fix: gosec linter findings

Signed-off-by: Mario Constanti <mario.constanti@mercedes-benz.com>

apiserver/routers/routers.go

@@ -49,6 +49,8 @@ import (
 	_ "expvar" // Register the expvar handlers
 	"log/slog"
 	"net/http"
+
+	// nolint:golangci-lint,gosec
 	_ "net/http/pprof" // Register the pprof handlers
 
 	"github.com/felixge/httpsnoop"
@@ -87,7 +89,6 @@ func requestLogger(h http.Handler) http.Handler {
 		// gathers metrics from the upstream handlers
 		metrics := httpsnoop.CaptureMetrics(h, w, r)
 
-
 		slog.Info(
 			"access_log",
 			slog.String("method", r.Method),

cmd/garm/main.go

@@ -240,6 +240,8 @@ func main() {
 	methodsOk := handlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "OPTIONS", "DELETE"})
 	headersOk := handlers.AllowedHeaders([]string{"X-Requested-With", "Content-Type", "Authorization"})
 
+	// nolint:golangci-lint,gosec
+	// G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server
 	srv := &http.Server{
 		Addr: cfg.APIServer.BindAddress(),
 		// Pass our instance of gorilla/mux in.

config/config_test.go

@@ -26,6 +26,7 @@ import (
 )
 
 var (
+	// nolint: golangci-lint,gosec
 	EncryptionPassphrase     = "bocyasicgatEtenOubwonIbsudNutDom"
 	WeakEncryptionPassphrase = "1234567890abcdefghijklmnopqrstuv"
 )

config/external_test.go

@@ -31,6 +31,7 @@ func getDefaultExternalConfig(t *testing.T) External {
 	}
 	t.Cleanup(func() { os.RemoveAll(dir) })
 
+	// nolint:golangci-lint,gosec
 	err = os.WriteFile(filepath.Join(dir, "garm-external-provider"), []byte{}, 0o755)
 	if err != nil {
 		t.Fatalf("failed to write file: %s", err)

util/util.go

@@ -84,6 +84,8 @@ func GithubClient(ctx context.Context, token string, credsDetails params.GithubC
 			return nil, nil, fmt.Errorf("failed to parse CA cert")
 		}
 	}
+	// nolint:golangci-lint,gosec,godox
+	// TODO: set TLS MinVersion
 	httpTransport := &http.Transport{
 		TLSClientConfig: &tls.Config{
 			RootCAs: roots,