Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-31 14:01:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore(lint): enable gosec (#7792)

Browse Source 
Enable "gosec" linter.

Exclude:

- All G115 (integer overflow) findings, to be fixed separately.

Add targeted gosec annotations for:

- non-crypto math/rand usage
- md5 used only for file change detection
- G114 ("net/http serve with no timeout settings"), to be fixed
  separately.

Other findings fixed.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit is contained in:
Ville Vesilehto
2025-12-30 00:01:27 +02:00
committed by GitHub
parent 1e0095d9b0
commit b21c752d7f
13 changed files with 35 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
plugin/pkg/tls/tls.go
View File

@@ -95,7 +95,11 @@ func NewTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
return nil, err
}
tlsConfig := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: roots}
// #nosec G402 -- MinVersion and MaxVersion are set in setTLSDefaults
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: roots,
}
setTLSDefaults(tlsConfig)
return tlsConfig, nil
@@ -109,7 +113,10 @@ func NewTLSClientConfig(caPath string) (*tls.Config, error) {
return nil, err
}
tlsConfig := &tls.Config{RootCAs: roots}
// #nosec G402 -- MinVersion and MaxVersion are set in setTLSDefaults
tlsConfig := &tls.Config{
RootCAs: roots,
}
setTLSDefaults(tlsConfig)
return tlsConfig, nil