search

talostrading / sonic

Sonic is a Go library for network and I/O programming that provides developers with a consistent asynchronous model, with a focus on achieving the lowest possible latency and jitter in Go.
MIT License
702 stars 17 forks source link

Add gosec and run it in CI #87

Closed sergiu128 closed 1 year ago

sergiu128 commented 1 year ago

1 medium severity issue: using crypto/sha1 in websocket handshake. @Dave-Clark-Talos this is not a security issue. See commit aa9e1991a01ac2a7e27001bc1a995b924842f578 for an explanation.

Other low severity issues:

@Dave-Clark-Talos see commit 0f2af4d21378802b9b3bf2f0df57325c4551f8b6 on how gosec is setup. Related to CI, we run the full suite of tests, benchmarks, golint and gosec on each push (hence build). We also make sure all examples build. 

{
    "Golang errors": {},
    "Issues": [
        {
            "severity": "MEDIUM",
            "confidence": "HIGH",
            "cwe": {
                "id": "326",
                "url": "https://cwe.mitre.org/data/definitions/326.html"
            },
            "rule_id": "G401",
            "details": "Use of weak cryptographic primitive",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/util.go",
            "code": "29: \n30: \thasher := sha1.New()\n31: \thasher.Write(resKey)\n",
            "line": "30",
            "column": "12",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "MEDIUM",
            "confidence": "HIGH",
            "cwe": {
                "id": "326",
                "url": "https://cwe.mitre.org/data/definitions/326.html"
            },
            "rule_id": "G401",
            "details": "Use of weak cryptographic primitive",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "89: \t\tstate:  StateHandshake,\n90: \t\thasher: sha1.New(),\n91: \t\thb:     make([]byte, 1024),\n",
            "line": "90",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "MEDIUM",
            "confidence": "HIGH",
            "cwe": {
                "id": "327",
                "url": "https://cwe.mitre.org/data/definitions/327.html"
            },
            "rule_id": "G505",
            "details": "Blocklisted import crypto/sha1: weak cryptographic primitive",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/util.go",
            "code": "4: \t\"crypto/rand\"\n5: \t\"crypto/sha1\"\n6: \t\"encoding/base64\"\n",
            "line": "5",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "MEDIUM",
            "confidence": "HIGH",
            "cwe": {
                "id": "327",
                "url": "https://cwe.mitre.org/data/definitions/327.html"
            },
            "rule_id": "G505",
            "details": "Blocklisted import crypto/sha1: weak cryptographic primitive",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "6: \t\"crypto/rand\"\n7: \t\"crypto/sha1\"\n8: \t\"crypto/tls\"\n",
            "line": "7",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/socket_linux.go",
            "code": "67: \t\tuintptr(unsafe.Pointer(\u0026(into[0]))),\n68: \t\tuintptr(unsafe.Pointer(\u0026n)),\n69: \t\t0,\n",
            "line": "68",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/socket_linux.go",
            "code": "66: \t\tuintptr(syscall.SO_BINDTODEVICE),\n67: \t\tuintptr(unsafe.Pointer(\u0026(into[0]))),\n68: \t\tuintptr(unsafe.Pointer(\u0026n)),\n",
            "line": "67",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/socket_linux.go",
            "code": "44: \t\tuintptr(syscall.SO_BINDTODEVICE),\n45: \t\tuintptr(unsafe.Pointer(\u0026[]byte(\"_\")[0])),\n46: \t\t0, 0,\n",
            "line": "45",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/net/ipv4/multicast.go",
            "code": "305: \t\tuintptr(syscall.IP_UNBLOCK_SOURCE),\n306: \t\tuintptr(unsafe.Pointer(mreqSource)),\n307: \t\tuintptr(SizeofIPMreqSource),\n",
            "line": "306",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/net/ipv4/multicast.go",
            "code": "285: \t\tuintptr(syscall.IP_BLOCK_SOURCE),\n286: \t\tuintptr(unsafe.Pointer(mreqSource)),\n287: \t\tuintptr(SizeofIPMreqSource),\n",
            "line": "286",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/net/ipv4/multicast.go",
            "code": "265: \t\tuintptr(syscall.IP_DROP_SOURCE_MEMBERSHIP),\n266: \t\tuintptr(unsafe.Pointer(mreqSource)),\n267: \t\tuintptr(SizeofIPMreqSource),\n",
            "line": "266",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/net/ipv4/multicast.go",
            "code": "232: \t\tuintptr(syscall.IP_ADD_SOURCE_MEMBERSHIP),\n233: \t\tuintptr(unsafe.Pointer(mreqSource)),\n234: \t\tuintptr(SizeofIPMreqSource),\n",
