diff --git a/.security-alert.log b/.security-alert.log new file mode 100644 index 0000000000..94323e805e --- /dev/null +++ b/.security-alert.log @@ -0,0 +1,14 @@ +* G404 - /home/runner/work/dex/dex/storage/kubernetes/storage.go:737 (HIGH) - Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) +* G402 - /home/runner/work/dex/dex/storage/sql/config.go:320 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/storage/ent/mysql.go:130 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/examples/grpc-client/client.go:33-36 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/examples/example-app/main.go:44 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/connector/openshift/openshift.go:272 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/connector/openshift/openshift.go:268 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/connector/github/github.go:213 (HIGH) - TLS MinVersion too low. +* G402 - /home/runner/work/dex/dex/connector/openshift/openshift.go:270 (HIGH) - TLS InsecureSkipVerify set true. +* G402 - /home/runner/work/dex/dex/connector/oauth/oauth.go:129 (HIGH) - TLS InsecureSkipVerify set true. +* G402 - /home/runner/work/dex/dex/connector/ldap/ldap.go:257 (HIGH) - TLS InsecureSkipVerify may be true. +* G402 - /home/runner/work/dex/dex/connector/keystone/keystone.go:186 (HIGH) - TLS InsecureSkipVerify may be true. +* G101 - /home/runner/work/dex/dex/connector/saml/saml.go:46 (HIGH) - Potential hardcoded credentials +* G101 - /home/runner/work/dex/dex/connector/linkedin/linkedin.go:21 (HIGH) - Potential hardcoded credentials diff --git a/tmp/gosec-report.json b/tmp/gosec-report.json new file mode 100644 index 0000000000..a7bd85b208 --- /dev/null +++ b/tmp/gosec-report.json @@ -0,0 +1,524 @@ +{ + "Golang errors": {}, + "Issues": [ + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "/home/runner/work/dex/dex/storage/kubernetes/storage.go", + "code": "736: \t\tstep := policy[attempts]\n737: \t\treturn time.Duration(step*5+rand.Intn(step)) * time.Microsecond\n738: \t}\n", + "line": "737", + "column": "31", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/storage/sql/config.go", + "code": "319: func (s *MySQL) makeTLSConfig() error {\n320: \tcfg := \u0026tls.Config{}\n321: \tif s.SSL.CAFile != \"\" {\n", + "line": "320", + "column": "10", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/storage/ent/mysql.go", + "code": "129: func (m *MySQL) makeTLSConfig() error {\n130: \tcfg := \u0026tls.Config{}\n131: \n", + "line": "130", + "column": "10", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/examples/grpc-client/client.go", + "code": "32: \n33: \tclientTLSConfig := \u0026tls.Config{\n34: \t\tRootCAs: cPool,\n35: \t\tCertificates: []tls.Certificate{clientCert},\n36: \t}\n37: \tcreds := credentials.NewTLS(clientTLSConfig)\n", + "line": "33-36", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/examples/example-app/main.go", + "code": "43: func httpClientForRootCAs(rootCAs string) (*http.Client, error) {\n44: \ttlsConfig := tls.Config{RootCAs: x509.NewCertPool()}\n45: \trootCABytes, err := os.ReadFile(rootCAs)\n", + "line": "44", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/connector/openshift/openshift.go", + "code": "271: \t} else if rootCA != \"\" {\n272: \t\ttlsConfig = tls.Config{RootCAs: x509.NewCertPool()}\n273: \t\trootCABytes, err := os.ReadFile(rootCA)\n", + "line": "272", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/connector/openshift/openshift.go", + "code": "267: func newHTTPClient(insecureCA bool, rootCA string) (*http.Client, error) {\n268: \ttlsConfig := tls.Config{}\n269: \tif insecureCA {\n", + "line": "268", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS MinVersion too low.", + "file": "/home/runner/work/dex/dex/connector/github/github.go", + "code": "212: func