Fix gosec lint issues (golangci-lint)

web-platform-tests / wpt.fyi

web-platform-tests dashboard

https://wpt.fyi/

Other

190 stars 89 forks source link

Fix gosec lint issues (golangci-lint) #3317

Open LeonardYam opened 1 year ago

LeonardYam commented 1 year ago

gosec detects security issues in the Go code.

Any lint issues related to gosec can be found by searching for // nolint:gosec.

Related issue: #2984

meelunae commented 9 months ago

Hello! What kind of approach is expected for errors that are not proper security errors but related to linter false positives? For example, on line 16 of /api/test_runs.go we have a gosec error about "Potential hardcoded credentials" that is raised because of the variable naming (it contains the word "token"). How do we approach this kind of errors? Thanks :)

LeonardYam commented 9 months ago

Hi @meelunae, unfortunately I'm no longer working on this project so I do not have an actual answer for this 😅.

I suspect that the way to handle obvious false positives would be to keep the //nolint:gosec directive and remove the TODO for that particular line. You should approach the maintainers for help if you wish to work on this issue!

meelunae commented 9 months ago

@KyleJu sorry for pinging in this issue too, but any thoughts on this? :) Thank you!