kubevirt / containerized-data-importer / #4693
49%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 153
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 58.427% (-0.05%) from 58.481%
#4693

push

travis-ci

web-flow 
Enable Gosec linter (#3283)

* Move gosec into golangci-lint

Remove gosec target and scripts and use the golangci-lint linter
This ensures we stay up-to-date (so long as golangci-lint is up to date
too).

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G601: Disable for-loop variable aliassing warning (not relevant fro Go>=1.22)

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G101: Ignore warning about plain-text credentials

They are false positives

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G102: Don't listen to all interfaces

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G107: Ignore potentially tainted GET requests

They are all in test code

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G109: Avoid integer overflows after parsing strings

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G110: Potential DoS vulnerability via decompression bomb

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G114: Use of net/http serve function that has no support for setting timeouts

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G204: Subprocess launched with a potential tainted input or cmd arguments

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G305: File traversal when extracting zip/tar archive

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* G306: Expect WriteFile permissions to be 0600 or less

Signed-off-by: Edu Gómez Escandell <egomez@redhat.com>

* Bugfix: Misuse of file descriptor flags in file permission bits

os.WriteFile always uses O_WRONLY|O_CREATE|O_TRUNC, the third argument
is for the file's permission bits. This code is misleading, it will
truncate the file and not append to it. For that you'd need
os.Openfile(path, os.O_APPEND, 0600)

I also simplified the unnecessary []byte conversion.

Signed-... (continued)

20 of 55 new or added lines in 12 files covered. (36.36%)

9 existing lines in 2 files now uncovered.

16012 of 27405 relevant lines covered (58.43%)

0.65 hits per line

New Missed Lines in Diff

Lines Coverage File
1
13.73
 -0.01% pkg/controller/common/util.go
1
69.19
 0.36% pkg/uploadserver/uploadserver.go
2
25.61
 0.0% pkg/util/cert/cert.go
2
36.27
 -0.12% pkg/util/util.go
4
73.18
 -0.2% pkg/apiserver/apiserver.go
4
68.72
 -0.33% pkg/importer/transport.go
4
41.1
 -0.1% pkg/uploadproxy/uploadproxy.go
5
2.88
 -0.03% cmd/cdi-cloner/clone-source.go
5
52.3
 -2.78% cmd/openstack-populator/openstack-populator.go
7
61.84
 -4.36% pkg/util/prometheus/prometheus.go

Uncovered Existing Lines

Lines Coverage File
4
33.33
 -44.44% pkg/monitoring/metrics/openstack-populator/populator_metrics.go
5
52.3
 -2.78% cmd/openstack-populator/openstack-populator.go
Jobs
ID Job ID Ran Files Coverage
1 #4693.1 153
58.43
Source Files on build #4693