Merge pull request #104 from dell/gosec-fix

Update .golangci.yaml

.github/workflows/actions.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Run the formatter, linter, and vetter
         uses: dell/common-github-actions/go-code-formatter-linter-vetter@main
         with:
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Run Go Security
         uses: securego/gosec@master
         with:
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
       - name: Run malware scan
         uses: dell/common-github-actions/malware-scanner@main
         with:

.golangci.yaml

@@ -28,3 +28,7 @@ linters:
     - govet
     # Drop-in replacement of golint.
     - revive
+linters-settings:
+  gosec:
+    excludes:
+      - G402 # Look for bad TLS connection settings

api/api.go

@@ -158,9 +158,9 @@ func New(
 
 	if opts.Insecure {
 		c.http.Transport = &http.Transport{
-			/* #nosec G402 */
 			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
+				// #nosec G402
+				InsecureSkipVerify: true, // #nosec G402
 			},
 		}
 	}
@@ -172,10 +172,10 @@ func New(
 		}
 
 		c.http.Transport = &http.Transport{
-			/* #nosec G402 */
 			TLSClientConfig: &tls.Config{
 				RootCAs:            pool,
-				InsecureSkipVerify: opts.Insecure,
+				// #nosec G402
+				InsecureSkipVerify: opts.Insecure, 
 			},
 		}
 	}

deploy.go

@@ -54,27 +54,27 @@ func NewGateway(host string, username, password string, insecure, useCerts bool)
 		username: username,
 		password: password,
 	}
-
-	if insecure {
-		gc.http.Transport = &http.Transport{
-			/* #nosec G402 */
+
+	if insecure { 
+		gc.http.Transport = &http.Transport{ 
 			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
+				// #nosec G402
+				InsecureSkipVerify: true, 
 			},
 		}
 	}
-
-	if !insecure || useCerts {
+        
+	if !insecure || useCerts { 
 		pool, err := x509.SystemCertPool()
 		if err != nil {
 			return nil, errSysCerts
 		}
 
-		gc.http.Transport = &http.Transport{
-			/* #nosec G402 */
+		gc.http.Transport = &http.Transport{ 
 			TLSClientConfig: &tls.Config{
 				RootCAs:            pool,
-				InsecureSkipVerify: insecure,
+				// #nosec G402
+				InsecureSkipVerify: insecure, 
 			},
 		}
 	}
@@ -1264,7 +1264,7 @@ func writeConfig(config *CookieConfig) error {
 	if err != nil {
 		return err
 	}
-
+        // #nosec G306
 	err = ioutil.WriteFile(configFile, data, 0644)
 	if err != nil {
 		return err