ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-30 23:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use govulncheck instead of nancy

Browse Source
This commit is contained in:
Jamie Curnow
2023-07-24 14:44:59 +10:00
parent fd277973cd
commit 72b071dbaa
3 changed files with 6 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Jenkinsfile vendored
View File

@@ -68,17 +68,10 @@ pipeline {
} }
} }
} }
stage('Frontend') { stage('Build') {
steps { steps {
sh './scripts/ci/build-frontend' sh './scripts/ci/build-frontend'
}
}
stage('Backend') {
steps {
withCredentials([usernamePassword(credentialsId: 'oss-index-token', passwordVariable: 'NANCY_TOKEN', usernameVariable: 'NANCY_USER')]) {
sh './scripts/ci/test-backend' sh './scripts/ci/test-backend'
}
// Build all the golang binaries
sh './scripts/ci/build-backend' sh './scripts/ci/build-backend'
// Build the docker image used for testing below // Build the docker image used for testing below
sh '''docker build --pull --no-cache \\ sh '''docker build --pull --no-cache \\

37
backend/.nancy-ignore
View File

@@ -1,37 +0,0 @@
# If you need to ignore any of nancy's warnings add them
# here with a reference to the package/version that
# triggers them and rational for ignoring it.
# pkg:golang/github.com/coreos/etcd@3.3.10
# etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation
CVE-2020-15115
# pkg:golang/github.com/coreos/etcd@3.3.10
# In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records
CVE-2020-15136
# pkg:golang/github.com/coreos/etcd@3.3.10
# In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access
CVE-2020-15114
# pkg:golang/github.com/gorilla/websocket@1.4.0
# Integer Overflow or Wraparound
CWE-190
# jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict...
CVE-2020-26160
# https://ossindex.sonatype.org/vulnerability/sonatype-2021-1485
sonatype-2021-1485
# CWE-770: Allocation of Resources Without Limits or Throttling
CVE-2022-41717
CVE-2022-41723
# CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
CVE-2022-41723
# CWE-20: Improper Input Validation
CVE-2023-26125
# CWE-494: Download of Code Without Integrity Check
CVE-2023-29401

9
scripts/ci/test-backend
View File

@@ -31,14 +31,13 @@ echo " NOW: $NOW"
if [ "${1:-}" = "--inside-docker" ]; then if [ "${1:-}" = "--inside-docker" ]; then
mkdir -p /workspace mkdir -p /workspace
echo -e "${BLUE} ${CYAN}Nancy setup${RESET}" echo -e "${BLUE} ${CYAN}govulncheck setup${RESET}"
cd /workspace cd /workspace
# go get github.com/sonatype-nexus-community/nancy cp /app/backend/go.mod /app/backend/go.sum .
cp /app/backend/go.mod /app/backend/go.sum /app/backend/.nancy-ignore .
go mod download go mod download
echo -e "${BLUE} ${CYAN}Nancy testing${RESET}" echo -e "${BLUE} ${CYAN}govulncheck testing${RESET}"
go list -json -m all | nancy sleuth --quiet --username "${NANCY_USER}" --token "${NANCY_TOKEN:-}" govulncheck ./...
rm -rf /workspace rm -rf /workspace
echo -e "${BLUE} ${CYAN}Testing backend code${RESET}" echo -e "${BLUE} ${CYAN}Testing backend code${RESET}"