diff --git a/.travis.yml b/.travis.yml index a4f4d01..b0f0e33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,13 +1,12 @@ language: go go: - - 1.17.9 + - 1.18.3 services: - docker script: - - make test - - make lint + - make lint test after_success: - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then goveralls -coverprofile=coverage.out -service=travis-ci -repotoken $COVERALLS_TOKEN; fi' diff --git a/Makefile b/Makefile index bb78528..f76f117 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ SHELL = /bin/bash export -LINT_VERSION="1.45.2" +LINT_VERSION="1.46.2" .PHONY: all all: deps lint test @@ -23,6 +23,7 @@ lint-fix: deps .PHONY: lint lint: deps golangci-lint run + go install github.com/securego/gosec/v2/cmd/gosec@latest && gosec ./... .PHONY: test test: int-setup diff --git a/concurrency/mutex.go b/concurrency/mutex.go index 780f690..5fb4c8b 100644 --- a/concurrency/mutex.go +++ b/concurrency/mutex.go @@ -87,14 +87,14 @@ func (m *Mutex) Lock(ctx context.Context) error { _, werr := waitDeletes(ctx, client, m.pfx, m.myRev-1) // release lock key if wait failed if werr != nil { - _ = m.Unlock(client.Ctx()) + _ = m.Unlock(client.Ctx()) // #nosec G104 -- Try to release lock return werr } // make sure the session is not expired, and the owner key still exists. gresp, werr := client.Get(ctx, m.myKey) if werr != nil { - _ = m.Unlock(client.Ctx()) + _ = m.Unlock(client.Ctx()) // #nosec G104 -- Try to release lock return werr } diff --git a/go.mod b/go.mod index f0260c0..e1cca44 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( github.com/gorilla/mux v1.8.0 github.com/prometheus/client_golang v1.11.1 - github.com/stretchr/testify v1.7.0 + github.com/stretchr/testify v1.7.5 go.etcd.io/etcd v0.0.0-20211004023027-19e2e70e4f50 go.uber.org/zap v1.21.0 golang.org/x/net v0.0.0-20220225172249-27dd8689420f @@ -35,6 +35,6 @@ require ( google.golang.org/grpc v1.26.0 // indirect google.golang.org/protobuf v1.26.0-rc.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 6b314a4..0be83f5 100644 --- a/go.sum +++ b/go.sum @@ -163,11 +163,14 @@ github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q= +github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966 h1:j6JEOq5QWFker+d7mFQYOhjTZonQ7YkLTHm56dbn+yM= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -242,11 +245,9 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -302,8 +303,9 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/internal/jitter/duration.go b/internal/jitter/duration.go index dc5702c..4fd8fdc 100644 --- a/internal/jitter/duration.go +++ b/internal/jitter/duration.go @@ -37,8 +37,8 @@ func (g DurationGenerator) Generate() time.Duration { */ var ( dNano = float64(g.base.Nanoseconds()) - random = rand.Float64() /* in range [0, 1) */ // nolint:gosec // Generating random durations is not security-sensitive. A pseudo-random number generator is ok. - randomPlusMinus = 2*random - 1 /* in range [-0.5, 0.5) */ + random = rand.Float64() // #nosec G404 -- Generating random durations is not security-sensitive. A pseudo-random number generator is ok. in range [0, 1) + randomPlusMinus = 2*random - 1 // in range [-0.5, 0.5) resultNano = dNano + dNano*g.jitterPercent*randomPlusMinus ) return time.Duration(resultNano) * time.Nanosecond diff --git a/rules/callback_listener.go b/rules/callback_listener.go index 3de8730..e2d7cbb 100644 --- a/rules/callback_listener.go +++ b/rules/callback_listener.go @@ -63,7 +63,7 @@ type HTTPCallbackHandler struct { func (htcbh HTTPCallbackHandler) HandleRequest(w http.ResponseWriter, req *http.Request) { defer func() { - _ = req.Body.Close() + _ = req.Body.Close() // #nosec G104 -- Try to close body }() decoder := json.NewDecoder(req.Body) var event callbackEvent diff --git a/rules/key_processor.go b/rules/key_processor.go index 3600fb0..74fd963 100644 --- a/rules/key_processor.go +++ b/rules/key_processor.go @@ -163,7 +163,7 @@ func (bkp *baseKeyProcessor) processKey(key string, value *string, rapi readAPI, if timesEvaluated != nil { timesEvaluated(ruleID) } - satisfied, _ := rule.satisfied(api) + satisfied, _ := rule.satisfied(api) // #nosec G104 -- Map lookup if logger.Core().Enabled(zap.DebugLevel) { logger.Debug("Rule evaluated", zap.Bool("satisfied", satisfied), zap.String("rule", rule.String()), zap.String("value", fmt.Sprintf("%.30s", valueString)), zap.String("key", key)) } @@ -181,7 +181,7 @@ func (bkp *baseKeyProcessor) processKey(key string, value *string, rapi readAPI, func (bkp *baseKeyProcessor) isWork(key string, value *string, api readAPI) bool { rules := bkp.rm.getStaticRules(key, value) for rule := range rules { - satisfied, _ := rule.satisfied(api) + satisfied, _ := rule.satisfied(api) // #nosec G104 -- Map lookup if satisfied { return true } diff --git a/rules/lock/nested_lock.go b/rules/lock/nested_lock.go index 430f70a..62ffae7 100644 --- a/rules/lock/nested_lock.go +++ b/rules/lock/nested_lock.go @@ -28,7 +28,7 @@ func (nl nestedLocker) Lock(key string, options ...Option) (RuleLock, error) { nested, err := nl.nested.Lock(key, options...) if err != nil { // First unlock own lock - _ = lock.Unlock() + _ = lock.Unlock() // #nosec G104 -- Try to unlock return nil, err } return nestedLock{ diff --git a/rules/teststore/etcd.go b/rules/teststore/etcd.go index d3a0652..0933d77 100644 --- a/rules/teststore/etcd.go +++ b/rules/teststore/etcd.go @@ -13,8 +13,11 @@ func InitV3Etcd(t *testing.T) (clientv3.Config, *clientv3.Client) { cfg := clientv3.Config{ Endpoints: []string{"http://127.0.0.1:2379"}, } - c, _ := clientv3.New(cfg) - _, err := c.Delete(context.Background(), "/", clientv3.WithPrefix()) + c, err := clientv3.New(cfg) require.NoError(t, err) + var r *clientv3.DeleteResponse + r, err = c.Delete(context.Background(), "/", clientv3.WithPrefix()) + require.NoError(t, err) + require.NotNil(t, r) return cfg, c } diff --git a/v3enginetest/main.go b/v3enginetest/main.go index 737c117..23a3db8 100644 --- a/v3enginetest/main.go +++ b/v3enginetest/main.go @@ -86,7 +86,7 @@ func main() { }() // Set environment variable so the rules engine will use it - os.Setenv(rules.WebhookURLEnv, "http://localhost:6969/callback") + os.Setenv(rules.WebhookURLEnv, "http://localhost:6969/callback") // #nosec G104 - For testing engine := rules.NewV3Engine(cfg, logger, rules.EngineContextProvider(cpFunc), rules.EngineMetricsCollector(mFunc), rules.EngineSyncInterval(300)) mw := &rules.MockWatcherWrapper{ @@ -193,5 +193,5 @@ func main() { defer cancel() err = cbHandler.WaitForCallback(tenSecCtx, doneRuleID, map[string]string{"id": doneID}) check(err) - _ = engine.Shutdown(ctx) + _ = engine.Shutdown(ctx) // #nosec G104 -- For testing only }