golangci: enable gosec linter

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
opencontainers · Oct 12, 2022 · 3ca8e8f · 3ca8e8f
1 parent befb6c2
commit 3ca8e8f
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 2 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -9,6 +9,7 @@ linters:
     - exportloopref # Detects pointers to enclosing loop variables.
     - gocritic      # Metalinter; detects bugs, performance, and styling issues.
     - gofumpt       # Detects whether code was gofumpt-ed.
+    - gosec         # Detects security problems.
     - misspell      # Detects commonly misspelled English words in comments.
     - nilerr        # Detects code that returns nil even if it checks that the error is not nil.
     - nolintlint    # Detects ill-formed or insufficient nolint directives.

diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
@@ -839,6 +839,7 @@ func enforceMode() int {
 // setEnforceMode sets the current SELinux mode Enforcing, Permissive.
 // Disabled is not valid, since this needs to be set at boot time.
 func setEnforceMode(mode int) error {
+	//nolint:gosec // ignore G306: permissions to be 0600 or less.
 	return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644)
 }
 
@@ -1046,6 +1047,7 @@ func addMcs(processLabel, fileLabel string) (string, string) {
 
 // securityCheckContext validates that the SELinux label is understood by the kernel
 func securityCheckContext(val string) error {
+	//nolint:gosec // ignore G306: permissions to be 0600 or less.
 	return os.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644)
 }
 

diff --git a/pkg/pwalk/pwalk_test.go b/pkg/pwalk/pwalk_test.go
@@ -214,6 +214,6 @@ func cbReadFile(path string, info os.FileInfo, _ error) error {
 }
 
 func cbRandomSleep(_ string, _ os.FileInfo, _ error) error {
-	time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond)
+	time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator
 	return nil
 }
diff --git a/pkg/pwalkdir/pwalkdir_test.go b/pkg/pwalkdir/pwalkdir_test.go
@@ -218,6 +218,6 @@ func cbReadFile(path string, e fs.DirEntry, _ error) error {
 }
 
 func cbRandomSleep(_ string, _ fs.DirEntry, _ error) error {
-	time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond)
+	time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator
 	return nil
 }