chore: Enable G404 rule for gosec (#13095)
This commit is contained in:
Paweł Żak
GitHub
parent
1f57283a57
commit
30b603626c
|
|
@ -109,6 +109,7 @@ linters-settings:
|
||||||
- G306
|
- G306
|
||||||
- G401
|
- G401
|
||||||
- G403
|
- G403
|
||||||
|
- G404
|
||||||
- G501
|
- G501
|
||||||
- G502
|
- G502
|
||||||
- G503
|
- G503
|
||||||
|
|
@ -257,13 +258,13 @@ issues:
|
||||||
- govet
|
- govet
|
||||||
|
|
||||||
- path: cmd/telegraf/(main|printer).go
|
- path: cmd/telegraf/(main|printer).go
|
||||||
text: "Error return value of `outputBuffer.Write` is not checked"
|
text: "Error return value of `outputBuffer.Write` is not checked" #errcheck
|
||||||
|
|
||||||
- path: cmd/telegraf/(main|printer).go
|
|
||||||
text: "unhandled-error: Unhandled error in call to function outputBuffer.Write"
|
|
||||||
|
|
||||||
- path: _test\.go
|
- path: _test\.go
|
||||||
text: "Potential hardcoded credentials"
|
text: "Potential hardcoded credentials" #gosec:G101
|
||||||
|
|
||||||
|
- path: _test\.go
|
||||||
|
text: "Use of weak random number generator" #gosec:G404
|
||||||
|
|
||||||
# Independently of option `exclude` we use default exclude patterns,
|
# Independently of option `exclude` we use default exclude patterns,
|
||||||
# it can be disabled by this option.
|
# it can be disabled by this option.
|
||||||
|
|
|
||||||
|
|
@ -118,16 +118,14 @@ func SnakeCase(in string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// RandomSleep will sleep for a random amount of time up to max.
|
// RandomSleep will sleep for a random amount of time up to max.
|
||||||
// If the shutdown channel is closed, it will return before it has finished
|
// If the shutdown channel is closed, it will return before it has finished sleeping.
|
||||||
// sleeping.
|
|
||||||
func RandomSleep(max time.Duration, shutdown chan struct{}) {
|
func RandomSleep(max time.Duration, shutdown chan struct{}) {
|
||||||
if max == 0 {
|
sleepDuration := RandomDuration(max)
|
||||||
|
if sleepDuration == 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
sleepns := rand.Int63n(max.Nanoseconds())
|
t := time.NewTimer(time.Nanosecond * sleepDuration)
|
||||||
|
|
||||||
t := time.NewTimer(time.Nanosecond * time.Duration(sleepns))
|
|
||||||
select {
|
select {
|
||||||
case <-t.C:
|
case <-t.C:
|
||||||
return
|
return
|
||||||
|
|
@ -143,9 +141,7 @@ func RandomDuration(max time.Duration) time.Duration {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
sleepns := rand.Int63n(max.Nanoseconds())
|
return time.Duration(rand.Int63n(max.Nanoseconds())) //nolint:gosec // G404: not security critical
|
||||||
|
|
||||||
return time.Duration(sleepns)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SleepContext sleeps until the context is closed or the duration is reached.
|
// SleepContext sleeps until the context is closed or the duration is reached.
|
||||||
|
|
|
||||||
|
|
@ -2,9 +2,11 @@
|
||||||
package example
|
package example
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/rand"
|
||||||
_ "embed"
|
_ "embed"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
"math"
|
||||||
|
"math/big"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
|
|
@ -81,14 +83,14 @@ func (m *Example) Init() error {
|
||||||
|
|
||||||
// Gather defines what data the plugin will gather.
|
// Gather defines what data the plugin will gather.
|
||||||
func (m *Example) Gather(acc telegraf.Accumulator) error {
|
func (m *Example) Gather(acc telegraf.Accumulator) error {
|
||||||
// Imagine some completely arbitrary error occuring here
|
// Imagine some completely arbitrary error occurring here
|
||||||
if m.NumberFields > 10 {
|
if m.NumberFields > 10 {
|
||||||
return fmt.Errorf("too many fields")
|
return fmt.Errorf("too many fields")
|
||||||
}
|
}
|
||||||
|
|
||||||
// For illustration we gather three metrics in one go
|
// For illustration, we gather three metrics in one go
|
||||||
for run := 0; run < 3; run++ {
|
for run := 0; run < 3; run++ {
|
||||||
// Imagine an error occurs here but you want to keep the other
|
// Imagine an error occurs here, but you want to keep the other
|
||||||
// metrics, then you cannot simply return, as this would drop
|
// metrics, then you cannot simply return, as this would drop
|
||||||
// all later metrics. Simply accumulate errors in this case
|
// all later metrics. Simply accumulate errors in this case
|
||||||
// and ignore the metric.
|
// and ignore the metric.
