From 55fe81fe323f3c0dd67d4d0ff078f78824777c56 Mon Sep 17 00:00:00 2001
From: Mario Constanti <mario.constanti@mercedes-benz.com>
Date: Thu, 22 Feb 2024 10:49:21 +0100
Subject: [PATCH] fix: gosec linter findings

Signed-off-by: Mario Constanti <mario.constanti@mercedes-benz.com>
---
 apiserver/routers/routers.go | 3 ++-
 cmd/garm/main.go             | 2 ++
 config/config_test.go        | 1 +
 config/external_test.go      | 1 +
 util/util.go                 | 2 ++
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/apiserver/routers/routers.go b/apiserver/routers/routers.go
index 88ba445d..fb8b609c 100644
--- a/apiserver/routers/routers.go
+++ b/apiserver/routers/routers.go
@@ -49,6 +49,8 @@ import (
 	_ "expvar" // Register the expvar handlers
 	"log/slog"
 	"net/http"
+
+	// nolint:golangci-lint,gosec
 	_ "net/http/pprof" // Register the pprof handlers
 
 	"github.com/felixge/httpsnoop"
@@ -87,7 +89,6 @@ func requestLogger(h http.Handler) http.Handler {
 		// gathers metrics from the upstream handlers
 		metrics := httpsnoop.CaptureMetrics(h, w, r)
 
-
 		slog.Info(
 			"access_log",
 			slog.String("method", r.Method),
diff --git a/cmd/garm/main.go b/cmd/garm/main.go
index 1a11ca9c..c2cabe56 100644
--- a/cmd/garm/main.go
+++ b/cmd/garm/main.go
@@ -240,6 +240,8 @@ func main() {
 	methodsOk := handlers.AllowedMethods([]string{"GET", "HEAD", "POST", "PUT", "OPTIONS", "DELETE"})
 	headersOk := handlers.AllowedHeaders([]string{"X-Requested-With", "Content-Type", "Authorization"})
 
+	// nolint:golangci-lint,gosec
+	// G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server
 	srv := &http.Server{
 		Addr: cfg.APIServer.BindAddress(),
 		// Pass our instance of gorilla/mux in.
diff --git a/config/config_test.go b/config/config_test.go
index 2295cdf3..2d2cf34d 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -26,6 +26,7 @@ import (
 )
 
 var (
+	// nolint: golangci-lint,gosec
 	EncryptionPassphrase     = "bocyasicgatEtenOubwonIbsudNutDom"
 	WeakEncryptionPassphrase = "1234567890abcdefghijklmnopqrstuv"
 )
diff --git a/config/external_test.go b/config/external_test.go
index f8a89800..17dc04ba 100644
--- a/config/external_test.go
+++ b/config/external_test.go
@@ -31,6 +31,7 @@ func getDefaultExternalConfig(t *testing.T) External {
 	}
 	t.Cleanup(func() { os.RemoveAll(dir) })
 
+	// nolint:golangci-lint,gosec
 	err = os.WriteFile(filepath.Join(dir, "garm-external-provider"), []byte{}, 0o755)
 	if err != nil {
 		t.Fatalf("failed to write file: %s", err)
diff --git a/util/util.go b/util/util.go
index 1db1e5bd..4255dbf0 100644
--- a/util/util.go
+++ b/util/util.go
@@ -84,6 +84,8 @@ func GithubClient(ctx context.Context, token string, credsDetails params.GithubC
 			return nil, nil, fmt.Errorf("failed to parse CA cert")
 		}
 	}
+	// nolint:golangci-lint,gosec,godox
+	// TODO: set TLS MinVersion
 	httpTransport := &http.Transport{
 		TLSClientConfig: &tls.Config{
 			RootCAs: roots,