Merge pull request #324 from cloudfoundry-community/resolve-semgrep-failures

Resolve semgrep failures

Author: foram-splunk

.semgrepignore

@@ -0,0 +1,3 @@
+tile/build.sh 
+.github/pre-req.sh
+testing/

cache/boltdb.go

@@ -318,7 +318,7 @@ func (c *Boltdb) createBucket() error {
 // invalidateMissingAppCache perodically cleanup inmemory house keeping for
 // not found apps. When the this cache is cleaned up, end clients have chance
 // to retry missing apps
-func (c *Boltdb) invalidateMissingAppCache() {
+func (c *Boltdb) invalidateMissingAppCache() {  // nosemgrep false-positive : Execution of ticker `ticker` more times than desired will not be causing any issues for function "invalidateMissingAppCache".
 	ticker := time.NewTicker(c.config.MissingAppCacheTTL)
 
 	c.wg.Add(1)
@@ -340,7 +340,7 @@ func (c *Boltdb) invalidateMissingAppCache() {
 
 // invalidateCache perodically fetches a full copy apps info from remote
 // and update boltdb and in-memory cache
-func (c *Boltdb) invalidateCache() {
+func (c *Boltdb) invalidateCache() {  // nosemgrep false-positive : Execution of ticker `ticker` and `orgSpaceTicker` more times than desired will not be causing any issues for function "invalidateCache".
 	ticker := time.NewTicker(c.config.AppCacheTTL)
 	orgSpaceTicker := time.NewTicker(c.config.OrgSpaceCacheTTL)
 

events/events.go

@@ -271,7 +271,7 @@ func IsAuthorizedEvent(wantedEvent string) bool {
 	return ok
 }
 
-func AuthorizedEvents() string {
+func AuthorizedEvents() string {  // nosemgrep false-positive : `Envelope_EventType_name` is not pointer.
 	arrEvents := []string{}
 	for _, listEvent := range events.Envelope_EventType_name {
 		arrEvents = append(arrEvents, listEvent)

eventsource/firehose.go

@@ -27,7 +27,7 @@ type Firehose struct {
 }
 
 func NewFirehose(tokenClient TokenClient, config *FirehoseConfig) *Firehose {
-	c := consumer.New(config.Endpoint, &tls.Config{InsecureSkipVerify: config.SkipSSL}, nil)
+	c := consumer.New(config.Endpoint, &tls.Config{InsecureSkipVerify: config.SkipSSL, MinVersion: tls.VersionTLS12}, nil)
 	c.SetIdleTimeout(config.KeepAlive)
 
 	f := &Firehose{

eventwriter/splunk.go

@@ -34,7 +34,7 @@ type splunkClient struct {
 func NewSplunk(config *SplunkConfig) Writer {
 	httpClient := cfhttp.NewClient()
 	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: config.SkipSSL},
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: config.SkipSSL, MinVersion: tls.VersionTLS12},
 	}
 	httpClient.Transport = tr