chore(deps): update tools to latest versions (#3205)

* chore(deps): update tools to latest versions

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: disable gosec(G115)

A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the
latest golang-ci linter.

https://github.com/securego/gosec/issues/1185
https://github.com/securego/gosec/pull/1149

We're going to ignore this rule for the time being while waiting for gosec to get updates so that
bound checking and example snippets of `valid` code is added for this rule

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
This commit is contained in:
anchore-actions-token-generator[bot] 2024-09-13 15:05:50 -04:00 committed by GitHub
parent 834027e32d
commit 58100fec9f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 20 additions and 17 deletions

View file

@ -26,7 +26,7 @@ tools:
# used for linting # used for linting
- name: golangci-lint - name: golangci-lint
version: version:
want: v1.60.3 want: v1.61.0
method: github-release method: github-release
with: with:
repo: golangci/golangci-lint repo: golangci/golangci-lint
@ -58,7 +58,7 @@ tools:
# used to release all artifacts # used to release all artifacts
- name: goreleaser - name: goreleaser
version: version:
want: v2.2.0 want: v2.3.0
method: github-release method: github-release
with: with:
repo: goreleaser/goreleaser repo: goreleaser/goreleaser
@ -103,7 +103,7 @@ tools:
# used for running all local and CI tasks # used for running all local and CI tasks
- name: task - name: task
version: version:
want: v3.38.0 want: v3.39.0
method: github-release method: github-release
with: with:
repo: go-task/task repo: go-task/task
@ -111,7 +111,7 @@ tools:
# used for triggering a release # used for triggering a release
- name: gh - name: gh
version: version:
want: v2.55.0 want: v2.56.0
method: github-release method: github-release
with: with:
repo: cli/cli repo: cli/cli

View file

@ -57,6 +57,9 @@ linters-settings:
settings: settings:
ruleguard: ruleguard:
rules: "test/rules/rules.go" rules: "test/rules/rules.go"
gosec:
excludes:
- G115
output: output:
uniq-by-line: false uniq-by-line: false
run: run:

View file

@ -56,7 +56,7 @@ func OpenZip(filepath string) (*ZipReadCloser, error) {
if offset > math.MaxInt64 { if offset > math.MaxInt64 {
return nil, fmt.Errorf("archive start offset too large: %v", offset) return nil, fmt.Errorf("archive start offset too large: %v", offset)
} }
offset64 := int64(offset) //nolint:gosec // lint bug, checked above: https://github.com/securego/gosec/issues/1187 offset64 := int64(offset)
size := fi.Size() - offset64 size := fi.Size() - offset64
@ -183,7 +183,7 @@ func findDirectory64End(r io.ReaderAt, directoryEndOffset int64) (int64, error)
if b.uint32() != 1 { // total number of disks if b.uint32() != 1 { // total number of disks
return -1, nil // the file is not a valid zip64-file return -1, nil // the file is not a valid zip64-file
} }
return int64(p), nil //nolint:gosec return int64(p), nil
} }
// readDirectory64End reads the zip64 directory end and updates the // readDirectory64End reads the zip64 directory end and updates the

View file

@ -175,7 +175,7 @@ func hasElfDynTag(f *elf.File, tag elf.DynTag) bool {
t = elf.DynTag(f.ByteOrder.Uint32(d[0:4])) t = elf.DynTag(f.ByteOrder.Uint32(d[0:4]))
d = d[8:] d = d[8:]
case elf.ELFCLASS64: case elf.ELFCLASS64:
t = elf.DynTag(f.ByteOrder.Uint64(d[0:8])) //nolint:gosec t = elf.DynTag(f.ByteOrder.Uint64(d[0:8]))
d = d[16:] d = d[16:]
} }
if t == tag { if t == tag {

View file

@ -146,7 +146,7 @@ func safeFileModeConvert(val int) (fs.FileMode, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
return os.FileMode(mode), nil //nolint:gosec return os.FileMode(mode), nil
} }
func toSyftLicenses(m []model.License) (p []pkg.License) { func toSyftLicenses(m []model.License) (p []pkg.License) {

View file

@ -230,7 +230,7 @@ func handleNewKeyValue(line string) (key string, val interface{}, err error) {
if err != nil { if err != nil {
return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err) return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err)
} }
return key, int(s), nil //nolint:gosec return key, int(s), nil
default: default:
return key, val, nil return key, val, nil
} }

