mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Add nancy vulnerability scanner (#10289)
This commit is contained in:
parent
3acb5cff45
commit
c8b84a0e9e
6
.github/workflows/go.yml
vendored
6
.github/workflows/go.yml
vendored
@ -4,7 +4,6 @@ on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@ -12,7 +11,7 @@ jobs:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
go-version: [1.14.x]
|
||||
go-version: [1.14.x, 1.15.x]
|
||||
os: [ubuntu-latest, windows-latest]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
@ -39,6 +38,9 @@ jobs:
|
||||
MINIO_CI_CD: 1
|
||||
run: |
|
||||
sudo apt-get install devscripts shellcheck
|
||||
nancy_version=$(curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/sonatype-nexus-community/nancy/releases/latest | sed "s/https:\/\/github.com\/sonatype-nexus-community\/nancy\/releases\/tag\///")
|
||||
curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-linux.amd64-${nancy_version} && chmod +x nancy
|
||||
go list -m all | ./nancy
|
||||
make
|
||||
diff -au <(gofmt -s -d cmd) <(printf "")
|
||||
diff -au <(gofmt -s -d pkg) <(printf "")
|
||||
|
5
.nancy-ignore
Normal file
5
.nancy-ignore
Normal file
@ -0,0 +1,5 @@
|
||||
CVE-2020-13223
|
||||
CVE-2020-7220
|
||||
CVE-2020-10661
|
||||
CVE-2020-10660
|
||||
CWE-190
|
@ -530,7 +530,7 @@ func checkAzureUploadID(ctx context.Context, uploadID string) (err error) {
|
||||
func parseAzurePart(metaPartFileName, prefix string) (partID int, err error) {
|
||||
partStr := strings.TrimPrefix(metaPartFileName, prefix+minio.SlashSeparator)
|
||||
if partID, err = strconv.Atoi(partStr); err != nil || partID <= 0 {
|
||||
err = fmt.Errorf("invalid part number in block id '%s'", string(partID))
|
||||
err = fmt.Errorf("invalid part number in block id '%d'", partID)
|
||||
return
|
||||
}
|
||||
return
|
||||
|
@ -153,8 +153,8 @@ func (api objectAPIHandlers) ListenNotificationHandler(w http.ResponseWriter, r
|
||||
for {
|
||||
select {
|
||||
case evI := <-listenCh:
|
||||
ev := evI.(event.Event)
|
||||
if len(string(ev.EventName)) > 0 {
|
||||
ev, ok := evI.(event.Event)
|
||||
if ok {
|
||||
if err := enc.Encode(struct{ Records []event.Event }{[]event.Event{ev}}); err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -20,6 +20,7 @@ import (
|
||||
"encoding/xml"
|
||||
"io"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
@ -100,10 +101,10 @@ func (c Config) Validate(bucket string, sameTarget bool) error {
|
||||
if err := r.Validate(bucket, sameTarget); err != nil {
|
||||
return err
|
||||
}
|
||||
if _, ok := priorityMap[string(r.Priority)]; ok {
|
||||
if _, ok := priorityMap[strconv.Itoa(r.Priority)]; ok {
|
||||
return errReplicationUniquePriority
|
||||
}
|
||||
priorityMap[string(r.Priority)] = struct{}{}
|
||||
priorityMap[strconv.Itoa(r.Priority)] = struct{}{}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -17,8 +17,6 @@
|
||||
package target
|
||||
|
||||
import (
|
||||
"path"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
xnet "github.com/minio/minio/pkg/net"
|
||||
@ -92,47 +90,3 @@ func TestNatsConnToken(t *testing.T) {
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnTLSCustomCA(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnTLSClientAuthorization(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
|
||||
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
77
pkg/event/target/nats_tls_test.go
Normal file
77
pkg/event/target/nats_tls_test.go
Normal file
@ -0,0 +1,77 @@
|
||||
/*
|
||||
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package target
|
||||
|
||||
import (
|
||||
"path"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"testing"
|
||||
|
||||
xnet "github.com/minio/minio/pkg/net"
|
||||
natsserver "github.com/nats-io/nats-server/v2/test"
|
||||
)
|
||||
|
||||
func TestNatsConnTLSCustomCA(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
if runtime.Version() == "go1.15" {
|
||||
t.Skip()
|
||||
}
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
||||
|
||||
func TestNatsConnTLSClientAuthorization(t *testing.T) {
|
||||
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
|
||||
defer s.Shutdown()
|
||||
|
||||
clientConfig := &NATSArgs{
|
||||
Enable: true,
|
||||
Address: xnet.Host{Name: "localhost",
|
||||
Port: (xnet.Port(opts.Port)),
|
||||
IsPortSet: true},
|
||||
Subject: "test",
|
||||
Secure: true,
|
||||
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
|
||||
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
|
||||
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
|
||||
}
|
||||
|
||||
con, err := clientConfig.connectNats()
|
||||
if err != nil {
|
||||
if runtime.Version() == "go1.15" {
|
||||
t.Skip()
|
||||
}
|
||||
t.Errorf("Could not connect to nats: %v", err)
|
||||
}
|
||||
defer con.Close()
|
||||
}
|
Loading…
Reference in New Issue
Block a user