mirror of https://github.com/docker/cli.git
golangci-lint: enable G204, add #nosec comments instead
There's only 3 locations where it's hit, so putting #gosec ignore comments in those locations. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
aa331e94cc
commit
020f3a7ad9
|
@ -144,11 +144,6 @@ issues:
|
||||||
- text: "G104"
|
- text: "G104"
|
||||||
linters:
|
linters:
|
||||||
- gosec
|
- gosec
|
||||||
# Looks like the match in "EXC0007" above doesn't catch this one
|
|
||||||
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
|
||||||
- text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
# Looks like the match in "EXC0009" above doesn't catch this one
|
# Looks like the match in "EXC0009" above doesn't catch this one
|
||||||
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
||||||
- text: "G306: Expect WriteFile permissions to be 0600 or less"
|
- text: "G306: Expect WriteFile permissions to be 0600 or less"
|
||||||
|
|
|
@ -17,5 +17,5 @@ func (c *candidate) Path() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *candidate) Metadata() ([]byte, error) {
|
func (c *candidate) Metadata() ([]byte, error) {
|
||||||
return exec.Command(c.path, MetadataSubcommandName).Output()
|
return exec.Command(c.path, MetadataSubcommandName).Output() // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
}
|
}
|
||||||
|
|
|
@ -240,7 +240,8 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
|
||||||
// TODO: why are we not returning plugin.Err?
|
// TODO: why are we not returning plugin.Err?
|
||||||
return nil, errPluginNotFound(name)
|
return nil, errPluginNotFound(name)
|
||||||
}
|
}
|
||||||
cmd := exec.Command(plugin.Path, args...)
|
cmd := exec.Command(plugin.Path, args...) // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
|
|
||||||
// Using dockerCli.{In,Out,Err}() here results in a hang until something is input.
|
// Using dockerCli.{In,Out,Err}() here results in a hang until something is input.
|
||||||
// See: - https://github.com/golang/go/issues/10338
|
// See: - https://github.com/golang/go/issues/10338
|
||||||
// - https://github.com/golang/go/commit/d000e8742a173aa0659584aa01b7ba2834ba28ab
|
// - https://github.com/golang/go/commit/d000e8742a173aa0659584aa01b7ba2834ba28ab
|
||||||
|
|
|
@ -112,7 +112,7 @@ func (p *Plugin) RunHook(ctx context.Context, hookData HookPluginData) ([]byte,
|
||||||
return nil, wrapAsPluginError(err, "failed to marshall hook data")
|
return nil, wrapAsPluginError(err, "failed to marshall hook data")
|
||||||
}
|
}
|
||||||
|
|
||||||
pCmd := exec.CommandContext(ctx, p.Path, p.Name, HookSubcommandName, string(hDataBytes))
|
pCmd := exec.CommandContext(ctx, p.Path, p.Name, HookSubcommandName, string(hDataBytes)) // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
pCmd.Env = os.Environ()
|
pCmd.Env = os.Environ()
|
||||||
pCmd.Env = append(pCmd.Env, ReexecEnvvar+"="+os.Args[0])
|
pCmd.Env = append(pCmd.Env, ReexecEnvvar+"="+os.Args[0])
|
||||||
hookCmdOutput, err := pCmd.Output()
|
hookCmdOutput, err := pCmd.Output()
|
||||||
|
|
Loading…
Reference in New Issue