diff --git a/.github/workflows/gosec-scan.yml b/.github/workflows/gosec-scan.yml index ef178ac..44f3630 100644 --- a/.github/workflows/gosec-scan.yml +++ b/.github/workflows/gosec-scan.yml @@ -1,4 +1,5 @@ name: Run Gosec in CODESOURCERER + on: push: branches: @@ -6,15 +7,57 @@ on: pull_request: branches: - main + jobs: - tests: + security-scan: runs-on: ubuntu-latest env: GO111MODULE: on steps: - name: Checkout Source uses: actions/checkout@v3 - - name: Run Gosec Security Scanner + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: 1.23 + + - name: Cache Go Modules for Github Service + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + src/github/go.sum + key: ${{ runner.os }}-go-${{ hashFiles('src/github/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Cache Go Modules for GenAI Service + uses: actions/cache@v3 + with: + path: | + ~/go/pkg/mod + src/genAi/go.sum + key: ${{ runner.os }}-go-${{ hashFiles('src/genAi/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Install Dependencies for Github Service + run: | + cd src/github + go mod tidy + + - name: Install Dependencies for GenAI Service + run: | + cd src/genAi + go mod tidy + + - name: Run Gosec for Github Service + uses: securego/gosec@master + with: + args: ./src/github/... + + - name: Run Gosec for GenAI Service uses: securego/gosec@master with: - args: ./... + args: ./src/genAi/... diff --git a/src/genAi/utils/loadenvs.go b/src/genAi/utils/loadenvs.go index db90042..55f0aa0 100644 --- a/src/genAi/utils/loadenvs.go +++ b/src/genAi/utils/loadenvs.go @@ -3,13 +3,14 @@ package utils import ( "bufio" "os" + "path/filepath" "strings" ) func Loadenv(filePath string) (map[string]string, error) { envs := make(map[string]string) - file, err := os.Open(filePath) + file, err := os.Open(filepath.Clean(filePath)) if err != nil { return nil, err } diff --git a/src/github/controllers/generators/genTestfiles.go b/src/github/controllers/generators/genTestfiles.go index 540e56b..bbdf03f 100644 --- a/src/github/controllers/generators/genTestfiles.go +++ b/src/github/controllers/generators/genTestfiles.go @@ -15,7 +15,7 @@ func GenerateTestFiles(tests []struct { }) error { for _, test := range tests { dir := filepath.Dir(test.TestPath) - if err := os.MkdirAll(dir, os.ModePerm); err != nil { + if err := os.MkdirAll(dir, 0750); err != nil { return fmt.Errorf("unable to create directory %s: %w", dir, err) } file, err := os.Create(test.TestPath) diff --git a/src/github/controllers/tokenhandlers/JWThandlers.go b/src/github/controllers/tokenhandlers/JWThandlers.go index c2f939a..a9d9409 100644 --- a/src/github/controllers/tokenhandlers/JWThandlers.go +++ b/src/github/controllers/tokenhandlers/JWThandlers.go @@ -4,6 +4,7 @@ import ( "github/utils" "log" "os" + "path/filepath" "time" "github.com/golang-jwt/jwt/v4" @@ -33,7 +34,7 @@ func GetJWT() string { } func GenerateJWT(appID string, privkeyPath string) (string, error) { - privkeyBytes, err := os.ReadFile(privkeyPath) + privkeyBytes, err := os.ReadFile(filepath.Clean(privkeyPath)) if err != nil { return "", err } diff --git a/src/github/go.mod b/src/github/go.mod index 147b7a5..04061b7 100644 --- a/src/github/go.mod +++ b/src/github/go.mod @@ -7,6 +7,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-github/v52 v52.0.0 golang.org/x/oauth2 v0.24.0 + gopkg.in/yaml.v3 v3.0.1 ) require ( @@ -38,5 +39,4 @@ require ( golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect google.golang.org/protobuf v1.34.2 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/src/github/utils/loadenvs.go b/src/github/utils/loadenvs.go index db90042..55f0aa0 100644 --- a/src/github/utils/loadenvs.go +++ b/src/github/utils/loadenvs.go @@ -3,13 +3,14 @@ package utils import ( "bufio" "os" + "path/filepath" "strings" ) func Loadenv(filePath string) (map[string]string, error) { envs := make(map[string]string) - file, err := os.Open(filePath) + file, err := os.Open(filepath.Clean(filePath)) if err != nil { return nil, err }