Gosec 1.3.0 complains golang.org/x/term const variable redeclared

I am using gosec 1.3.0, go version go1.12.17. golang.org/x/term revision “7de9c90e9dd184706b838f536a1cbf40a296ddb7”

When I use gosec to scan files, it complains the const variable redeclared.

./vendor/golang.org/x/term/term_unix_linux.go:9:7: ioctlReadTermios redeclared in this block
./vendor/golang.org/x/term/term_unix_aix.go:9:7:         other declaration of ioctlReadTermios
./vendor/golang.org/x/term/term_unix_linux.go:10:7: ioctlWriteTermios redeclared in this block
./vendor/golang.org/x/term/term_unix_aix.go:10:7:        other declaration of ioctlWriteTermios

The go build is successfully. I am wondering how to bypass or ignore this gosec complains.


Welcome to Golang Bridge :rocket: :fireworks:.

Generally speaking, I will investigate all warnings and reports from gosec with honest-to-goodness root cause reasoning. However, for this case, there are still some questionable aspects. The next few steps are crucial:

  1. Upgrade your toolkit to the latest version and check its reproducible state.
    1.1. gosec is currently 2.5.0 (https://github.com/securego/gosec)
    1.2. Go is currently 1.15.6 (Go 1.15.6 and Go 1.14.13 are released)
  2. If they are reproducible, raise an issue ticket with gosec team first as “QUESTION” with the latest tools’ result. They will answer your query relatively fast.
  3. If their advice is to contact the Go development team, you can send an email to https://groups.google.com/forum/#!forum/golang-nuts before raising a ticket in golang’s Github. Then, follow the Go core developers’ advice from there (if they ask you to raise the ticket, you may proceed).

There is nothing much we can do here aside answering Go programming queries.

If the above is too much, you might consider using other terminal packages from golang.org/x extended packages.

1 Like

Thanks hollowaykeanho,

I have tried by using gosec version v2.5.0, with -e GO111MODULE=off, with go version 1.12.17. It works fine now. I believe this is the version compatible issue, which can be resolved by upgrading the version.

Thanks again!

Great! Could you choose appropriate post and as “mark as solution” especially security related matter please? This helps others stop tracking or continue working on the issue at hand.

Thanks in adv.

1 Like

Solution was marked. Thanks.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.