newHTTPClient(rootCA string) (*http.Client, error) {\n213: \ttlsConfig := tls.Config{RootCAs: x509.NewCertPool()}\n214: \trootCABytes, err := os.ReadFile(rootCA)\n", + "line": "213", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS InsecureSkipVerify set true.", + "file": "/home/runner/work/dex/dex/connector/openshift/openshift.go", + "code": "269: \tif insecureCA {\n270: \t\ttlsConfig = tls.Config{InsecureSkipVerify: true}\n271: \t} else if rootCA != \"\" {\n", + "line": "270", + "column": "46", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "HIGH", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS InsecureSkipVerify set true.", + "file": "/home/runner/work/dex/dex/connector/oauth/oauth.go", + "code": "128: \n129: \ttlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify}\n130: \tfor _, rootCA := range rootCAs {\n", + "line": "129", + "column": "61", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "LOW", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS InsecureSkipVerify may be true.", + "file": "/home/runner/work/dex/dex/connector/ldap/ldap.go", + "code": "256: \n257: \ttlsConfig := \u0026tls.Config{ServerName: host, InsecureSkipVerify: c.InsecureSkipVerify}\n258: \tif c.RootCA != \"\" || len(c.RootCAData) != 0 {\n", + "line": "257", + "column": "65", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "LOW", + "cwe": { + "id": "295", + "url": "https://cwe.mitre.org/data/definitions/295.html" + }, + "rule_id": "G402", + "details": "TLS InsecureSkipVerify may be true.", + "file": "/home/runner/work/dex/dex/connector/keystone/keystone.go", + "code": "185: \t\tTLSClientConfig: \u0026tls.Config{\n186: \t\t\tInsecureSkipVerify: c.InsecureSkipVerify,\n187: \t\t},\n", + "line": "186", + "column": "24", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "LOW", + "cwe": { + "id": "798", + "url": "https://cwe.mitre.org/data/definitions/798.html" + }, + "rule_id": "G101", + "details": "Potential hardcoded credentials", + "file": "/home/runner/work/dex/dex/connector/saml/saml.go", + "code": "45: \t// subject confirmation methods\n46: \tsubjectConfirmationMethodBearer = \"urn:oasis:names:tc:SAML:2.0:cm:bearer\"\n47: \n", + "line": "46", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "LOW", + "cwe": { + "id": "798", + "url": "https://cwe.mitre.org/data/definitions/798.html" + }, + "rule_id": "G101", + "details": "Potential hardcoded credentials", + "file": "/home/runner/work/dex/dex/connector/linkedin/linkedin.go", + "code": "20: \tauthURL = \"https://www.linkedin.com/oauth/v2/authorization\"\n21: \ttokenURL = \"https://www.linkedin.com/oauth/v2/accessToken\"\n22: )\n", + "line": "21", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "676", + "url": "https://cwe.mitre.org/data/definitions/676.html" + }, + "rule_id": "G114", + "details": "Use of net/http serve function that has no support for setting timeouts", + "file": "/home/runner/work/dex/dex/examples/example-app/main.go", + "code": "187: \t\t\t\tlog.Printf(\"listening on %s\", listen)\n188: \t\t\t\treturn http.ListenAndServeTLS(listenURL.Host, tlsCert, tlsKey, nil)\n189: \t\t\tdefault:\n", + "line": "188", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "676", + "url": "https://cwe.mitre.org/data/definitions/676.html" + }, + "rule_id": "G114", + "details": "Use of net/http serve function that has no support for setting timeouts", + "file": "/home/runner/work/dex/dex/examples/example-app/main.go", + "code": "184: \t\t\t\tlog.Printf(\"listening on %s\", listen)\n185: \t\t\t\treturn http.ListenAndServe(listenURL.Host, nil)\n186: \t\t\tcase \"https\":\n", + "line": "185", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "LOW", + "cwe": { + "id": "79", + "url": "https://cwe.mitre.org/data/definitions/79.html" + }, + "rule_id": "G203", + "details": "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.", + "file": "/home/runner/work/dex/dex/server/handlers.go", + "code": "178: \t\t\tType: conn.Type,\n179: \t\t\tURL: template.URL(connURL.String()),\n180: \t\t}\n", + "line": "179", + "column": "10", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "78", + "url": "https://cwe.mitre.org/data/definitions/78.html" + }, + "rule_id": "G204", + "details": "Subprocess launched with variable", + "file": "/home/runner/work/dex/dex/cmd/docker-entrypoint/main.go", + "code": "39: \n40: \tif err := syscall.Exec(argv0, args, os.Environ()); err != nil {\n41: \t\treturn fmt.Errorf(\"cannot exec command %s (%q): %w\", args, argv0, err)\n", + "line": "40", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "78", + "url": "https://cwe.mitre.org/data/definitions/78.html" + }, + "rule_id": "G204", + "details": "Subprocess launched with a potential tainted input or cmd arguments", + "file": "/home/runner/work/dex/dex/cmd/docker-entrypoint/main.go", + "code": "28: \tif fork {\n29: \t\tif output, err := exec.Command(args[0], args[1:]...).CombinedOutput(); err != nil {\n30: \t\t\treturn fmt.Errorf(\"cannot fork/exec command %s: %w (output: %q)\", args, err, string(output))\n", + "line": "29", + "column": "21", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/storage/kubernetes/client.go", + "code": "451: func namespaceFromFile(path string) (string, error) {\n452: \tdata, err := os.ReadFile(path)\n453: \tif err != nil {\n", + "line": "452", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/storage/kubernetes/client.go", + "code": "405: func loadKubeConfig(kubeConfigPath string) (cluster k8sapi.Cluster, user k8sapi.AuthInfo, namespace string, err error) {\n406: \tdata, err := os.ReadFile(kubeConfigPath)\n407: \tif err != nil {\n", + "line": "406", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/storage/kubernetes/client.go", + "code": "338: \t\t}\n339: \t\treturn os.ReadFile(file)\n340: \t}\n", + "line": "339", + "column": "10", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/examples/grpc-client/client.go", + "code": "19: \tcPool := x509.NewCertPool()\n20: \tcaCert, err := os.ReadFile(caPath)\n21: \tif err != nil {\n", + "line": "20", + "column": "17", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/examples/example-app/main.go", + "code": "44: \ttlsConfig := tls.Config{RootCAs: x509.NewCertPool()}\n45: \trootCABytes, err := os.ReadFile(rootCAs)\n46: \tif err != nil {\n", + "line": "45", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/connector/openshift/openshift.go", + "code": "272: \t\ttlsConfig = tls.Config{RootCAs: x509.NewCertPool()}\n273: \t\trootCABytes, err := os.ReadFile(rootCA)\n274: \t\tif err != nil {\n", + "line": "273", + "column": "23", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/connector/oauth/oauth.go", + "code": "130: \tfor _, rootCA := range rootCAs {\n131: \t\trootCABytes, err := os.ReadFile(rootCA)\n132: \t\tif err != nil {\n", + "line": "131", + "column": "23", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/connector/google/google.go", + "code": "301: \t} else {\n302: \t\tjsonCredentials, err = os.ReadFile(serviceAccountFilePath)\n303: \t\tif err != nil {\n", + "line": "302", + "column": "26", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/connector/github/github.go", + "code": "213: \ttlsConfig := tls.Config{RootCAs: x509.NewCertPool()}\n214: \trootCABytes, err := os.ReadFile(rootCA)\n215: \tif err != nil {\n", + "line": "214", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "/home/runner/work/dex/dex/cmd/dex/serve.go", + "code": "79: \tconfigFile := options.config\n80: \tconfigData, err := os.ReadFile(configFile)\n81: \tif err != nil {\n", + "line": "80", + "column": "21", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "LOW", + "cwe": { + "id": "400", + "url": "https://cwe.mitre.org/data/definitions/400.html" + }, + "rule_id": "G112", + "details": "Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server", + "file": "/home/runner/work/dex/dex/cmd/dex/serve.go", + "code": "437: \n438: \t\tserver := \u0026http.Server{\n439: \t\t\tHandler: serv,\n440: \t\t\tTLSConfig: \u0026tls.Config{\n441: \t\t\t\tCipherSuites: allowedTLSCiphers,\n442: \t\t\t\tPreferServerCipherSuites: true,\n443: \t\t\t\tMinVersion: tls.VersionTLS12,\n444: \t\t\t},\n445: \t\t}\n446: \t\tdefer server.Close()\n", + "line": "438-445", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "LOW", + "cwe": { + "id": "400", + "url": "https://cwe.mitre.org/data/definitions/400.html" + }, + "rule_id": "G112", + "details": "Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server", + "file": "/home/runner/work/dex/dex/cmd/dex/serve.go", + "code": "408: \n409: \t\tserver := \u0026http.Server{\n410: \t\t\tHandler: serv,\n411: \t\t}\n412: \t\tdefer server.Close()\n", + "line": "409-411", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "LOW", + "cwe": { + "id": "400", + "url": "https://cwe.mitre.org/data/definitions/400.html" + }, + "rule_id": "G112", + "details": "Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server", + "file": "/home/runner/work/dex/dex/cmd/dex/serve.go", + "code": "379: \n380: \t\tserver := \u0026http.Server{\n381: \t\t\tHandler: telemetryRouter,\n382: \t\t}\n383: \t\tdefer server.Close()\n", + "line": "380-382", + "column": "14", + "nosec": false, + "suppressions": null + } + ], + "Stats": { + "files": 186, + "lines": 66210, + "nosec": 0, + "found": 32 + }, + "GosecVersion": "dev" +} \ No newline at end of file diff --git a/tmp/pr-body.md b/tmp/pr-body.md new file mode 100644 index 0000000000..66135101a4 --- /dev/null +++ b/tmp/pr-body.md @@ -0,0 +1,85 @@ +# 🚨 Gosec Vulnerability Report (High/Critical) +* File: /home/runner/work/dex/dex/storage/kubernetes/storage.go + • Line: 737 + • Rule ID: G404 + • Details: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand) + • Confidence: MEDIUM + • Severity: HIGH +* File: /home/runner/work/dex/dex/storage/sql/config.go + • Line: 320 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/storage/ent/mysql.go + • Line: 130 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/examples/grpc-client/client.go + • Line: 33-36 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/examples/example-app/main.go + • Line: 44 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/openshift/openshift.go + • Line: 272 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/openshift/openshift.go + • Line: 268 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/github/github.go + • Line: 213 + • Rule ID: G402 + • Details: TLS MinVersion too low. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/openshift/openshift.go + • Line: 270 + • Rule ID: G402 + • Details: TLS InsecureSkipVerify set true. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/oauth/oauth.go + • Line: 129 + • Rule ID: G402 + • Details: TLS InsecureSkipVerify set true. + • Confidence: HIGH + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/ldap/ldap.go + • Line: 257 + • Rule ID: G402 + • Details: TLS InsecureSkipVerify may be true. + • Confidence: LOW + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/keystone/keystone.go + • Line: 186 + • Rule ID: G402 + • Details: TLS InsecureSkipVerify may be true. + • Confidence: LOW + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/saml/saml.go + • Line: 46 + • Rule ID: G101 + • Details: Potential hardcoded credentials + • Confidence: LOW + • Severity: HIGH +* File: /home/runner/work/dex/dex/connector/linkedin/linkedin.go + • Line: 21 + • Rule ID: G101 + • Details: Potential hardcoded credentials + • Confidence: LOW + • Severity: HIGH