:199:11: G401: Use of weak cryptographic primitive (gosec) hash := md5.Sum(payload.Data) ^ internal/backend/remote-state/http/server_test.go:245:11: G402: TLS MinVersion too low. (gosec) s.TLS = &tls.Config{ ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: clientCAs, Certificates: []tls.Certificate{cert}, } ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
5.597 ± 0.062 | 5.528 | 5.721 | 1.02 ± 0.01 |
v1.60.3 |
5.473 ± 0.031 | 5.412 | 5.523 | 1.00 |
traefik/traefik
local
``` internal/release/release.go:30:17: G304: Potential file inclusion via variable (gosec) output, err := os.Create(outputPath) ^ cmd/internal/gen/centrifuge.go:246:9: G301: Expect directory permissions to be 0750 or less (gosec) err := os.MkdirAll(f.baseDir, 0o755) ^ cmd/internal/gen/centrifuge.go:268:15: G304: Potential file inclusion via variable (gosec) file, err := os.Create(filename) ^ cmd/internal/gen/main.go:86:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666) ^ pkg/server/cookie/cookie.go:4:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ pkg/server/cookie/cookie.go:26:10: G401: Use of weak cryptographic primitive (gosec) hash := sha1.New() ^ pkg/logs/wasm.go:31:34: G115: integer overflow conversion int32 -> int8 (gosec) w.logger.WithLevel(zerolog.Level(level + 1)).Msg(message) ^ pkg/udp/conn.go:234:6: G104: Errors unhandled. (gosec) c.Close() ^ pkg/udp/conn.go:254:5: G104: Errors unhandled. (gosec) c.Close() ^ pkg/udp/switcher.go:19:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/udp/wrr_load_balancer.go:38:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/udp/conn_test.go:287:2: G104: Errors unhandled. (gosec) conn2.Close() ^ pkg/types/tls.go:63:24: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: c.InsecureSkipVerify, ^ pkg/types/tls.go:75:23: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: c.InsecureSkipVerify, ^ pkg/tls/tlsmanager.go:327:11: G402: TLS MinVersion too low. (gosec) conf := &tls.Config{ NextProtos: tlsOption.ALPNProtocols, } pkg/tcp/dialer.go:136:25: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: cfg.TLS.InsecureSkipVerify, ^ pkg/tcp/switcher.go:19:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/tcp/dialer_test.go:139:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:182:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:186:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{Certificates: []tls.Certificate{cert}}) ^ pkg/tcp/dialer_test.go:232:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:236:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{Certificates: []tls.Certificate{cert}}) ^ pkg/tcp/dialer_test.go:286:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:290:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{ // For TLS Certificates: []tls.Certificate{cert}, // For mTLS ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: clientPool, }) pkg/tcp/dialer_test.go:349:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:48:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:60:24: G102: Binds to all network interfaces (gosec) proxyListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:108:28: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:139:26: G102: Binds to all network interfaces (gosec) proxyListener, err := net.Listen("tcp", ":0") ^ pkg/middlewares/tcp/inflightconn/inflight_conn.go:46:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/middlewares/tcp/inflightconn/inflight_conn.go:52:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/middlewares/tcp/ipallowlist/ip_allowlist.go:56:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go:56:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/server/service/tcp/service.go:31:18: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ pkg/server/service/udp/service.go:28:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go:200:58: G115: integer overflow conversion int64 -> uint64 (gosec) values = append(values, fmt.Sprintf(`NB="%d"`, uint64(peerCert.NotBefore.Unix()))) ^ pkg/middlewares/passtlsclientcert/pass_tls_client_cert.go:204:58: G115: integer overflow conversion int64 -> uint64 (gosec) values = append(values, fmt.Sprintf(`NA="%d"`, uint64(peerCert.NotAfter.Unix()))) ^ pkg/provider/file/file.go:623:15: G304: Potential file inclusion via variable (gosec) buf, err := os.ReadFile(filename) ^ pkg/provider/file/file_test.go:328:14: G304: Potential file inclusion via variable (gosec) dst, err := os.OpenFile(dstPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o666) ^ pkg/provider/file/file_test.go:334:14: G304: Potential file inclusion via variable (gosec) src, err := os.Open(srcPath) ^ pkg/provider/file/file_test.go:351:14: G304: Potential file inclusion via variable (gosec) src, err := os.Open(srcPath) ^ pkg/plugins/client.go:77:8: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(archivesPath, 0o755) ^ pkg/plugins/client.go:113:15: G304: Potential file inclusion via variable (gosec) file, err := os.Open(p) ^ pkg/plugins/client.go:173:9: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(filepath.Dir(filename), 0o755) ^ pkg/plugins/client.go:179:15: G304: Potential file inclusion via variable (gosec) file, err = os.Create(filename) ^ pkg/plugins/client.go:306:14: G304: Potential file inclusion via variable (gosec) elt, err := os.OpenFile(p, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode()) ^ pkg/plugins/client.go:313:11: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(elt, rc) ^ pkg/plugins/client.go:411:8: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(dir, 0o755) ^ pkg/plugins/client.go:420:15: G304: Potential file inclusion via variable (gosec) file, err := os.Open(filepath) ^ pkg/middlewares/accesslog/logger.go:151:12: G301: Expect directory permissions to be 0750 or less (gosec) if err := os.MkdirAll(dir, 0o755); err != nil { ^ ```v1.60.3
``` internal/release/release.go:30:17: G304: Potential file inclusion via variable (gosec) output, err := os.Create(outputPath) ^ cmd/internal/gen/centrifuge.go:246:9: G301: Expect directory permissions to be 0750 or less (gosec) err := os.MkdirAll(f.baseDir, 0o755) ^ cmd/internal/gen/centrifuge.go:268:15: G304: Potential file inclusion via variable (gosec) file, err := os.Create(filename) ^ cmd/internal/gen/main.go:86:9: G306: Expect WriteFile permissions to be 0600 or less (gosec) return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666) ^ pkg/server/cookie/cookie.go:4:2: G505: Blocklisted import crypto/sha1: weak cryptographic primitive (gosec) "crypto/sha1" ^ pkg/server/cookie/cookie.go:26:10: G401: Use of weak cryptographic primitive (gosec) hash := sha1.New() ^ pkg/logs/wasm.go:31:34: G115: integer overflow conversion int32 -> int8 (gosec) w.logger.WithLevel(zerolog.Level(level + 1)).Msg(message) ^ pkg/types/tls.go:63:24: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: c.InsecureSkipVerify, ^ pkg/types/tls.go:75:23: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: c.InsecureSkipVerify, ^ pkg/udp/conn.go:234:6: G104: Errors unhandled. (gosec) c.Close() ^ pkg/udp/conn.go:254:5: G104: Errors unhandled. (gosec) c.Close() ^ pkg/udp/switcher.go:19:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/udp/wrr_load_balancer.go:38:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/udp/conn_test.go:287:2: G104: Errors unhandled. (gosec) conn2.Close() ^ pkg/tls/tlsmanager.go:327:11: G402: TLS MinVersion too low. (gosec) conf := &tls.Config{ NextProtos: tlsOption.ALPNProtocols, } pkg/tcp/dialer.go:136:25: G402: TLS InsecureSkipVerify may be true. (gosec) InsecureSkipVerify: cfg.TLS.InsecureSkipVerify, ^ pkg/tcp/switcher.go:19:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/tcp/dialer_test.go:139:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:182:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:186:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{Certificates: []tls.Certificate{cert}}) ^ pkg/tcp/dialer_test.go:232:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:236:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{Certificates: []tls.Certificate{cert}}) ^ pkg/tcp/dialer_test.go:286:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/dialer_test.go:290:51: G402: TLS MinVersion too low. (gosec) tlsListener := tls.NewListener(backendListener, &tls.Config{ // For TLS Certificates: []tls.Certificate{cert}, // For mTLS ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: clientPool, }) pkg/tcp/dialer_test.go:349:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:48:26: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:60:24: G102: Binds to all network interfaces (gosec) proxyListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:108:28: G102: Binds to all network interfaces (gosec) backendListener, err := net.Listen("tcp", ":0") ^ pkg/tcp/proxy_test.go:139:26: G102: Binds to all network interfaces (gosec) proxyListener, err := net.Listen("tcp", ":0") ^ pkg/server/service/tcp/service.go:31:18: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ pkg/server/service/udp/service.go:28:12: G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) (gosec) rand: rand.New(rand.NewSource(time.Now().UnixNano())), ^ pkg/provider/file/file.go:623:15: G304: Potential file inclusion via variable (gosec) buf, err := os.ReadFile(filename) ^ pkg/provider/file/file_test.go:321:3: G104: Errors unhandled. (gosec) os.RemoveAll(tempDir) ^ pkg/provider/file/file_test.go:328:14: G304: Potential file inclusion via variable (gosec) dst, err := os.OpenFile(dstPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o666) ^ pkg/provider/file/file_test.go:334:14: G304: Potential file inclusion via variable (gosec) src, err := os.Open(srcPath) ^ pkg/provider/file/file_test.go:351:14: G304: Potential file inclusion via variable (gosec) src, err := os.Open(srcPath) ^ pkg/provider/consulcatalog/config.go:324:2: G104: Errors unhandled. (gosec) hasher.Write([]byte(strings.Join(tags, ""))) ^ pkg/provider/nomad/config.go:283:2: G104: Errors unhandled. (gosec) hasher.Write([]byte(strings.Join(tags, ""))) ^ pkg/middlewares/tcp/ipwhitelist/ip_whitelist.go:56:3: G104: Errors unhandled. (gosec) conn.Close() ^ pkg/middlewares/accesslog/logger.go:151:12: G301: Expect directory permissions to be 0750 or less (gosec) if err := os.MkdirAll(dir, 0o755); err != nil { ^ pkg/middlewares/accesslog/logger.go:155:15: G302: Expect file permissions to be 0600 or less (gosec) file, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o664) ^ pkg/middlewares/accesslog/logger.go:274:16: G302: Expect file permissions to be 0600 or less (gosec) h.file, err = os.OpenFile(h.config.FilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o664) ^ pkg/middlewares/accesslog/logger_test.go:115:23: G304: Potential file inclusion via variable (gosec) fileContents, err := os.ReadFile(fileName) ^ pkg/middlewares/accesslog/logger_test.go:242:18: G304: Potential file inclusion via variable (gosec) logData, err := os.ReadFile(logFilePath) ^ pkg/middlewares/accesslog/logger_test.go:257:18: G304: Potential file inclusion via variable (gosec) logData, err := os.ReadFile(logFilePath) ^ pkg/middlewares/accesslog/logger_test.go:483:20: G304: Potential file inclusion via variable (gosec) logData, err := os.ReadFile(logFilePath) ^ pkg/plugins/client.go:77:8: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(archivesPath, 0o755) ^ pkg/plugins/client.go:173:9: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(filepath.Dir(filename), 0o755) ^ pkg/plugins/client.go:313:11: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(elt, rc) ^ pkg/plugins/client.go:411:8: G301: Expect directory permissions to be 0750 or less (gosec) err = os.MkdirAll(dir, 0o755) ^ ```| Command | Mean [s] | Min [s] | Max [s] | Relative |
|---|---|---|---|---|
local |
5.472 ± 0.043 | 5.409 | 5.544 | 1.01 ± 0.02 |
v1.60.3 |
5.428 ± 0.080 | 5.343 | 5.554 | 1.00 |
You can find the workflow here: https://github.com/ldez/golangci-lint-bench/actions/runs/10704642387
{ "pr": 4982, "linter": "gosec", "version": "v1.60.3" }