|
==== Salus Scan v2.7.2 |
|
|
|
Overall scan status: FAILED in 184.87s |
|
|
|
┌───────────────┬──────────────┬──────────┬────────┐ |
|
│ Scanner │ Running Time │ Required │ Passed │ |
|
├───────────────┼──────────────┼──────────┼────────┤ |
|
│ Gosec │ 184.26s │ yes │ no │ |
|
│ PatternSearch │ 0.0s │ yes │ yes │ |
|
│ RepoNotEmpty │ 0.0s │ yes │ yes │ |
|
│ ReportGoDep │ 0.61s │ no │ yes │ |
|
└───────────────┴──────────────┴──────────┴────────┘ |
|
|
|
==== Gosec: FAILED in 184.26s |
|
|
|
|
|
~~ Scanner Logs: |
|
|
|
{ |
|
"Golang errors": { |
|
"pkg/cmd/cli/restore": [ |
|
{ |
|
"line": 0, |
|
"column": 0, |
|
"error": "loading files from package \"pkg/cmd/cli/restore\": -: go: downloading k8s.io/cli-ru |
|
ntime v0.17.0\ngo: downloading github.com/gofrs/uuid v3.2.0+incompatible\ngo: downloading github.c |
|
om/gobwas/glob v0.2.3\ngo: downloading google.golang.org/grpc v1.23.1\ngo: downloading github.com/ |
|
evanphx/json-patch v4.2.0+incompatible\ngo: downloading github.com/aws/aws-sdk-go v1.13.12\ngo: do |
|
wnloading github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1bc61569a26\ngo: downloading githu |
|
b.com/Azure/azure-sdk-for-go v21.4.0+incompatible\ngo: extracting github.com/evanphx/json-patch v4 |
|
.2.0+incompatible\ngo: downloading github.com/sirupsen/logrus v1.4.2\ngo: extracting github.com/go |
|
frs/uuid v3.2.0+incompatible\ngo: downloading github.com/joho/godotenv v1.3.0\ngo: extracting gith |
|
ub.com/gobwas/glob v0.2.3\ngo: extracting github.com/hashicorp/go-plugin v0.0.0-20190610192547-a1b |
|
c61569a26\ngo: extracting github.com/joho/godotenv v1.3.0\ngo: downloading github.com/hashicorp/ya |
|
mux v0.0.0-20180604194846-3520598351bb\ngo: downloading github.com/oklog/run v1.0.0\ngo: extractin |
|
g github.com/sirupsen/logrus v1.4.2\ngo: extracting github.com/oklog/run v1.0.0\ngo: extracting gi |
|
thub.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb\ngo: downloading github.com/hashicorp/ |
|
go-hclog v0.0.0-20180709165350-ff2cf002a8dd\ngo: extracting github.com/hashicorp/go-hclog v0.0.0-2 |
|
0180709165350-ff2cf002a8dd\ngo: downloading github.com/mitchellh/go-testing-interface v0.0.0-20171 |
|
004221916-a61a99592b77\ngo: extracting github.com/mitchellh/go-testing-interface v0.0.0-2017100422 |
|
1916-a61a99592b77\ngo: extracting k8s.io/cli-runtime v0.17.0\ngo: downloading github.com/liggitt/t |
|
abwriter v0.0.0-20181228230101-89fcab3d43de\ngo: extracting github.com/liggitt/tabwriter v0.0.0-20 |
|
181228230101-89fcab3d43de\ngo: extracting google.golang.org/grpc v1.23.1\ngo: downloading google.g |
|
olang.org/genproto v0.0.0-20190911173649-1774047e7e51\ngo: extracting google.golang.org/genproto v |
|
0.0.0-20190911173649-1774047e7e51\ngo: extracting github.com/aws/aws-sdk-go v1.13.12\ngo: download |
|
ing github.com/go-ini/ini v1.28.2\ngo: downloading github.com/jmespath/go-jmespath v0.0.0-20160202 |
|
185014-0b12d6b521d8\ngo: extracting github.com/go-ini/ini v1.28.2\ngo: extracting github.com/jmesp |
|
ath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8\ngo: extracting github.com/Azure/azure-sdk-for- |
|
go v21.4.0+incompatible\ngo: downloading github.com/Azure/go-autorest/autorest/date v0.1.0\ngo: ex |
|
tracting github.com/Azure/go-autorest/autorest/date v0.1.0\ngo build github.com/Azure/go-autorest/ |
|
autorest: no Go files in \ngo build github.com/Azure/go-autorest/autorest/adal: no Go files in \ng |
