New issue
Advanced search Search tips

Issue 910231 link

Starred by 1 user
Status: Verified
Owner:
fmatenaar@google.com
Closed: Nov 29
Cc:
fmatenaar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

gosec analyzer cannot run due to GOPATH issue

Project Member Reported by qyears...@chromium.org, Nov 29 
Example run:
https://tricium-dev.appspot.com/run/5187624759197696
https://chromium-swarm.appspot.com/task?id=417961de3501a810

Log excerpt:
  Executing command: /b/s/w/ir/bin/gosec [-fmt json go/example.go]
  Error decoding gosec json output: EOF
  Worker quitting

Local test run:
  $ gosec  go/example.go
  [gosec] 2018/11/29 10:13:30 including rules: default
  [gosec] 2018/11/29 10:13:30 excluding rules: default
  2018/11/29 10:13:30 go/example.go is not within the $GOPATH and cannot be processed

I also tried `GOPATH="$GOPATH:$(pwd)" gosec imported.go` with the same result. This may be related to https://github.com/securego/gosec/issues/234.

Comment 1 by fmatenaar@chromium.org, Nov 29

Owner: fmatenaar@google.com

Comment 2 by fmatenaar@chromium.org, Nov 29

Status: Started (was: Available)
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 29 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra/+/3762984f7b38fe0f7295b23306ea6114baec3198

commit 3762984f7b38fe0f7295b23306ea6114baec3198
Author: Felix Matenaar <fmatenaar@chromium.org>
Date: Thu Nov 29 22:55:06 2018

[tricium] Gosec tricium analyzer change to produce relative file paths

Tricium expects the analysis output to contain relative file paths
instead of absolute ones. This CL changes the behavior to comply
with tricium's relative file paths.

TBR=qyearsley

Bug:  910231 
Change-Id: Ied9c799f9103e4e3060776ee39bf42e69e18597a
Reviewed-on: https://chromium-review.googlesource.com/c/1356061
Commit-Queue: Felix Matenaar <fmatenaar@chromium.org>
Reviewed-by: Felix Matenaar <fmatenaar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#19258}
[modify] https://crrev.com/3762984f7b38fe0f7295b23306ea6114baec3198/go/src/infra/tricium/functions/gosec/gosec_wrapper.go

Comment 5 by fmatenaar@chromium.org, Nov 29

Status: Fixed (was: Started)

Comment 6 by fmatenaar@chromium.org, Nov 29

Status: Verified (was: Fixed)
Project Member

Comment 7 by bugdroid1@chromium.org, Dec 3 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra/+/07fed1ce300438d7c81c83092543816503d749f4

commit 07fed1ce300438d7c81c83092543816503d749f4
Author: Felix Matenaar <fmatenaar@chromium.org>
Date: Mon Dec 03 21:12:15 2018

Setting GOPATH when running gosec


[Tricium] Gosec wrapper GOPATH emulation

Gosec requires src/packages/... directory structure compliant with the
Go package convention. This CL is a workaround creating the required
directory structure and symlinking to the target files within that
structure such that Gosec executes properly.

R=qyearsley@google.com
BUG= 910231 

Change-Id: I36061bd321067e66e68407e7c8d0e94b7317a8ca
Reviewed-on: https://chromium-review.googlesource.com/c/1356851
Reviewed-by: Felix Matenaar <fmatenaar@chromium.org>
Reviewed-by: Quinten Yearsley <qyearsley@chromium.org>
Commit-Queue: Felix Matenaar <fmatenaar@chromium.org>
Cr-Commit-Position: refs/heads/master@{#19297}
[modify] https://crrev.com/07fed1ce300438d7c81c83092543816503d749f4/go/src/infra/tricium/functions/gosec/gosec_wrapper.go
[modify] https://crrev.com/07fed1ce300438d7c81c83092543816503d749f4/go/src/infra/tricium/functions/gosec/gosec_wrapper_test.go

Sign in to add a comment