Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test #232

Closed
wants to merge 3 commits into from

test

6296cac
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Closed

test #232

test
6296cac
Select commit
Loading
Failed to load commit list.
GitHub Actions / Gosec Security Scan Result failed Jun 5, 2024 in 0s

Gosec Security Scan Result

Gosec Security Scanner Result

Details

Results:

Golang errors in file: [/github/workspace/examples/postgres-query/main.go]:

[line 10 : column 2] - could not import github.com/hypertrace/goagent/instrumentation/hypertrace/github.com/jackc/hyperpgx (invalid package name: "")

Golang errors in file: [/github/workspace/examples/sql-query/main.go]:

[line 13 : column 2] - could not import github.com/go-sql-driver/mysql (invalid package name: "")

Golang errors in file: [/github/workspace/instrumentation/hypertrace/github.com/jackc/hyperpgx/pgx.go]:

[line 3 : column 16] - could not import github.com/hypertrace/goagent/instrumentation/opentelemetry/github.com/jackc/hyperpgx (invalid package name: "")

Golang errors in file: [/github/workspace/instrumentation/opentelemetry/github.com/jackc/hyperpgx/pgx.go]:

[line 9 : column 2] - could not import github.com/jackc/pgconn (invalid package name: "")

[line 10 : column 2] - could not import github.com/jackc/pgtype/pgxtype (invalid package name: "")

[line 11 : column 2] - could not import github.com/jackc/pgx/v4 (invalid package name: "")

[line 14 : column 19] - undefined: pgx

[line 25 : column 93] - undefined: pgx

[line 30 : column 36] - undefined: pgx

[line 30 : column 47] - undefined: pgx

[line 40 : column 13] - undefined: pgx

[line 44 : column 7] - undefined: pgx

[line 47 : column 11] - undefined: pgx

[line 60 : column 96] - undefined: pgx

[line 77 : column 96] - undefined: pgx

[line 110 : column 114] - undefined: pgx

[line 127 : column 57] - undefined: pgx

[line 127 : column 68] - undefined: pgx

[line 138 : column 15] - undefined: pgx

[/github/workspace/instrumentation/opencensus/init.go:25] - G402 (CWE-295): TLS InsecureSkipVerify may be true. (Confidence: LOW, Severity: HIGH)
24: MinVersion: tls.VersionTLS12,

25: InsecureSkipVerify: !cfg.GetReporting().GetSecure().GetValue(),
26: },

[/github/workspace/examples/sql-query/main.go:43] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
42: ))

43: log.Fatal(http.ListenAndServe(":8081", r))
44: }

[/github/workspace/examples/mux-server/main.go:29] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
28: r.HandleFunc("/foo", http.HandlerFunc(fooHandler))

29: log.Fatal(http.ListenAndServe(":8081", r))
30: }

[/github/workspace/examples/http-server/main.go:38] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
37: ))

38: log.Fatal(http.ListenAndServe(":8081", r))
39: }

[/github/workspace/sdk/instrumentation/net/http/attributes.go:12-28] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
11: func SetAttributesFromHeaders(_type string, headers HeaderAccessor, span sdk.Span) {

12: headers.ForEachHeader(func(key string, values []string) error {
13: if len(values) == 1 {
14: span.SetAttribute(
15: fmt.Sprintf("http.%s.header.%s", _type, strings.ToLower(key)),
16: values[0],
17: )
18: return nil
19: }
20:
21: for index, value := range values {
22: span.SetAttribute(
23: fmt.Sprintf("http.%s.header.%s[%d]", _type, strings.ToLower(key), index),
24: value,
25: )
26: }
27: return nil
28: })
29: }

[/github/workspace/examples/sql-query/main.go:71] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
70: w.WriteHeader(http.StatusOK)

71: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s"}", p.Name)))
72: }

[/github/workspace/examples/mux-server/main.go:55] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
54: w.WriteHeader(http.StatusOK)

55: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s"}", p.Name)))
56: }

[/github/workspace/examples/http-server/main.go:93] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
92: w.WriteHeader(http.StatusOK)

93: io.WriteString(w, sb)
94: }

[/github/workspace/examples/http-server/main.go:65] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
64: invalidUtf8 := string([]byte{0xff, 0xfe, 0xfd})

65: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s %s"}", p.Name, invalidUtf8)))
66: }

[/github/workspace/examples/gin-server/main.go:39] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
38: // Listen and Server in 0.0.0.0:8080

39: r.Run(":8080")
40: }

Summary:
Gosec : dev
Files : 94
Lines : 6461
Nosec : 0
Issues : 10