Merge pull request #100 from losisin/feature/gosec-and-bearer

feature: scan code with bearer and gosec
losisin · Nov 11, 2024 · e45ac01 · e45ac01
2 parents cf67d96 + 82462e6
commit e45ac01
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 3 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -33,6 +33,15 @@ jobs:
           skip-cache: true
       - name: Check code
         run: make check
+      - name: Run Gosec Security Scanner
+        uses: securego/[email protected]
+        with:
+          args: ./...
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          scanner: secrets,sast
+          diff: true
       - name: Run tests
         run: make test-all
       - name: Install plugin

diff --git a/pkg/generator.go b/pkg/generator.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"gopkg.in/yaml.v3"
@@ -37,7 +38,7 @@ func GenerateJsonSchema(config *Config) error {
 
 	// Iterate over the input YAML files
 	for _, filePath := range config.Input {
-		content, err := os.ReadFile(filePath)
+		content, err := os.ReadFile(filepath.Clean(filePath))
 		if err != nil {
 			return errors.New("error reading YAML file(s)")
 		}
@@ -110,7 +111,7 @@ func GenerateJsonSchema(config *Config) error {
 
 	// Write the JSON schema to the output file
 	outputPath := config.OutputPath
-	if err := os.WriteFile(outputPath, jsonBytes, 0644); err != nil {
+	if err := os.WriteFile(outputPath, jsonBytes, 0600); err != nil {
 		return errors.New("error writing schema to file")
 	}
 

diff --git a/pkg/generator_test.go b/pkg/generator_test.go
@@ -37,7 +37,7 @@ func TestGenerateJsonSchema(t *testing.T) {
 			templateSchemaFile: "../testdata/full.schema.json",
 		},
 		{
-			name: "full json schema",
+			name: "noAdditionalProperties",
 			config: &Config{
 				Draft:                  2020,
 				Indent:                 4,

diff --git a/testdata/anchors.schema.json b/testdata/anchors.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "app": {
             "properties": {
@@ -20,5 +24,6 @@
             "type": "object"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }
diff --git a/testdata/basic.schema.json b/testdata/basic.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "empty": {
             "type": "null"
@@ -57,5 +61,6 @@
             "type": "array"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }
diff --git a/testdata/meta.schema.json b/testdata/meta.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "fullnameOverride": {
             "title": "Full name override",
@@ -50,5 +54,6 @@
             "type": "array"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }