gosec: G601: Implicit memory aliasing in for loop

plugin/v2/plugin.go:141:50: G601: Implicit memory aliasing in for loop. (gosec) updateSettingsEnv(&p.PluginObj.Settings.Env, &s) ^ libcontainerd/remote/client.go:572:13: G601: Implicit memory aliasing in for loop. (gosec) cpDesc = &m ^ distribution/push_v2.go:400:34: G601: Implicit memory aliasing in for loop. (gosec) (metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) || ^ builder/dockerfile/builder.go:261:84: G601: Implicit memory aliasing in for loop. (gosec) currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta) ^ builder/dockerfile/builder.go:278:46: G601: Implicit memory aliasing in for loop. (gosec) if err := initializeStage(dispatchRequest, &stage); err != nil { ^ daemon/container.go:283:40: G601: Implicit memory aliasing in for loop. (gosec) if err := parser.ValidateMountConfig(&cfg); err != nil { ^ Signed-off-by: Sebastiaan van Stijn <[email protected]>
flavio · Jun 10, 2021 · d13997b · d13997b
1 parent f77213e
commit d13997b
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 7 deletions.
diff --git a/builder/dockerfile/builder.go b/builder/dockerfile/builder.go
@@ -254,18 +254,19 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions.
 		totalCommands += len(stage.Commands)
 	}
 	shlex := shell.NewLex(escapeToken)
-	for _, meta := range metaArgs {
-		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
+	for i := range metaArgs {
+		currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &metaArgs[i])
 
-		err := processMetaArg(meta, shlex, buildArgs)
+		err := processMetaArg(metaArgs[i], shlex, buildArgs)
 		if err != nil {
 			return nil, err
 		}
 	}
 
 	stagesResults := newStagesBuildResults()
 
-	for _, stage := range parseResult {
+	for _, s := range parseResult {
+		stage := s
 		if err := stagesResults.checkStageNameAvailable(stage.Name); err != nil {
 			return nil, err
 		}

diff --git a/daemon/container.go b/daemon/container.go
@@ -279,7 +279,8 @@ func validateHostConfig(hostConfig *containertypes.HostConfig, platform string)
 	}
 	// Validate mounts; check if host directories still exist
 	parser := volumemounts.NewParser(platform)
-	for _, cfg := range hostConfig.Mounts {
+	for _, c := range hostConfig.Mounts {
+		cfg := c
 		if err := parser.ValidateMountConfig(&cfg); err != nil {
 			return err
 		}

diff --git a/distribution/push_v2.go b/distribution/push_v2.go
@@ -326,7 +326,8 @@ func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.
 	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
 	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
 	isUnauthorizedError := false
-	for _, mountCandidate := range candidates {
+	for _, mc := range candidates {
+		mountCandidate := mc
 		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
 		createOpts := []distribution.BlobCreateOption{}
 

diff --git a/libcontainerd/remote/client.go b/libcontainerd/remote/client.go
@@ -568,6 +568,7 @@ func (c *client) CreateCheckpoint(ctx context.Context, containerID, checkpointDi
 
 	var cpDesc *v1.Descriptor
 	for _, m := range index.Manifests {
+		m := m
 		if m.MediaType == images.MediaTypeContainerd1Checkpoint {
 			cpDesc = &m // nolint:gosec
 			break

diff --git a/plugin/v2/plugin.go b/plugin/v2/plugin.go
@@ -126,7 +126,9 @@ func (p *Plugin) Set(args []string) error {
 	// TODO(vieux): lots of code duplication here, needs to be refactored.
 
 next:
-	for _, s := range sets {
+	for _, set := range sets {
+		s := set
+
 		// range over all the envs in the config
 		for _, env := range p.PluginObj.Config.Env {
 			// found the env in the config