View file

@ -268,7 +268,7 @@ func newPE(filename string, r io.ReaderAt) (nativeImage, error) {
} }
exportSymbolsOffset := uint64(exportSymbolsDataDirectory.VirtualAddress) exportSymbolsOffset := uint64(exportSymbolsDataDirectory.VirtualAddress)
exports := make([]byte, exportSymbolsDataDirectory.Size) exports := make([]byte, exportSymbolsDataDirectory.Size)
_, err = r.ReadAt(exports, int64(exportSymbolsOffset)) //nolint:gosec _, err = r.ReadAt(exports, int64(exportSymbolsOffset))
if err != nil { if err != nil {
return fileError(filename, fmt.Errorf("could not read the exported symbols data directory: %w", err)) return fileError(filename, fmt.Errorf("could not read the exported symbols data directory: %w", err))
} }
@ -412,7 +412,7 @@ func (ni nativeImagePE) fetchExportAttribute(i int) (uint32, error) {
func (ni nativeImagePE) fetchExportFunctionPointer(functionsBase uint32, i uint32) (uint32, error) { func (ni nativeImagePE) fetchExportFunctionPointer(functionsBase uint32, i uint32) (uint32, error) {
var pointer uint32 var pointer uint32
n := uint32(len(ni.exports)) //nolint:gosec n := uint32(len(ni.exports))
sz := uint32(unsafe.Sizeof(ni.t.functionPointer)) sz := uint32(unsafe.Sizeof(ni.t.functionPointer))
j := functionsBase + i*sz j := functionsBase + i*sz
if j+sz >= n { if j+sz >= n {
@ -457,7 +457,7 @@ func (ni nativeImagePE) fetchSbomSymbols(content *exportContentPE) {
sbomBytes := []byte(nativeImageSbomSymbol + "\x00") sbomBytes := []byte(nativeImageSbomSymbol + "\x00")
sbomLengthBytes := []byte(nativeImageSbomLengthSymbol + "\x00") sbomLengthBytes := []byte(nativeImageSbomLengthSymbol + "\x00")
svmVersionInfoBytes := []byte(nativeImageSbomVersionSymbol + "\x00") svmVersionInfoBytes := []byte(nativeImageSbomVersionSymbol + "\x00")
n := uint32(len(ni.exports)) //nolint:gosec n := uint32(len(ni.exports))
// Find SBOM, SBOM Length, and SVM Version Symbol // Find SBOM, SBOM Length, and SVM Version Symbol
for i := uint32(0); i < content.numberOfNames; i++ { for i := uint32(0); i < content.numberOfNames; i++ {

View file

@ -60,10 +60,10 @@ func readStruct(metadata any, fields ...string) string {
if len(fields) > 0 { if len(fields) > 0 {
value, ok := metadata.(map[any]any) value, ok := metadata.(map[any]any)
if !ok { if !ok {
log.Tracef("unable to read '%s' from: %v", fields[0], metadata) //nolint:gosec log.Tracef("unable to read '%s' from: %v", fields[0], metadata)
return "" return ""
} }
return readStruct(value[fields[0]], fields[1:]...) //nolint:gosec return readStruct(value[fields[0]], fields[1:]...)
} }
value, ok := metadata.(string) value, ok := metadata.(string)
if !ok { if !ok {

View file

@ -88,12 +88,12 @@ func mapFiles(files []rpmutils.FileInfo, digestAlgorithm string) []pkg.RpmFileRe
} }
out = append(out, pkg.RpmFileRecord{ out = append(out, pkg.RpmFileRecord{
Path: f.Name(), Path: f.Name(),
Mode: pkg.RpmFileMode(f.Mode()), //nolint:gosec Mode: pkg.RpmFileMode(f.Mode()),
Size: int(f.Size()), Size: int(f.Size()),
Digest: digest, Digest: digest,
UserName: f.UserName(), UserName: f.UserName(),
GroupName: f.GroupName(), GroupName: f.GroupName(),
Flags: rpmdb.FileFlags(f.Flags()).String(), //nolint:gosec Flags: rpmdb.FileFlags(f.Flags()).String(),
}) })
} }
return out return out