fix linting problems and ignore gosec vuln with uint conversion

Checkmarx · Sep 12, 2024 · e22dd59 · e22dd59
1 parent 108c6b3
commit e22dd59
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 9 deletions.
diff --git a/internal/console/pre_scan.go b/internal/console/pre_scan.go
@@ -135,7 +135,7 @@ func newConsole() *console {
 func (console *console) preScan() {
 	log.Debug().Msg("console.scan()")
 	for _, warn := range warnings {
-		log.Warn().Msgf(warn)
+		log.Warn().Msgf("%s", warn)
 	}
 
 	printer := internalPrinter.NewPrinter(flags.GetBoolFlag(flags.MinimalUIFlag))

diff --git a/internal/sentry/sentry.go b/internal/sentry/sentry.go
@@ -35,7 +35,7 @@ func ReportSentry(report *Report, shouldLog bool) {
 	})
 
 	if shouldLog {
-		log.Err(report.Err).Msgf(report.Message)
+		log.Err(report.Err).Msgf("%s", report.Message)
 		log.Debug().Msgf("Error Report: \n%+v\n", report.string())
 	}
 }

diff --git a/pkg/parser/buildah/comments.go b/pkg/parser/buildah/comments.go
@@ -17,18 +17,18 @@ func getKicsIgnore(comment string) string {
 
 func (i *Info) getIgnoreLines(comment *syntax.Comment) {
 	// get normal comments
-	i.IgnoreLines = append(i.IgnoreLines, int(comment.Hash.Line()))
+	i.IgnoreLines = append(i.IgnoreLines, int(comment.Hash.Line())) //nolint:gosec
 
 	if model.KICSCommentRgxp.MatchString(comment.Text) {
 		kicsIgnore := getKicsIgnore(comment.Text)
 
 		switch model.CommentCommand(kicsIgnore) {
 		case model.IgnoreLine:
 			// get kics-scan ignore-line
-			i.IgnoreLines = append(i.IgnoreLines, int(comment.Hash.Line())+1)
+			i.IgnoreLines = append(i.IgnoreLines, int(comment.Hash.Line())+1) //nolint:gosec
 		case model.IgnoreBlock:
 			// get kics-scan ignore-block for ignoreFromBlock
-			i.IgnoreBlockLines = append(i.IgnoreBlockLines, int(comment.Pos().Line()))
+			i.IgnoreBlockLines = append(i.IgnoreBlockLines, int(comment.Pos().Line())) //nolint:gosec
 		}
 	}
 }

diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
@@ -295,7 +295,7 @@ func (p *Printer) PrintBySev(content, sev string) string {
 
 // Bold returns the output in a bold format
 func (p *Printer) Bold(content string) string {
-	return color.Bold.Sprintf(content)
+	return color.Bold.Sprintf("%s", content)
 }
 
 func validQueryID(queryID string) bool {

diff --git a/pkg/remediation/remediation.go b/pkg/remediation/remediation.go
@@ -156,7 +156,7 @@ func addition(r *Remediation, lines *[]string) []string {
 func (s *Summary) writeRemediation(remediatedLines, lines []string, filePath, similarityID string) []string {
 	remediated := []byte(strings.Join(remediatedLines, "\n"))
 
-	if err := os.WriteFile(filePath, remediated, os.ModePerm); err != nil {
+	if err := os.WriteFile(filePath, remediated, 0600); err != nil {
 		log.Error().Msgf("failed to write file: %s", err)
 		return lines
 	}

diff --git a/pkg/scan/utils.go b/pkg/scan/utils.go
@@ -240,7 +240,7 @@ func printVersionCheck(customPrint *consolePrinter.Printer, s *model.Summary) {
 	if !s.LatestVersion.Latest {
 		message := fmt.Sprintf("A new version 'v%s' of KICS is available, please consider updating", s.LatestVersion.LatestVersionTag)
 
-		fmt.Println(customPrint.VersionMessage.Sprintf(message))
+		fmt.Println(customPrint.VersionMessage.Sprintf("%s", message))
 		log.Warn().Msgf("%s", message)
 	}
 }

diff --git a/pkg/utils/random.go b/pkg/utils/random.go
@@ -14,7 +14,7 @@ var randmu sync.Mutex
 const tempDirFormat = 1e9
 
 func reseed() uint32 {
-	return uint32(int32(time.Now().UnixNano()) + int32(os.Getpid()))
+	return uint32(int32(time.Now().UnixNano()) + int32(os.Getpid())) //nolint:gosec
 }
 
 // NextRandom returns a random number