internal/api/handlers/encryption_handler_test.go:374:19: Error return value of `os.Unsetenv` is not checked (errcheck) defer os.Unsetenv("CHARON_ENCRYPTION_KEY") ^ internal/api/handlers/encryption_handler_test.go:421:14: Error return value of `os.Unsetenv` is not checked (errcheck) os.Unsetenv("CHARON_ENCRYPTION_KEY") ^ internal/api/handlers/encryption_handler_test.go:468:19: Error return value of `os.Unsetenv` is not checked (errcheck) defer os.Unsetenv("CHARON_ENCRYPTION_KEY") ^ internal/api/handlers/encryption_handler_test.go:702:11: Error return value of `os.Setenv` is not checked (errcheck) os.Setenv("CHARON_ENCRYPTION_KEY", currentKey) ^ internal/api/handlers/encryption_handler_test.go:753:11: Error return value of `os.Setenv` is not checked (errcheck) os.Setenv("CHARON_ENCRYPTION_KEY", wrongKey) ^ internal/api/handlers/encryption_handler_test.go:754:11: Error return value of `os.Setenv` is not checked (errcheck) os.Setenv("CHARON_ENCRYPTION_KEY_NEXT", nextKey) ^ internal/api/handlers/pr_coverage_test.go:484:13: Error return value of `sqlDB.Close` is not checked (errcheck) sqlDB.Close() ^ internal/api/handlers/pr_coverage_test.go:589:14: Error return value of `sqlDB.Close` is not checked (errcheck) sqlDB.Close() ^ internal/api/handlers/pr_coverage_test.go:699:13: Error return value of `sqlDB.Close` is not checked (errcheck) sqlDB.Close() ^ internal/api/handlers/security_handler_coverage_test.go:615:16: Error return value of `json.Unmarshal` is not checked (errcheck) json.Unmarshal(w.Body.Bytes(), &tokenResp) ^ internal/api/handlers/security_handler_waf_test.go:194:16: Error return value of `json.Unmarshal` is not checked (errcheck) json.Unmarshal(w.Body.Bytes(), &resp) ^ internal/api/handlers/security_handler_waf_test.go:363:16: Error return value of `json.Unmarshal` is not checked (errcheck) json.Unmarshal(w.Body.Bytes(), &resp) ^ internal/api/handlers/additional_coverage_test.go:642:6: G302: Expect file permissions to be 0600 or less (gosec) _ = os.Chmod(backupsDir, 0o555) ^ internal/api/handlers/additional_coverage_test.go:643:21: G302: Expect file permissions to be 0600 or less (gosec) defer func() { _ = os.Chmod(backupsDir, 0o755) }() ^ internal/api/handlers/backup_handler_test.go:272:6: G302: Expect file permissions to be 0600 or less (gosec) _ = os.Chmod(svc.BackupDir, 0o444) ^ internal/api/handlers/crowdsec_exec.go:34:15: G304: Potential file inclusion via variable (gosec) data, err := os.ReadFile(cmdlinePath) ^ internal/api/handlers/crowdsec_exec.go:69:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(e.pidFile(configDir), []byte(strconv.Itoa(pid)), 0o644); err != nil { ^ internal/api/handlers/crowdsec_exec.go:84:12: G304: Potential file inclusion via variable (gosec) b, err := os.ReadFile(pidFilePath) ^ internal/api/handlers/crowdsec_handler.go:356:12: G301: Expect directory permissions to be 0750 or less (gosec) if err := os.MkdirAll(tmpPath, 0o755); err != nil { ^ internal/api/handlers/crowdsec_handler.go:380:12: G301: Expect directory permissions to be 0750 or less (gosec) if err := os.MkdirAll(h.DataDir, 0o755); err != nil { ^ internal/api/handlers/crowdsec_handler.go:387:13: G304: Potential file inclusion via variable (gosec) in, err := os.Open(dst) ^ internal/api/handlers/crowdsec_handler.go:568:12: G301: Expect directory permissions to be 0750 or less (gosec) if err := os.MkdirAll(filepath.Dir(p), 0o755); err != nil { ^ internal/api/handlers/crowdsec_handler.go:572:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(p, []byte(payload.Content), 0o644); err != nil { ^ internal/api/handlers/crowdsec_handler.go:1519:12: G306: Expect WriteFile permissions to be 0600 or less (gosec) if err := os.WriteFile(acquisPath, []byte(payload.Content), 0o644); err != nil { ^ internal/api/handlers/manual_challenge_handler.go:649:15: G115: integer overflow conversion int -> uint (gosec) return uint(v) ^ internal/api/handlers/manual_challenge_handler.go:651:15: G115: integer overflow conversion int64 -> uint (gosec) return uint(v) ^ internal/api/handlers/security_handler_rules_decisions_test.go:162:92: G115: integer overflow conversion uint -> int (gosec) req = httptest.NewRequest(http.MethodDelete, "/api/v1/security/rulesets/"+strconv.Itoa(int(rs.ID)), http.NoBody) ^ internal/caddy/config.go:463:16: G602: slice index out of range (gosec) host := hosts[i] ^ internal/crowdsec/hub_sync.go:1016:16: G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err := io.Copy(f, tr); err != nil { ^ internal/services/backup_service.go:316:12: G305: File traversal when extracting zip/tar archive (gosec) fpath := filepath.Join(dest, f.Name) ^ internal/services/backup_service.go:345:12: G110: Potential DoS vulnerability via decompression bomb (gosec) _, err = io.Copy(outFile, rc) ^ internal/services/uptime_service_test.go:58:13: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := &http.Server{ Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) }), } internal/services/uptime_service_test.go:831:14: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := &http.Server{ Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusNotFound) }), } internal/util/crypto_test.go:63:2: G101: Potential hardcoded credentials (gosec) secret := "a]3kL9#mP2$vN7@qR5*wX1&yT4^uI8%oE0!" ^ 34 issues: * errcheck: 12 * gosec: 22