            "line": "233",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/multicast_util.go",
            "code": "137: \t\t\t\t\tuintptr(req.ToIPv6()),\n138: \t\t\t\t\tuintptr(unsafe.Pointer(mreq)),\n139: \t\t\t\t\tsyscall.SizeofIPv6Mreq, 0,\n",
            "line": "138",
            "column": "14",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/multicast_util.go",
            "code": "123: \t\t\t\t\tuintptr(req.ToIPv4()),\n124: \t\t\t\t\tuintptr(unsafe.Pointer(mreq)),\n125: \t\t\t\t\tSizeofIPMreqSource, 0)\n",
            "line": "124",
            "column": "14",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/multicast_util.go",
            "code": "112: \t\t\t\t\tuintptr(req.ToIPv4()),\n113: \t\t\t\t\tuintptr(unsafe.Pointer(mreq)),\n114: \t\t\t\t\tsyscall.SizeofIPMreq, 0)\n",
            "line": "113",
            "column": "14",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "252: \t\tuintptr(fd),\n253: \t\tuintptr(unsafe.Pointer(\u0026event)),\n254: \t\t0, 0,\n",
            "line": "253",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "237: \t\tuintptr(fd),\n238: \t\tuintptr(unsafe.Pointer(\u0026event)),\n239: \t\t0, 0,\n",
            "line": "238",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "169: \t\tflags := PollFlags(event.Flags)\n170: \t\tpd := *(**PollData)(unsafe.Pointer(\u0026event.Data))\n171: \n",
            "line": "170",
            "column": "23",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "141: \t\tuintptr(p.fd),\n142: \t\tuintptr(unsafe.Pointer(\u0026p.events[0])),\n143: \t\tuintptr(len(p.events)),\n",
            "line": "142",
            "column": "11",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "32: \t}\n33: \t*(**PollData)(unsafe.Pointer(\u0026ev.Data)) = pd\n34: \n",
            "line": "33",
            "column": "16",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "242",
                "url": "https://cwe.mitre.org/data/definitions/242.html"
            },
            "rule_id": "G103",
            "details": "Use of unsafe calls should be audited",
            "file": "/home/sergiu/code/_talos/sonic/internal/eventfd.go",
            "code": "34: func (e *EventFd) Write(x uint64) (int, error) {\n35: \treturn syscall.Write(e.fd, (*(*[8]byte)(unsafe.Pointer(\u0026x)))[:])\n36: }\n",
            "line": "35",
            "column": "42",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/timer.go",
            "code": "100: \t\t\t} else {\n101: \t\t\t\tt.ScheduleOnce(repeat, ccb)\n102: \t\t\t}\n",
            "line": "101",
            "column": "5",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/listen_conn.go",
            "code": "117: func (l *listener) Close() error {\n118: \tl.ioc.poller.Del(l.fd, \u0026l.pd)\n119: \treturn syscall.Close(l.fd)\n",
            "line": "118",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/listen_conn.go",
            "code": "98: \tif err != nil {\n99: \t\tsyscall.Close(fd)\n100: \t\tif err == syscall.EWOULDBLOCK || err == syscall.EAGAIN {\n",
            "line": "99",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/timer_linux.go",
            "code": "69: func (t *Timer) Close() error {\n70: \tt.Unset()\n71: \treturn syscall.Close(t.fd)\n",
            "line": "70",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/timer_linux.go",
            "code": "48: \t\tt.pd.Set(ReadEvent, func(err error) {\n49: \t\t\tsyscall.Read(t.fd, t.b[:])\n50: \t\t\tcb()\n",
            "line": "49",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/socket_unix.go",
            "code": "242: \tif err := syscall.Bind(fd, ToSockaddr(localAddr)); err != nil {\n243: \t\tsyscall.Close(fd)\n244: \t\treturn -1, nil, os.NewSyscallError(\"bind\", err)\n",
            "line": "243",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/socket_unix.go",
            "code": "237: \tif err := ApplyOpts(fd, opts...); err != nil {\n238: \t\tsyscall.Close(fd)\n239: \t\treturn -1, nil, err\n",
            "line": "238",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/socket_unix.go",
            "code": "219: \tif err := syscall.Listen(fd, ListenBacklog); err != nil {\n220: \t\tsyscall.Close(fd)\n221: \t\treturn -1, nil, os.NewSyscallError(\"listen\", err)\n",
            "line": "220",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/socket_unix.go",
            "code": "214: \tif err := syscall.Bind(fd, ToSockaddr(localAddr)); err != nil {\n215: \t\tsyscall.Close(fd)\n216: \t\treturn -1, nil, os.NewSyscallError(\"bind\", err)\n",
            "line": "215",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/socket_unix.go",
            "code": "209: \tif err := ApplyOpts(fd, opts...); err != nil {\n210: \t\tsyscall.Close(fd)\n211: \t\treturn -1, nil, err\n",
            "line": "210",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "182: \t\tif flags\u0026pd.Flags\u0026WriteFlags == WriteFlags {\n183: \t\t\tp.DelWrite(pd.Fd, pd)\n184: \t\t\tpd.Cbs[WriteEvent](nil)\n",
            "line": "183",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "177: \t\tif flags\u0026pd.Flags\u0026ReadFlags == ReadFlags {\n178: \t\t\tp.DelRead(pd.Fd, pd)\n179: \t\t\tpd.Cbs[ReadEvent](nil)\n",
            "line": "178",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "111: \n112: \tp.waker.Close()\n113: \treturn syscall.Close(p.fd)\n",
            "line": "112",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "93: \t\tp.waker.Close()\n94: \t\tsyscall.Close(p.fd)\n95: \t\treturn nil, err\n",
            "line": "94",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "92: \tif err != nil {\n93: \t\tp.waker.Close()\n94: \t\tsyscall.Close(p.fd)\n",
            "line": "93",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/poll_linux.go",
            "code": "80: \tif err != nil {\n81: \t\tsyscall.Close(epollFd)\n82: \t\treturn nil, err\n",
            "line": "81",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/internal/eventfd.go",
            "code": "23: \tif err != 0 {\n24: \t\tsyscall.Close(int(fd))\n25: \t\treturn nil, os.NewSyscallError(\"eventfd\", err)\n",
            "line": "24",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/util.go",
            "code": "20: \tb := make([]byte, 16)\n21: \trand.Read(b)\n22: \treturn base64.StdEncoding.EncodeToString(b)\n",
            "line": "21",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/util.go",
            "code": "15: func GenMask(b []byte) {\n16: \trand.Read(b)\n17: }\n",
            "line": "16",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/test_main.go",
            "code": "93: \t\tif s.ln != nil {\n94: \t\t\ts.ln.Close()\n95: \t\t}\n",
            "line": "94",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/test_main.go",
            "code": "90: \t\tif s.conn != nil {\n91: \t\t\ts.conn.Close()\n92: \t\t}\n",
            "line": "91",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "777: \tb := make([]byte, 16)\n778: \trand.Read(b)\n779: \treq = base64.StdEncoding.EncodeToString(b)\n",
            "line": "778",
            "column": "2",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "757: \t\t// buffer\n758: \t\ts.src.Write(s.hb[resLen:])\n759: \t}\n",
            "line": "758",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "611: \t\ts.handshake(addr, func(err error, stream sonic.Stream) {\n612: \t\t\ts.ioc.Post(func() {\n613: \t\t\t\tif err != nil {\n614: \t\t\t\t\ts.state = StateTerminated\n615: \t\t\t\t} else {\n616: \t\t\t\t\ts.state = StateActive\n617: \t\t\t\t\terr = s.init(stream)\n618: \t\t\t\t}\n619: \t\t\t\tcb(err)\n620: \t\t\t})\n621: \t\t})\n",
            "line": "612-620",
            "column": "4",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "243: \t\t\t\terr = ErrMessageTooBig\n244: \t\t\t\ts.Close(CloseGoingAway, \"payload too big\")\n245: \t\t\t\tbreak\n",
            "line": "244",
            "column": "5",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/codec/websocket/stream.go",
            "code": "148: \tif errors.Is(err, ErrMessageTooBig) {\n149: \t\ts.Close(CloseGoingAway, \"payload too big\")\n150: \t\treturn nil, err\n",
            "line": "149",
            "column": "3",
            "nosec": false,
            "suppressions": null
        },
        {
            "severity": "LOW",
            "confidence": "HIGH",
            "cwe": {
                "id": "703",
                "url": "https://cwe.mitre.org/data/definitions/703.html"
            },
            "rule_id": "G104",
            "details": "Errors unhandled.",
            "file": "/home/sergiu/code/_talos/sonic/async_adapter.go",
            "code": "217: \n218: \ta.ioc.poller.Del(a.fd, \u0026a.pd)\n219: \n",
            "line": "218",
            "column": "2",
            "nosec": false,
            "suppressions": null
        }
    ],
    "Stats": {
        "files": 54,
        "lines": 8275,
        "nosec": 0,
        "found": 47
    },
    "GosecVersion": "dev"
}
github-advanced-security[bot] commented 1 year ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.