|
o build github.com/Azure/go-autorest/autorest/azure: no Go files in \ngo build github.com/Azure/go |
|
-autorest/autorest/date: no Go files in " |
|
} |
|
], |
|
"pkg/install": [ |
|
{ |
|
"line": 0, |
|
"column": 0, |
|
"error": "loading files from package \"pkg/install\": -: go: downloading k8s.io/apiextensions- |
|
apiserver v0.17.0\ngo: downloading github.com/imdario/mergo v0.3.5\ngo: downloading cloud.google.c |
|
om/go v0.46.2\ngo: downloading github.com/Azure/go-autorest v11.1.2+incompatible\ngo: extracting g |
|
ithub.com/imdario/mergo v0.3.5\ngo: extracting github.com/Azure/go-autorest v11.1.2+incompatible\n |
|
go: downloading github.com/Azure/go-autorest/autorest v0.9.0\ngo: extracting github.com/Azure/go-a |
|
utorest/autorest v0.9.0\ngo: downloading github.com/Azure/go-autorest/autorest/adal v0.5.0\ngo: ex |
|
tracting github.com/Azure/go-autorest/autorest/adal v0.5.0\ngo: extracting k8s.io/apiextensions-ap |
|
iserver v0.17.0\ngo: extracting cloud.google.com/go v0.46.2\ngo build github.com/Azure/go-autorest |
|
/autorest: no Go files in \ngo build github.com/Azure/go-autorest/autorest/adal: no Go files in \n |
|
go build github.com/Azure/go-autorest/autorest/azure: no Go files in " |
|
} |
|
], |
|
"pkg/restic/mocks": [ |
|
{ |
|
"line": 0, |
|
"column": 0, |
|
"error": "loading files from package \"pkg/restic/mocks\": -: go: downloading github.com/stret |
|
chr/testify v1.4.0\ngo: extracting github.com/stretchr/testify v1.4.0\ngo: downloading github.com/ |
|
pmezard/go-difflib v1.0.0\ngo: downloading github.com/stretchr/objx v0.2.0\ngo: extracting github. |
|
com/pmezard/go-difflib v1.0.0\ngo: extracting github.com/stretchr/objx v0.2.0\ngo build github.com |
|
/Azure/go-autorest/autorest: no Go files in \ngo build github.com/Azure/go-autorest/autorest/azure |
|
: no Go files in \ngo build github.com/Azure/go-autorest/autorest/date: no Go files in \ngo build |
|
github.com/Azure/go-autorest/autorest/adal: no Go files in " |
|
} |
|
], |
|
"pkg/test": [ |
|
{ |
|
"line": 0, |
|
"column": 0, |
|
"error": "loading files from package \"pkg/test\": -: go: downloading github.com/spf13/afero v |
|
1.2.2\ngo: downloading k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a\ngo: extracting gith |
|
ub.com/spf13/afero v1.2.2\ngo: extracting k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a\n |
|
go build github.com/Azure/go-autorest/autorest: no Go files in \ngo build github.com/Azure/go-auto |
|
rest/autorest/adal: no Go files in \ngo build github.com/Azure/go-autorest/autorest/azure: no Go f |
|
iles in " |
|
} |
|
] |
|
}, |
|
"Issues": [ |
|
{ |
|
"severity": "HIGH", |
|
"confidence": "HIGH", |
|
"rule_id": "G402", |
|
"details": "TLS InsecureSkipVerify set true.", |
|
"file": "/home/repo/pkg/cmd/util/downloadrequest/downloadrequest.go", |
|
"code": "InsecureSkipVerify: true", |
|
"line": "105" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G204", |
|
"details": "Subprocess launched with variable", |
|
"file": "/home/repo/pkg/cmd/cli/bug/bug.go", |
|
"code": "exec.Command(\"open\", url)", |
|
"line": "196" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G204", |
|
"details": "Subprocess launched with function call as argument or cmd arguments", |
|
"file": "/home/repo/pkg/plugin/clientmgmt/client_builder.go", |
|
"code": "exec.Command(b.commandName, b.commandArgs...)", |
|
