Bump go2 (#137)

* Bump go to 1.18.3 * Bump go 1.18.3 Add gosec
IBM-Cloud · Jul 12, 2022 · 71f8a3f · 71f8a3f
1 parent 8e66890
commit 71f8a3f
Show file tree

Hide file tree

Showing 11 changed files with 27 additions and 22 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,13 +1,12 @@
 language: go
 go:
- - 1.17.9
+ - 1.18.3
 
 services:
  - docker
 
 script:
- - make test
- - make lint
+ - make lint test
 
 after_success:
  - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then goveralls -coverprofile=coverage.out -service=travis-ci -repotoken $COVERALLS_TOKEN; fi'
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 SHELL = /bin/bash
 
 export
-LINT_VERSION="1.45.2"
+LINT_VERSION="1.46.2"
 
 .PHONY: all
 all: deps lint test
@@ -23,6 +23,7 @@ lint-fix: deps
 .PHONY: lint
 lint: deps
  golangci-lint run
+ go install github.com/securego/gosec/v2/cmd/gosec@latest && gosec ./...
 
 .PHONY: test
 test: int-setup

diff --git a/concurrency/mutex.go b/concurrency/mutex.go
@@ -87,14 +87,14 @@ func (m *Mutex) Lock(ctx context.Context) error {
  _, werr := waitDeletes(ctx, client, m.pfx, m.myRev-1)
  // release lock key if wait failed
  if werr != nil {
- _ = m.Unlock(client.Ctx())
+ _ = m.Unlock(client.Ctx()) // #nosec G104 -- Try to release lock
  return werr
  }
 
  // make sure the session is not expired, and the owner key still exists.
  gresp, werr := client.Get(ctx, m.myKey)
  if werr != nil {
- _ = m.Unlock(client.Ctx())
+ _ = m.Unlock(client.Ctx()) // #nosec G104 -- Try to release lock
  return werr
  }
 

diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.17
 require (
  github.com/gorilla/mux v1.8.0
  github.com/prometheus/client_golang v1.11.1
- github.com/stretchr/testify v1.7.0
+ github.com/stretchr/testify v1.7.5
  go.etcd.io/etcd v0.0.0-20211004023027-19e2e70e4f50
  go.uber.org/zap v1.21.0
  golang.org/x/net v0.0.0-20220225172249-27dd8689420f
@@ -35,6 +35,6 @@ require (
  google.golang.org/grpc v1.26.0 // indirect
  google.golang.org/protobuf v1.26.0-rc.1 // indirect
  gopkg.in/yaml.v2 v2.4.0 // indirect
- gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+ gopkg.in/yaml.v3 v3.0.1 // indirect
  sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -163,11 +163,14 @@ github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q=
+github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966 h1:j6JEOq5QWFker+d7mFQYOhjTZonQ7YkLTHm56dbn+yM=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@@ -242,11 +245,9 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -302,8 +303,9 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

diff --git a/internal/jitter/duration.go b/internal/jitter/duration.go
@@ -37,8 +37,8 @@ func (g DurationGenerator) Generate() time.Duration {
  */
  var (
  dNano = float64(g.base.Nanoseconds())
- random = rand.Float64() /* in range [0, 1) */ // nolint:gosec // Generating random durations is not security-sensitive. A pseudo-random number generator is ok.
- randomPlusMinus = 2*random - 1 /* in range [-0.5, 0.5) */
+ random = rand.Float64() // #nosec G404 -- Generating random durations is not security-sensitive. A pseudo-random number generator is ok. in range [0, 1)
+ randomPlusMinus = 2*random - 1 // in range [-0.5, 0.5)
  resultNano = dNano + dNano*g.jitterPercent*randomPlusMinus
  )
  return time.Duration(resultNano) * time.Nanosecond

diff --git a/rules/callback_listener.go b/rules/callback_listener.go
@@ -63,7 +63,7 @@ type HTTPCallbackHandler struct {
 
 func (htcbh HTTPCallbackHandler) HandleRequest(w http.ResponseWriter, req *http.Request) {
  defer func() {
- _ = req.Body.Close()
+ _ = req.Body.Close() // #nosec G104 -- Try to close body
  }()
  decoder := json.NewDecoder(req.Body)
  var event callbackEvent

diff --git a/rules/key_processor.go b/rules/key_processor.go
@@ -163,7 +163,7 @@ func (bkp *baseKeyProcessor) processKey(key string, value *string, rapi readAPI,
  if timesEvaluated != nil {
  timesEvaluated(ruleID)
  }
- satisfied, _ := rule.satisfied(api)
+ satisfied, _ := rule.satisfied(api) // #nosec G104 -- Map lookup
  if logger.Core().Enabled(zap.DebugLevel) {
  logger.Debug("Rule evaluated", zap.Bool("satisfied", satisfied), zap.String("rule", rule.String()), zap.String("value", fmt.Sprintf("%.30s", valueString)), zap.String("key", key))
  }
@@ -181,7 +181,7 @@ func (bkp *baseKeyProcessor) processKey(key string, value *string, rapi readAPI,
 func (bkp *baseKeyProcessor) isWork(key string, value *string, api readAPI) bool {
  rules := bkp.rm.getStaticRules(key, value)
  for rule := range rules {
- satisfied, _ := rule.satisfied(api)
+ satisfied, _ := rule.satisfied(api) // #nosec G104 -- Map lookup
  if satisfied {
  return true
  }

diff --git a/rules/lock/nested_lock.go b/rules/lock/nested_lock.go
@@ -28,7 +28,7 @@ func (nl nestedLocker) Lock(key string, options ...Option) (RuleLock, error) {
  nested, err := nl.nested.Lock(key, options...)
  if err != nil {
  // First unlock own lock
- _ = lock.Unlock()
+ _ = lock.Unlock() // #nosec G104 -- Try to unlock
  return nil, err
  }
  return nestedLock{

diff --git a/rules/teststore/etcd.go b/rules/teststore/etcd.go
@@ -13,8 +13,11 @@ func InitV3Etcd(t *testing.T) (clientv3.Config, *clientv3.Client) {
  cfg := clientv3.Config{
  Endpoints: []string{"http://127.0.0.1:2379"},
  }
- c, _ := clientv3.New(cfg)
- _, err := c.Delete(context.Background(), "/", clientv3.WithPrefix())
+ c, err := clientv3.New(cfg)
  require.NoError(t, err)
+ var r *clientv3.DeleteResponse
+ r, err = c.Delete(context.Background(), "/", clientv3.WithPrefix())
+ require.NoError(t, err)
+ require.NotNil(t, r)
  return cfg, c
 }
diff --git a/v3enginetest/main.go b/v3enginetest/main.go
@@ -86,7 +86,7 @@ func main() {
  }()
 
  // Set environment variable so the rules engine will use it
- os.Setenv(rules.WebhookURLEnv, "http://localhost:6969/callback")
+ os.Setenv(rules.WebhookURLEnv, "http://localhost:6969/callback") // #nosec G104 - For testing
 
  engine := rules.NewV3Engine(cfg, logger, rules.EngineContextProvider(cpFunc), rules.EngineMetricsCollector(mFunc), rules.EngineSyncInterval(300))
  mw := &rules.MockWatcherWrapper{
@@ -193,5 +193,5 @@ func main() {
  defer cancel()
  err = cbHandler.WaitForCallback(tenSecCtx, doneRuleID, map[string]string{"id": doneID})
  check(err)
- _ = engine.Shutdown(ctx)
+ _ = engine.Shutdown(ctx) // #nosec G104 -- For testing only
 }