From a635b023f6437b518cbdb3d4280e2c1845854f74 Mon Sep 17 00:00:00 2001
From: Romain LE JEUNE <romain.le.jeune@proton.ch>
Date: Thu, 22 Sep 2022 17:08:07 +0200
Subject: [PATCH] GODT-1853: ignore for CVE-2021-33194 false positive + add
 several try to gobinsec

---
 .gitlab-ci.yml          | 2 +-
 utils/gobinsec_conf.yml | 4 ++++
 utils/run_gobinsec.sh   | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100755 utils/run_gobinsec.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 95e90a4e..9c6fec02 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -270,7 +270,7 @@ check-gobinsec:
     - cp ./gobinsec-cache-valid.yml ./gobinsec-cache.yml
   script:
     - cat ./gobinsec-cache.yml
-    - gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
+    - ./utils/run_gobinsec.sh
     - cp ./gobinsec-cache.yml ./gobinsec-cache-valid.yml   # Only update cache file if gobinsec succeeds
 
 
diff --git a/utils/gobinsec_conf.yml b/utils/gobinsec_conf.yml
index d5f2b712..1fbb913a 100644
--- a/utils/gobinsec_conf.yml
+++ b/utils/gobinsec_conf.yml
@@ -5,3 +5,7 @@ wait: true
 file:
   name: "./gobinsec-cache.yml"
   expiration: 24h
+
+ignore:
+  # golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af
+  - "CVE-2021-33194"
\ No newline at end of file
diff --git a/utils/run_gobinsec.sh b/utils/run_gobinsec.sh
new file mode 100755
index 00000000..f042b684
--- /dev/null
+++ b/utils/run_gobinsec.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge || FAILED=true
+if [ $FAILED ]; then
+  gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
+fi
\ No newline at end of file