Skip to content

fix: recover from exporter panic in our custom batch_span_processor (… #599

fix: recover from exporter panic in our custom batch_span_processor (…

fix: recover from exporter panic in our custom batch_span_processor (… #599

GitHub Actions / Gosec Security Scan Result failed May 24, 2024 in 0s

Gosec Security Scan Result

Gosec Security Scanner Result

Details

Results:

Golang errors in file: [/github/workspace/examples/postgres-query/main.go]:

[line 10 : column 2] - could not import github.com/hypertrace/goagent/instrumentation/hypertrace/github.com/jackc/hyperpgx (invalid package name: "")

Golang errors in file: [/github/workspace/examples/sql-query/main.go]:

[line 13 : column 2] - could not import github.com/go-sql-driver/mysql (invalid package name: "")

Golang errors in file: [/github/workspace/instrumentation/hypertrace/github.com/jackc/hyperpgx/pgx.go]:

[line 3 : column 16] - could not import github.com/hypertrace/goagent/instrumentation/opentelemetry/github.com/jackc/hyperpgx (invalid package name: "")

Golang errors in file: [/github/workspace/instrumentation/opentelemetry/github.com/jackc/hyperpgx/pgx.go]:

[line 9 : column 2] - could not import github.com/jackc/pgconn (invalid package name: "")

[line 10 : column 2] - could not import github.com/jackc/pgtype/pgxtype (invalid package name: "")

[line 11 : column 2] - could not import github.com/jackc/pgx/v4 (invalid package name: "")

[line 14 : column 19] - undefined: pgx

[line 25 : column 93] - undefined: pgx

[line 30 : column 36] - undefined: pgx

[line 30 : column 47] - undefined: pgx

[line 40 : column 13] - undefined: pgx

[line 44 : column 7] - undefined: pgx

[line 47 : column 11] - undefined: pgx

[line 60 : column 96] - undefined: pgx

[line 77 : column 96] - undefined: pgx

[line 110 : column 114] - undefined: pgx

[line 127 : column 57] - undefined: pgx

[line 127 : column 68] - undefined: pgx

[line 138 : column 15] - undefined: pgx

[/github/workspace/instrumentation/opencensus/init.go:25] - G402 (CWE-295): TLS InsecureSkipVerify may be true. (Confidence: LOW, Severity: HIGH)
24: MinVersion: tls.VersionTLS12,

25: InsecureSkipVerify: !cfg.GetReporting().GetSecure().GetValue(),
26: },

[/github/workspace/examples/sql-query/main.go:43] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
42: ))

43: log.Fatal(http.ListenAndServe(":8081", r))
44: }

[/github/workspace/examples/mux-server/main.go:29] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
28: r.HandleFunc("/foo", http.HandlerFunc(fooHandler))

29: log.Fatal(http.ListenAndServe(":8081", r))
30: }

[/github/workspace/examples/http-server/main.go:38] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
37: ))

38: log.Fatal(http.ListenAndServe(":8081", r))
39: }

[/github/workspace/sdk/instrumentation/net/http/attributes.go:12-28] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
11: func SetAttributesFromHeaders(_type string, headers HeaderAccessor, span sdk.Span) {

12: headers.ForEachHeader(func(key string, values []string) error {
13: if len(values) == 1 {
14: span.SetAttribute(
15: fmt.Sprintf("http.%s.header.%s", _type, strings.ToLower(key)),
16: values[0],
17: )
18: return nil
19: }
20:
21: for index, value := range values {
22: span.SetAttribute(
23: fmt.Sprintf("http.%s.header.%s[%d]", _type, strings.ToLower(key), index),
24: value,
25: )
26: }
27: return nil
28: })
29: }

[/github/workspace/examples/sql-query/main.go:71] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
70: w.WriteHeader(http.StatusOK)

71: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s"}", p.Name)))
72: }

[/github/workspace/examples/mux-server/main.go:55] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
54: w.WriteHeader(http.StatusOK)

55: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s"}", p.Name)))
56: }

[/github/workspace/examples/http-server/main.go:93] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
92: w.WriteHeader(http.StatusOK)

93: io.WriteString(w, sb)
94: }

[/github/workspace/examples/http-server/main.go:65] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
64: invalidUtf8 := string([]byte{0xff, 0xfe, 0xfd})

65: w.Write([]byte(fmt.Sprintf("{"message": "Hello %s %s"}", p.Name, invalidUtf8)))
66: }

[/github/workspace/examples/gin-server/main.go:39] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
38: // Listen and Server in 0.0.0.0:8080

39: r.Run(":8080")
40: }

Summary:
Gosec : dev
Files : 94
Lines : 6461
Nosec : 0
Issues : 10