Add gosec of GitHub action

LinuxSuRen · Jan 27, 2021 · 16578d8 · 16578d8
1 parent 5ba75dd
commit 16578d8
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -40,3 +40,29 @@ jobs:
         uses: Jerome1337/golint-action@v1.0.2
         with:
           golint-path: ./...
+  Security:
+    name: Security
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: '-exclude=G402,G204,G304,G110 ./...'
+  CodeQL:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: go
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
diff --git a/cmd/install.go b/cmd/install.go
@@ -64,7 +64,7 @@ func (o *installOption) overWriteBinary(sourceFile, targetPath string) (err erro
 		}
 	default:
 		sourceF, _ := os.Open(sourceFile)
-		targetF, _ := os.OpenFile(targetPath, os.O_CREATE|os.O_RDWR, 0664)
+		targetF, _ := os.OpenFile(targetPath, os.O_CREATE|os.O_RDWR, 0600)
 		if _, err = io.Copy(targetF, sourceF); err != nil {
 			err = fmt.Errorf("cannot copy %s from %s to %v, error: %v", o.name, sourceFile, targetPath, err)
 		}
@@ -138,7 +138,7 @@ func execCommand(name string, arg ...string) (err error) {
 		wg.Done()
 	}()
 
-	copyAndCapture(os.Stderr, stderrIn)
+	_, _ = copyAndCapture(os.Stderr, stderrIn)
 
 	wg.Wait()
 

diff --git a/pkg/http.go b/pkg/http.go
@@ -159,9 +159,9 @@ func (h *HTTPDownloader) DownloadFile() error {
 	// Create the file
 	out, err := os.Create(filepath)
 	if err != nil {
+		out.Close()
 		return err
 	}
-	defer out.Close()
 
 	writer.Writer = out
 
@@ -216,7 +216,7 @@ func DownloadFileWithMultipleThreadKeepParts(targetURL, targetFilePath string, t
 
 		// concat all these partial files
 		var f *os.File
-		if f, err = os.OpenFile(targetFilePath, os.O_CREATE|os.O_WRONLY, 0644); err == nil {
+		if f, err = os.OpenFile(targetFilePath, os.O_CREATE|os.O_WRONLY, 0600); err == nil {
 			defer func() {
 				_ = f.Close()
 			}()

diff --git a/pkg/progress.go b/pkg/progress.go
@@ -52,6 +52,6 @@ func (i *ProgressIndicator) setBar(n int) {
 	i.count += float64(n)
 
 	if i.bar != nil {
-		i.bar.Set((int)(i.count * 100 / i.Total))
+		_ = i.bar.Set((int)(i.count * 100 / i.Total))
 	}
 }