Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Enable gosec linter #91

Open
kashifkhan0771 opened this issue Jan 15, 2025 · 1 comment
Open

[FEATURE] Enable gosec linter #91

kashifkhan0771 opened this issue Jan 15, 2025 · 1 comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed high-priority Change or fix is a higher priority

Comments

@kashifkhan0771
Copy link
Owner

Feature Description

Enable the gosec linter in .golangci.yaml and address all identified issues by make lint afterwards.

Use Case

The gosec linter is used to analyze source code and identify potential security vulnerabilities. It scans for issues like:

  • Hardcoded credentials: Detects sensitive information embedded in the code.
  • Weak cryptography: Identifies the use of outdated or insecure cryptographic algorithms.
  • Improper input validation: Flags potential issues that could lead to injection attacks.
  • Insecure file permissions: Warns about files or directories that may be accessible without proper restrictions.
  • Use of dangerous functions: Highlights functions or practices that could introduce security risks.

Enabling the gosec linter helps improve the overall security posture of the project by catching these vulnerabilities early in the development process.

Proposed Solution

Enable gosec in .golangci.yaml file and run make lint

Additional Context

N/A

Pseudo Code

In .golangci.yaml

  enable:
    - govet
    - staticcheck
    - errcheck
    - gosec
@kashifkhan0771 kashifkhan0771 added enhancement New feature or request good first issue Good for newcomers high-priority Change or fix is a higher priority help wanted Extra attention is needed labels Jan 15, 2025
@kashifkhan0771
Copy link
Owner Author

Related: #97

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed high-priority Change or fix is a higher priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kashifkhan0771