I am using gosec 1.3.0, go version go1.12.17. golang.org/x/term revision “7de9c90e9dd184706b838f536a1cbf40a296ddb7”
When I use gosec to scan files, it complains the const variable redeclared.
./vendor/golang.org/x/term/term_unix_linux.go:9:7: ioctlReadTermios redeclared in this block
./vendor/golang.org/x/term/term_unix_aix.go:9:7: other declaration of ioctlReadTermios
./vendor/golang.org/x/term/term_unix_linux.go:10:7: ioctlWriteTermios redeclared in this block
./vendor/golang.org/x/term/term_unix_aix.go:10:7: other declaration of ioctlWriteTermios
The go build is successfully. I am wondering how to bypass or ignore this gosec complains.
Generally speaking, I will investigate all warnings and reports from gosec with honest-to-goodness root cause reasoning. However, for this case, there are still some questionable aspects. The next few steps are crucial:
If they are reproducible, raise an issue ticket with gosec team first as “QUESTION” with the latest tools’ result. They will answer your query relatively fast.
If their advice is to contact the Go development team, you can send an email to https://groups.google.com/forum/#!forum/golang-nuts before raising a ticket in golang’s Github. Then, follow the Go core developers’ advice from there (if they ask you to raise the ticket, you may proceed).
There is nothing much we can do here aside answering Go programming queries.
If the above is too much, you might consider using other terminal packages from golang.org/x extended packages.
I have tried by using gosec version v2.5.0, with -e GO111MODULE=off, with go version 1.12.17. It works fine now. I believe this is the version compatible issue, which can be resolved by upgrading the version.
Great! Could you choose appropriate post and as “mark as solution” especially security related matter please? This helps others stop tracking or continue working on the issue at hand.
.