chore(lint): enable gosec (#7792)

Enable "gosec" linter. Exclude: - All G115 (integer overflow) findings, to be fixed separately. Add targeted gosec annotations for: - non-crypto math/rand usage - md5 used only for file change detection - G114 ("net/http serve with no timeout settings"), to be fixed separately. Other findings fixed. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-12-31 06:00:28 -05:00 · 2025-12-30 00:01:27 +02:00
parent 1e0095d9b0
commit b21c752d7f
13 changed files with 35 additions and 15 deletions
--- a/plugin/dnstap/io.go
+++ b/plugin/dnstap/io.go
@@ -70,6 +70,7 @@ func (d *dio) dial() error {

 	if d.proto == "tls" {
 		config := &tls.Config{
+			// #nosec G402 -- optional, user-configurable escape hatch for environments that cannot validate certs.
 			InsecureSkipVerify: d.skipVerify,
 		}
 		dialer := &net.Dialer{