Cosmin Cojocar
Cosmin Cojocar
This is fixed by https://github.com/securego/gosec/pull/912.
This is fixed.
Closing in favour of https://github.com/kubernetes-sigs/security-profiles-operator/pull/1684.
I think this can be closed now since #2067 was resolved. @astoycos please feel free to reopen it if you see the issue still persist after using the next release...
Thanks for opening this issue. I am not sure about the fix. I would avoid to hardcode 3rd party libraries into the rule. Maybe something configurable would be more appropriate.
@mhils I think PR needs a rebase. Thanks
/lgtm
You can try to increase the entropy or change the matching pattern via configuration, maybe it helps to rule out these false positives. The approach used by gosec is not...
This should be now mitigated by the custom patterns supported by the G101 rule.
It is documented in the README, see the configuration for G101 rule https://github.com/securego/gosec#configuration. That is the pattern for variable name, and now also there is a set with predefined patterns...