Added gosec

dooman87 · dooman87 · commit 3c7ae8b41a64 · 2025-02-03T21:19:19.000+11:00
diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml
@@ -45,6 +45,12 @@ jobs:
           tags: transformimgs-dev
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
+      -
+        name: Gosec
+        id: gosec
+        uses: securego/gosec@master
+        with:
+          args: ./...
       -
         name: Run tests
         run: |
diff --git a/cmd/main.go b/cmd/main.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"os"
 	"runtime"
+	"time"
 )
 
 func main() {
@@ -46,7 +47,13 @@ func main() {
 	router.HandleFunc("/health", health.Health)
 
 	img.Log.Printf("Running the application on port 8080...\n")
-	err = http.ListenAndServe(":8080", router)
+	server := http.Server{
+		Addr:         ":8080",
+		Handler:      router,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+	}
+	err = server.ListenAndServe()
 
 	if err != nil {
 		img.Log.Errorf("Error while stopping application: %+v", err)
diff --git a/img/processor/imagemagick.go b/img/processor/imagemagick.go
@@ -252,7 +252,7 @@ func (p *ImageMagick) Optimise(config *img.TransformationConfig) (*img.Image, er
 
 func (p *ImageMagick) execImagemagick(in *bytes.Reader, args []string, imgId string) ([]byte, error) {
 	var out, cmderr bytes.Buffer
-	cmd := exec.Command(p.convertCmd)
+	cmd := exec.Command(p.convertCmd) // #nosec G204 - sanitizing before assigning
 
 	cmd.Args = append(cmd.Args, args...)
 
@@ -295,7 +295,7 @@ func (p *ImageMagick) LoadImageInfo(src *img.Image) (*img.Info, error) {
 	var out, cmderr bytes.Buffer
 	imgId := src.Id
 	in := bytes.NewReader(src.Data)
-	cmd := exec.Command(p.identifyCmd)
+	cmd := exec.Command(p.identifyCmd) // #nosec G204 - sanitizing before assigning
 	cmd.Args = append(cmd.Args, "-format", "%m %Q %[opaque] %w %h", "-")
 
 	cmd.Stdin = in
