From 86999a0a5e0fe9ef08e191c40a10c61e0c0a75c1 Mon Sep 17 00:00:00 2001
From: subhamkrai <srai@redhat.com>
Date: Thu, 4 Jul 2024 17:37:52 +0530
Subject: [PATCH] ci: add gosec in golangci lint check

adding gosec in golangci lint check, also skip gosec G204 as we don't
want to run gosec on exec method.

Signed-off-by: subhamkrai <srai@redhat.com>
---
 .golangci.yml        |  1 +
 test/e2e/e2e_test.go | 14 +++++++-------
 test/utils/utils.go  | 12 ++++++------
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index ca69a11f..9647c459 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -28,6 +28,7 @@ linters:
     - goimports
     - gosimple
     - govet
+    - gosec
     - ineffassign
     - lll
     - misspell
diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go
index b036e035..216f5efd 100644
--- a/test/e2e/e2e_test.go
+++ b/test/e2e/e2e_test.go
@@ -38,7 +38,7 @@ var _ = Describe("controller", Ordered, func() {
 		Expect(utils.InstallCertManager()).To(Succeed())
 
 		By("creating manager namespace")
-		cmd := exec.Command("kubectl", "create", "ns", namespace)
+		cmd := exec.Command("kubectl", "create", "ns", namespace) //nolint:gosec
 		_, _ = utils.Run(cmd)
 	})
 
@@ -50,7 +50,7 @@ var _ = Describe("controller", Ordered, func() {
 		utils.UninstallCertManager()
 
 		By("removing manager namespace")
-		cmd := exec.Command("kubectl", "delete", "ns", namespace)
+		cmd := exec.Command("kubectl", "delete", "ns", namespace) //nolint:gosec
 		_, _ = utils.Run(cmd)
 	})
 
@@ -63,7 +63,7 @@ var _ = Describe("controller", Ordered, func() {
 			var projectimage = "example.com/ceph-csi-operator:v0.0.1"
 
 			By("building the manager(Operator) image")
-			cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage))
+			cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) //nolint:gosec
 			_, err = utils.Run(cmd)
 			ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
@@ -72,12 +72,12 @@ var _ = Describe("controller", Ordered, func() {
 			ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 			By("installing CRDs")
-			cmd = exec.Command("make", "install")
+			cmd = exec.Command("make", "install") //nolint:gosec
 			_, err = utils.Run(cmd)
 			ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
 			By("deploying the controller-manager")
-			cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage))
+			cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) //nolint:gosec
 			_, err = utils.Run(cmd)
 			ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
@@ -92,7 +92,7 @@ var _ = Describe("controller", Ordered, func() {
 						"{{ .metadata.name }}"+
 						"{{ \"\\n\" }}{{ end }}{{ end }}",
 					"-n", namespace,
-				)
+				) //nolint:gosec
 
 				podOutput, err := utils.Run(cmd)
 				ExpectWithOffset(2, err).NotTo(HaveOccurred())
@@ -107,7 +107,7 @@ var _ = Describe("controller", Ordered, func() {
 				cmd = exec.Command("kubectl", "get",
 					"pods", controllerPodName, "-o", "jsonpath={.status.phase}",
 					"-n", namespace,
-				)
+				) //nolint:gosec
 				status, err := utils.Run(cmd)
 				ExpectWithOffset(2, err).NotTo(HaveOccurred())
 				if string(status) != "Running" {
diff --git a/test/utils/utils.go b/test/utils/utils.go
index e3eb79b0..e381d61c 100644
--- a/test/utils/utils.go
+++ b/test/utils/utils.go
@@ -41,7 +41,7 @@ func warnError(err error) {
 // InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics.
 func InstallPrometheusOperator() error {
 	url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion)
-	cmd := exec.Command("kubectl", "create", "-f", url)
+	cmd := exec.Command("kubectl", "create", "-f", url) //nolint:gosec
 	_, err := Run(cmd)
 	return err
 }
@@ -69,7 +69,7 @@ func Run(cmd *exec.Cmd) ([]byte, error) {
 // UninstallPrometheusOperator uninstalls the prometheus
 func UninstallPrometheusOperator() {
 	url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion)
-	cmd := exec.Command("kubectl", "delete", "-f", url)
+	cmd := exec.Command("kubectl", "delete", "-f", url) //nolint:gosec
 	if _, err := Run(cmd); err != nil {
 		warnError(err)
 	}
@@ -78,7 +78,7 @@ func UninstallPrometheusOperator() {
 // UninstallCertManager uninstalls the cert manager
 func UninstallCertManager() {
 	url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion)
-	cmd := exec.Command("kubectl", "delete", "-f", url)
+	cmd := exec.Command("kubectl", "delete", "-f", url) //nolint:gosec
 	if _, err := Run(cmd); err != nil {
 		warnError(err)
 	}
@@ -87,7 +87,7 @@ func UninstallCertManager() {
 // InstallCertManager installs the cert manager bundle.
 func InstallCertManager() error {
 	url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion)
-	cmd := exec.Command("kubectl", "apply", "-f", url)
+	cmd := exec.Command("kubectl", "apply", "-f", url) //nolint:gosec
 	if _, err := Run(cmd); err != nil {
 		return err
 	}
@@ -97,7 +97,7 @@ func InstallCertManager() error {
 		"--for", "condition=Available",
 		"--namespace", "cert-manager",
 		"--timeout", "5m",
-	)
+	) //nolint:gosec
 
 	_, err := Run(cmd)
 	return err
@@ -110,7 +110,7 @@ func LoadImageToKindClusterWithName(name string) error {
 		cluster = v
 	}
 	kindOptions := []string{"load", "docker-image", name, "--name", cluster}
-	cmd := exec.Command("kind", kindOptions...)
+	cmd := exec.Command("kind", kindOptions...) //nolint:gosec
 	_, err := Run(cmd)
 	return err
 }