|
||||||
|
|
@ -101,11 +103,16 @@ func (m *Example) Gather(acc telegraf.Accumulator) error {
|
||||||
fields := map[string]interface{}{"count": m.count}
|
fields := map[string]interface{}{"count": m.count}
|
||||||
for i := int64(1); i < m.NumberFields; i++ {
|
for i := int64(1); i < m.NumberFields; i++ {
|
||||||
name := fmt.Sprintf("field%d", i)
|
name := fmt.Sprintf("field%d", i)
|
||||||
value := 0.0
|
var err error
|
||||||
|
value := big.NewInt(0)
|
||||||
if m.EnableRandomVariable {
|
if m.EnableRandomVariable {
|
||||||
value = rand.Float64()
|
value, err = rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
|
||||||
|
if err != nil {
|
||||||
|
acc.AddError(err)
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
fields[name] = value
|
}
|
||||||
|
fields[name] = float64(value.Int64())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Construct the tags
|
// Construct the tags
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ func (*Mock) SampleConfig() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Mock) Init() error {
|
func (m *Mock) Init() error {
|
||||||
m.rand = rand.New(rand.NewSource(time.Now().UnixNano()))
|
m.rand = rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec // G404: not security critical
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,13 @@ package powerdns_recursor
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -19,8 +20,7 @@ import (
|
||||||
// The `data` field contains a list of commands to execute with
|
// The `data` field contains a list of commands to execute with
|
||||||
// the \n character after every command.
|
// the \n character after every command.
|
||||||
func (p *PowerdnsRecursor) gatherFromV1Server(address string, acc telegraf.Accumulator) error {
|
func (p *PowerdnsRecursor) gatherFromV1Server(address string, acc telegraf.Accumulator) error {
|
||||||
randomNumber := rand.Int63()
|
recvSocket := filepath.Join(p.SocketDir, fmt.Sprintf("pdns_recursor_telegraf%s", uuid.New().String()))
|
||||||
recvSocket := filepath.Join(p.SocketDir, fmt.Sprintf("pdns_recursor_telegraf%d", randomNumber))
|
|
||||||
|
|
||||||
laddr, err := net.ResolveUnixAddr("unixgram", recvSocket)
|
laddr, err := net.ResolveUnixAddr("unixgram", recvSocket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,13 @@ package powerdns_recursor
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -17,8 +18,7 @@ import (
|
||||||
// Datagram 1 => status: uint32
|
// Datagram 1 => status: uint32
|
||||||
// Datagram 2 => data: byte[] (max 16_384 bytes)
|
// Datagram 2 => data: byte[] (max 16_384 bytes)
|
||||||
func (p *PowerdnsRecursor) gatherFromV2Server(address string, acc telegraf.Accumulator) error {
|
func (p *PowerdnsRecursor) gatherFromV2Server(address string, acc telegraf.Accumulator) error {
|
||||||
randomNumber := rand.Int63()
|
recvSocket := filepath.Join(p.SocketDir, fmt.Sprintf("pdns_recursor_telegraf%s", uuid.New().String()))
|
||||||
recvSocket := filepath.Join(p.SocketDir, fmt.Sprintf("pdns_recursor_telegraf%d", randomNumber))
|
|
||||||
|
|
||||||
laddr, err := net.ResolveUnixAddr("unixgram", recvSocket)
|
laddr, err := net.ResolveUnixAddr("unixgram", recvSocket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,7 @@ func (rs *RunningStats) AddValue(v float64) {
|
||||||
rs.perc = append(rs.perc, v)
|
rs.perc = append(rs.perc, v)
|
||||||
} else {
|
} else {
|
||||||
// Reached limit, choose random index to overwrite in the percentile array
|
// Reached limit, choose random index to overwrite in the percentile array
|
||||||
rs.perc[rand.Intn(len(rs.perc))] = v
|
rs.perc[rand.Intn(len(rs.perc))] = v //nolint:gosec // G404: not security critical
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(rs.med) < rs.MedLimit {
|
if len(rs.med) < rs.MedLimit {
|
||||||
|
|
|
||||||
|
|
@ -591,7 +591,7 @@ func (e *Endpoint) complexMetadataSelect(ctx context.Context, res *resourceKind,
|
||||||
if n > maxMetadataSamples {
|
if n > maxMetadataSamples {
|
||||||
// Shuffle samples into the maxMetadataSamples positions
|
// Shuffle samples into the maxMetadataSamples positions
|
||||||
for i := 0; i < maxMetadataSamples; i++ {
|
for i := 0; i < maxMetadataSamples; i++ {
|
||||||
j := int(rand.Int31n(int32(i + 1)))
|
j := int(rand.Int31n(int32(i + 1))) //nolint:gosec // G404: not security critical
|
||||||
t := sampledObjects[i]
|
t := sampledObjects[i]
|
||||||
sampledObjects[i] = sampledObjects[j]
|
sampledObjects[i] = sampledObjects[j]
|
||||||
sampledObjects[j] = t
|
sampledObjects[j] = t
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue