GODT-1853: ignore for CVE-2021-33194 false positive + add several try to gobinsec

2022-09-22 17:08:07 +02:00
parent 1cc7ea5ca7
commit a635b023f6
3 changed files with 10 additions and 1 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -270,7 +270,7 @@ check-gobinsec:
    - cp ./gobinsec-cache-valid.yml ./gobinsec-cache.yml
  script:
    - cat ./gobinsec-cache.yml
-    - gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
+    - ./utils/run_gobinsec.sh
    - cp ./gobinsec-cache.yml ./gobinsec-cache-valid.yml   # Only update cache file if gobinsec succeeds


--- a/utils/gobinsec_conf.yml
+++ b/utils/gobinsec_conf.yml
@ -5,3 +5,7 @@ wait: true
 file:
  name: "./gobinsec-cache.yml"
  expiration: 24h
+
+ignore:
+  # golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af
+  - "CVE-2021-33194"
--- a/utils/run_gobinsec.sh
+++ b/utils/run_gobinsec.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge || FAILED=true
+if [ $FAILED ]; then
+  gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
+fi