From 4d3081130e59779fc660034553bc1bdb80b5ae87 Mon Sep 17 00:00:00 2001
From: Antonio Gamez Diaz <agamez@vmware.com>
Date: Thu, 30 Jun 2022 13:53:55 +0200
Subject: [PATCH 1/2] Add gosec to asset-syncer

Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
---
 cmd/asset-syncer/Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cmd/asset-syncer/Dockerfile b/cmd/asset-syncer/Dockerfile
index 14961c734f9..f69905eadf6 100644
--- a/cmd/asset-syncer/Dockerfile
+++ b/cmd/asset-syncer/Dockerfile
@@ -9,6 +9,13 @@ COPY go.mod go.sum ./
 COPY pkg pkg
 COPY cmd cmd
 ARG VERSION
+
+ARG GOSEC_VERSION="2.12.0"
+RUN curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v$GOSEC_VERSION
+
+# Run gosec to detect any security-related error at build time
+RUN gosec ./cmd/asset-syncer/...
+
 # With the trick below, Go's build cache is kept between builds.
 # https://github.com/golang/go/issues/27719#issuecomment-514747274
 RUN --mount=type=cache,target=/go/pkg/mod \

From c558bd433a0b7613de791a832673fa3d3217f5c9 Mon Sep 17 00:00:00 2001
From: Antonio Gamez Diaz <agamez@vmware.com>
Date: Thu, 30 Jun 2022 18:07:45 +0200
Subject: [PATCH 2/2] Fix gosec issues

Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
---
 cmd/asset-syncer/server/postgresql_utils.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/cmd/asset-syncer/server/postgresql_utils.go b/cmd/asset-syncer/server/postgresql_utils.go
index 5ee106d9cbe..fa088216f20 100644
--- a/cmd/asset-syncer/server/postgresql_utils.go
+++ b/cmd/asset-syncer/server/postgresql_utils.go
@@ -40,10 +40,12 @@ func newPGManager(config dbutils.Config, globalReposNamespace string) (assetMana
 // imported into the database as fast as possible. E.g. we want all icons for
 // charts before fetching readmes for each chart and version pair.
 func (m *postgresAssetManager) Sync(repo models.Repo, charts []models.Chart) error {
-	m.InitTables()
-
+	err := m.InitTables()
+	if err != nil {
+		return err
+	}
 	// Ensure the repo exists so FK constraints will be met.
-	_, err := m.EnsureRepoExists(repo.Namespace, repo.Name)
+	_, err = m.EnsureRepoExists(repo.Namespace, repo.Name)
 	if err != nil {
 		return err
 	}
@@ -61,7 +63,10 @@ func (m *postgresAssetManager) LastChecksum(repo models.Repo) string {
 	var lastChecksum string
 	row := m.DB.QueryRow(fmt.Sprintf("SELECT checksum FROM %s WHERE name = $1 AND namespace = $2", dbutils.RepositoryTable), repo.Name, repo.Namespace)
 	if row != nil {
-		row.Scan(&lastChecksum)
+		err := row.Scan(&lastChecksum)
+		if err != nil {
+			return ""
+		}
 	}
 	return lastChecksum
 }