Merge pull request #31 from Conjur-Enterprise/fix-gosec

szh · GitHub Enterprise · commit dbc5a3df4736 · 2024-06-25T18:55:53.000+03:00
CNJR-5372: Fix 'nosec' comments
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -209,6 +209,17 @@ To run linting checks via the Code Climate golint engine, simply run:
 ./bin/check_style
 ```
 
+### gosec
+
+We use [gosec](https://github.com/securego/gosec) to perform static analysis of
+our codebase in our CI for all changed code. To run gosec locally for the entire
+repository, simply run:
+
+```sh-session
+go install github.com/securego/gosec/v2/cmd/gosec@latest
+$(go env GOPATH)/bin/gosec ./...
+```
+
 ### Testing Individual Connectors
 
 For instructions on how to test individual connectors, see the README.md file in
diff --git a/bin/juxtaposer/tester/db/db.go b/bin/juxtaposer/tester/db/db.go
@@ -77,13 +77,12 @@ func (manager *DriverManager) ensureWantedDbDataState() error {
 		insertItemStatement := QueryTypes["insertItem"] +
 			fmt.Sprintf("(%s)", manager.Tester.GetQueryMarkers(5))
 
-		/* #nosec */
 		err = manager.Tester.Query(insertItemStatement,
 			fmt.Sprintf("%s%d", NameFieldPrefix, itemIndex),
 			itemIndex,
 			time.Now().AddDate(0, 0, itemIndex),
 			float32(itemIndex)*10,
-			rand.Int31()&0x1,
+			rand.Int31()&0x1, // #nosec
 		)
 
 		if err != nil {
diff --git a/third_party/go-mssqldb b/third_party/go-mssqldb
@@ -1 +1 @@
-Subproject commit 77801ab862fa5428431672d8c0ad264823670a2d
+Subproject commit 1a872cff59b3e390ba11993f714de2bc0d6658c4
