Hugging Face's logo

Spaces:
AUXteam
/
WitNote
Sleeping

App Files Community
WitNote
File size: 2,609 Bytes
6a7089a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
# Run gosec security scan locally with the same config as CI
set -e

# Ensure ~/go/bin is in PATH
export PATH="$HOME/go/bin:$PATH"

# Check if gosec is installed
if ! command -v gosec &> /dev/null; then
    echo "Installing gosec..."
    go install github.com/securego/gosec/v2/cmd/gosec@latest
fi

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Running gosec security scan..."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "⏱️  This may take 3-5 minutes on local machines"
echo "   (CI runs faster on optimized GitHub runners)"
echo ""

START_TIME=$(date +%s)

# Run gosec with the same config as CI
# Note: This scans all Go code, same as the CI does
gosec -exclude=G301,G302,G304,G306,G404,G107,G115,G703,G704,G705,G706 \
  -fmt=json \
  -out=gosec-results.json \
  ./... 2>&1 | grep -E "Checking (file|package)" | tail -10 || true

END_TIME=$(date +%s)
DURATION=$((END_TIME - START_TIME))

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Security Scan Results (${DURATION}s)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

# Check if results file exists
if [ ! -f gosec-results.json ]; then
  echo "❌ No results file generated (scan may have failed)"
  exit 1
fi

cat gosec-results.json | jq -r '.Stats'
echo ""

# Check for critical findings (same as CI)
ISSUES=$(cat gosec-results.json | jq '[.Issues[] | select(.rule_id == "G112" or .rule_id == "G204")] | length')
echo "Critical issues (G112, G204): $ISSUES"

if [ "$ISSUES" -gt 0 ]; then
  echo ""
  echo "❌ CRITICAL ISSUES FOUND (will fail CI):"
  cat gosec-results.json | jq -r '.Issues[] | select(.rule_id == "G112" or .rule_id == "G204")'
  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
  exit 1
else
  echo "βœ… No critical issues (CI will pass)"

  TOTAL=$(cat gosec-results.json | jq '.Stats.found')
  if [ "$TOTAL" -gt 0 ]; then
    echo ""
    echo "ℹ️  Other issues found (excluded from CI):"
    cat gosec-results.json | jq -r '.Issues[0:5] | .[] | "  \(.severity): \(.rule_id) at \(.file):\(.line)"'
    echo ""
    echo "Full report: gosec-results.json"
  fi
fi

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"