"line": "77" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G302", |
|
"details": "Expect file permissions to be 0600 or less", |
|
"file": "/home/repo/hack/issue-template-gen/main.go", |
|
"code": "os.OpenFile(outTemplateFilename, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)", |
|
"line": "32" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G304", |
|
"details": "Potential file inclusion via variable", |
|
"file": "/home/repo/pkg/util/filesystem/file_system.go", |
|
"code": "ioutil.ReadFile(filename)", |
|
"line": "72" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G204", |
|
"details": "Subprocess launched with variable", |
|
"file": "/home/repo/pkg/cmd/cli/bug/bug.go", |
|
"code": "exec.Command(\"rundll32\", \"url.dll,FileProtocolHandler\", url)", |
|
"line": "203" |
|
}, |
|
{ |
|
"severity": "MEDIUM", |
|
"confidence": "HIGH", |
|
"rule_id": "G204", |
|
"details": "Subprocess launched with variable", |
|
"file": "/home/repo/pkg/cmd/cli/bug/bug.go", |
|
"code": "exec.Command(\"xdg-open\", url)", |
|
"line": "199" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/cmd/util/downloadrequest/downloadrequest.go", |
|
"code": "errors.New(\"download request was unexpectedly deleted\")", |
|
"line": "88" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/cmd/cli/bug/bug.go", |
|
"code": "kubectlCmd.Process.Kill()", |
|
"line": "151" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/hack/crd-gen/main.go", |
|
"code": "gzw.Close()", |
|
"line": "118" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/hack/crd-gen/main.go", |
|
"code": "file.Close()", |
|
"line": "117" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/cmd/cli/completion/completion.go", |
|
"code": "cmd.Root().GenBashCompletion(os.Stdout)", |
|
"line": "48" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/third_party/kubernetes/pkg/kubectl/cmd/completion.go", |
|
"code": "out.Write([]byte(zshHead))", |
|
"line": "33" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/third_party/kubernetes/pkg/kubectl/cmd/completion.go", |
|
"code": "out.Write([]byte(zshInitialization))", |
|
"line": "160" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/third_party/kubernetes/pkg/kubectl/cmd/completion.go", |
|
"code": "velero.GenBashCompletion(buf)", |
|
"line": "163" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/third_party/kubernetes/pkg/kubectl/cmd/completion.go", |
|
"code": "out.Write(buf.Bytes())", |
|
"line": "164" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/third_party/kubernetes/pkg/kubectl/cmd/completion.go", |
|
"code": "out.Write([]byte(zshTail))", |
|
"line": "172" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/plugin/framework/object_store_client.go", |
|
"code": "stream.CloseSend()", |
|
"line": "89" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/plugin/framework/server.go", |
|
"code": "s.flagSet.Parse(os.Args[1:])", |
|
"line": "168" |
|
}, |
|
{ |
|
"severity": "LOW", |
|
"confidence": "HIGH", |
|
"rule_id": "G104", |
|
"details": "Errors unhandled.", |
|
"file": "/home/repo/pkg/generated/crds/crds.go", |
|
"code": "gzr.Close()", |
|
"line": "60" |
|
} |
|
], |
|
"Stats": { |
|
"files": 206, |
|
"lines": 24946, |
|
"nosec": 0, |
|
"found": 20 |
|
} |
|
} |
|
|
|
==== PatternSearch: [32mPASSED[0m in 0.0s |
|
|
|
==== RepoNotEmpty: [32mPASSED[0m in 0.0s |
|
|
|
==== ReportGoDep: [32mPASSED[0m in 0.61s |