Merging to release-1.3: TT-8480 Fix uuid CVE (#110)

TT-8480 Fix uuid CVE (#110)

clients/dashboard/apis.go

@@ -7,9 +7,9 @@ import (
 
 	"github.com/TykTechnologies/tyk-sync/clients/objects"
 	"github.com/TykTechnologies/tyk/apidef"
+	"github.com/gofrs/uuid"
 	"github.com/levigross/grequests"
 	"github.com/ongoingio/urljoin"
-	uuid "github.com/satori/go.uuid"
 )
 
 type APIResponse struct {
@@ -336,7 +336,12 @@ func (c *Client) SyncAPIs(apiDefs []objects.DBApiDefinition) error {
 			GitIDMap[def.Id.Hex()] = i
 			continue
 		} else {
-			created := fmt.Sprintf("temp-%v", uuid.NewV4().String())
+			uid, err := uuid.NewV4()
+			if err != nil {
+				fmt.Println("error generating UUID", err)
+				return err
+			}
+			created := fmt.Sprintf("temp-%v", uid.String())
 			GitIDMap[created] = i
 		}
 	}

clients/dashboard/policies.go

@@ -4,9 +4,9 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/gofrs/uuid"
 	"github.com/levigross/grequests"
 	"github.com/ongoingio/urljoin"
-	uuid "github.com/satori/go.uuid"
 	"gopkg.in/mgo.v2/bson"
 
 	"github.com/TykTechnologies/tyk-sync/clients/objects"
@@ -260,7 +260,12 @@ func (c *Client) SyncPolicies(pols []objects.Policy) error {
 		} else if pol.MID.Hex() != "" {
 			GitIDMap[pol.MID.Hex()] = i
 		} else {
-			created := fmt.Sprintf("temp-pol-%v", uuid.NewV4().String())
+			uid, err := uuid.NewV4()
+			if err != nil {
+				fmt.Println("error generating UUID", err)
+				return err
+			}
+			created := fmt.Sprintf("temp-pol-%v", uid.String())
 			GitIDMap[created] = i
 		}
 	}

clients/gateway/client.go

@@ -7,9 +7,9 @@ import (
 	"encoding/json"
 
 	"github.com/TykTechnologies/tyk-sync/clients/objects"
+	"github.com/gofrs/uuid"
 	"github.com/levigross/grequests"
 	"github.com/ongoingio/urljoin"
-	uuid "github.com/satori/go.uuid"
 )
 
 type Client struct {
@@ -284,7 +284,12 @@ func (c *Client) SyncAPIs(apiDefs []objects.DBApiDefinition) error {
 		if def.APIID != "" {
 			GitIDMap[def.APIID] = i
 		} else {
-			created := fmt.Sprintf("temp-%v", uuid.NewV4().String())
+			uid, err := uuid.NewV4()
+			if err != nil {
+				fmt.Println("error generating UUID", err)
+				return err
+			}
+			created := fmt.Sprintf("temp-%v", uid.String())
 			GitIDMap[created] = i
 		}
 	}

go.mod

@@ -3,14 +3,28 @@ module github.com/TykTechnologies/tyk-sync
 go 1.16
 
 require (
-	github.com/TykTechnologies/graphql-go-tools v1.6.2-0.20230214130715-aa076c16772f
-	github.com/TykTechnologies/tyk v1.9.2-0.20230228090416-dfc3f76938c8
+	github.com/TykTechnologies/graphql-go-tools v1.6.2-0.20230320143102-7a16078ce517
+	github.com/TykTechnologies/tyk v1.9.2-0.20230324144826-c9898fdef7f4
+	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
+	github.com/emanoelxavier/openid2go v0.0.0-20190718021401-6345b638bfc9 // indirect
+	github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 // indirect
+	github.com/facebookgo/pidfile v0.0.0-20150612191647-f242e2999868 // indirect
+	github.com/franela/goblin v0.0.0-20181003173013-ead4ad1d2727 // indirect
+	github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8 // indirect
+	github.com/go-redis/redis v6.15.6+incompatible // indirect
+	github.com/gofrs/uuid v3.3.0+incompatible
 	github.com/levigross/grequests v0.0.0-20190908174114-253788527a1a
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
 	github.com/ongoingio/urljoin v0.0.0-20140909071054-8d88f7c81c3c
-	github.com/satori/go.uuid v1.2.0
 	github.com/spf13/cobra v1.0.0
 	github.com/stretchr/testify v1.8.1
+	github.com/uber-go/atomic v1.4.0 // indirect
+	github.com/x-cray/logrus-prefixed-formatter v0.5.2 // indirect
+	github.com/xenolf/lego v0.3.2-0.20170618175828-28ead50ff1ca // indirect
+	gopkg.in/Masterminds/sprig.v2 v2.21.0 // indirect
 	gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22
+	gopkg.in/square/go-jose.v1 v1.1.2 // indirect
 	gopkg.in/src-d/go-billy.v4 v4.3.2
 	gopkg.in/src-d/go-git.v4 v4.13.1
+	rsc.io/letsencrypt v0.0.2 // indirect
 )