MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-05 04:10:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add nancy vulnerability scanner (#10289)

Browse Source
This commit is contained in:
Harshavardhana 2020-08-19 14:25:21 -07:00 committed by GitHub
parent 3acb5cff45
commit c8b84a0e9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 92 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/go.yml vendored
View File

@ -4,7 +4,6 @@ on:
pull_request: pull_request:
branches: branches:
- master - master
- release
jobs: jobs:
build: build:
@ -12,7 +11,7 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
matrix: matrix:
go-version: [1.14.x] go-version: [1.14.x, 1.15.x]
os: [ubuntu-latest, windows-latest] os: [ubuntu-latest, windows-latest]
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -39,6 +38,9 @@ jobs:
MINIO_CI_CD: 1 MINIO_CI_CD: 1
run: | run: |
sudo apt-get install devscripts shellcheck sudo apt-get install devscripts shellcheck
nancy_version=$(curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/sonatype-nexus-community/nancy/releases/latest | sed "s/https:\/\/github.com\/sonatype-nexus-community\/nancy\/releases\/tag\///")
curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-linux.amd64-${nancy_version} && chmod +x nancy
go list -m all | ./nancy
make make
diff -au <(gofmt -s -d cmd) <(printf "") diff -au <(gofmt -s -d cmd) <(printf "")
diff -au <(gofmt -s -d pkg) <(printf "") diff -au <(gofmt -s -d pkg) <(printf "")

5
.nancy-ignore Normal file
View File

@ -0,0 +1,5 @@
CVE-2020-13223
CVE-2020-7220
CVE-2020-10661
CVE-2020-10660
CWE-190

2
cmd/gateway/azure/gateway-azure.go
View File

@ -530,7 +530,7 @@ func checkAzureUploadID(ctx context.Context, uploadID string) (err error) {
func parseAzurePart(metaPartFileName, prefix string) (partID int, err error) { func parseAzurePart(metaPartFileName, prefix string) (partID int, err error) {
partStr := strings.TrimPrefix(metaPartFileName, prefix+minio.SlashSeparator) partStr := strings.TrimPrefix(metaPartFileName, prefix+minio.SlashSeparator)
if partID, err = strconv.Atoi(partStr); err != nil || partID <= 0 { if partID, err = strconv.Atoi(partStr); err != nil || partID <= 0 {
err = fmt.Errorf("invalid part number in block id '%s'", string(partID)) err = fmt.Errorf("invalid part number in block id '%d'", partID)
return return
} }
return return

4
cmd/listen-notification-handlers.go
View File

@ -153,8 +153,8 @@ func (api objectAPIHandlers) ListenNotificationHandler(w http.ResponseWriter, r
for { for {
select { select {
case evI := <-listenCh: case evI := <-listenCh:
ev := evI.(event.Event) ev, ok := evI.(event.Event)
if len(string(ev.EventName)) > 0 { if ok {
if err := enc.Encode(struct{ Records []event.Event }{[]event.Event{ev}}); err != nil { if err := enc.Encode(struct{ Records []event.Event }{[]event.Event{ev}}); err != nil {
return return
} }

5
pkg/bucket/replication/replication.go
View File

@ -20,6 +20,7 @@ import (
"encoding/xml" "encoding/xml"
"io" "io"
"sort" "sort"
"strconv"
"strings" "strings"
) )
@ -100,10 +101,10 @@ func (c Config) Validate(bucket string, sameTarget bool) error {
if err := r.Validate(bucket, sameTarget); err != nil { if err := r.Validate(bucket, sameTarget); err != nil {
return err return err
} }
if _, ok := priorityMap[string(r.Priority)]; ok { if _, ok := priorityMap[strconv.Itoa(r.Priority)]; ok {
return errReplicationUniquePriority return errReplicationUniquePriority
} }
priorityMap[string(r.Priority)] = struct{}{} priorityMap[strconv.Itoa(r.Priority)] = struct{}{}
} }
return nil return nil
} }

46
pkg/event/target/nats_test.go
View File

@ -17,8 +17,6 @@
package target package target
import ( import (
"path"
"path/filepath"
"testing" "testing"
xnet "github.com/minio/minio/pkg/net" xnet "github.com/minio/minio/pkg/net"
@ -92,47 +90,3 @@ func TestNatsConnToken(t *testing.T) {
} }
defer con.Close() defer con.Close()
} }
func TestNatsConnTLSCustomCA(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}
func TestNatsConnTLSClientAuthorization(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}

77
pkg/event/target/nats_tls_test.go Normal file
View File

@ -0,0 +1,77 @@
/*
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package target
import (
"path"
"path/filepath"
"runtime"
"testing"
xnet "github.com/minio/minio/pkg/net"
natsserver "github.com/nats-io/nats-server/v2/test"
)
func TestNatsConnTLSCustomCA(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
if runtime.Version() == "go1.15" {
t.Skip()
}
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}
func TestNatsConnTLSClientAuthorization(t *testing.T) {
s, opts := natsserver.RunServerWithConfig(filepath.Join("testdata", "nats_tls_client_cert.conf"))
defer s.Shutdown()
clientConfig := &NATSArgs{
Enable: true,
Address: xnet.Host{Name: "localhost",
Port: (xnet.Port(opts.Port)),
IsPortSet: true},
Subject: "test",
Secure: true,
CertAuthority: path.Join("testdata", "certs", "root_ca_cert.pem"),
ClientCert: path.Join("testdata", "certs", "nats_client_cert.pem"),
ClientKey: path.Join("testdata", "certs", "nats_client_key.pem"),
}
con, err := clientConfig.connectNats()
if err != nil {
if runtime.Version() == "go1.15" {
t.Skip()
}
t.Errorf("Could not connect to nats: %v", err)
}
defer con.Close()
}