Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: start addressing gosec warnings #1602

Merged
merged 9 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/ooniprobe/internal/nettests/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func RunGroup(config RunGroupConfig) error {
defer dir.Close()
_, err = dir.Readdirnames(1)
if err != nil {
os.Remove(result.MeasurementDir)
_ = os.Remove(result.MeasurementDir)
}
if err = db.Finished(result); err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/gardener/internal/dnsfix/dnsfix.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func (s *Subcommand) Main() {

// walk through each entry
for _, entry := range entries {
bar.Add(1)
_ = bar.Add(1)
s.processEntry(entry)
}
}
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/gardener/internal/dnsreport/dnsreport.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ func (s *Subcommand) measureEntries(ctx context.Context, db *sql.DB, entries []*

// walk through each entry until we're interrupted by the context
for idx := 0; idx < len(entries) && ctx.Err() == nil; idx++ {
bar.Add(1)
_ = bar.Add(1)
s.measureSingleEntry(db, entries[idx])
}
}
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/gardener/internal/testlists/testlists.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ func emit(filepath string, all []*Entry, och chan<- *Entry) {
progressbar.OptionSetWriter(os.Stdout),
)
for _, entry := range all {
bar.Add(1)
_ = bar.Add(1)
och <- entry
}
}
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/ghgen/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func generateWorkflowFile(name string, jobs []Job) {
mustFprintf(fp, "\n")
mustFprintf(fp, "jobs:\n")
for _, job := range jobs {
job.Action(fp, &job)
job.Action(fp, &job) // #nosec G601 -- job.Action is synchronous and does not retain job
}
mustFprintf(fp, "# End of autogenerated file\n")
}
2 changes: 1 addition & 1 deletion internal/cmd/miniooni/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,7 @@ func mainSingleIteration(logger model.Logger, experimentName string, currentOpti

sess := newSessionOrPanic(ctx, currentOptions, miniooniDir, logger)
defer func() {
sess.Close()
_ = sess.Close()
log.Infof("whole session: recv %s, sent %s",
humanize.SI(sess.KibiBytesReceived()*1024, "byte"),
humanize.SI(sess.KibiBytesSent()*1024, "byte"),
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/oohelperd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func shutdown(srv *http.Server, wg *sync.WaitGroup) {
defer wg.Done()
ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
defer cancel()
srv.Shutdown(ctx)
_ = srv.Shutdown(ctx)
}

func main() {
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/ooporthelper/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func init() {

func shutdown(ctx context.Context, l net.Listener) {
<-ctx.Done()
l.Close()
_ = l.Close()
}

// TODO(DecFox): Add the ability of an echo service to generate some traffic
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/tinyjafar/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func mainWithArgs(writer io.Writer, sigChan <-chan os.Signal, args ...string) {
fset := flag.NewFlagSet("tinyjafar", flag.ExitOnError)
cfg.initFlags(fset)

fset.Parse(args)
runtimex.Try0(fset.Parse(args))

cs := newCmdSet()
cs.handleDropIP(cfg)
Expand Down
2 changes: 1 addition & 1 deletion internal/engine/session.go
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,7 @@ func (s *Session) Close() error {
// doClose implements Close. This function is called just once.
func (s *Session) doClose() {
// make sure we close open connections and persist stats to the key-value store
s.network.Close()
_ = s.network.Close()

s.resolver.CloseIdleConnections()
if s.tunnel != nil {
Expand Down
2 changes: 1 addition & 1 deletion internal/enginelocate/iplookup.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ type ipLookupClient struct {
}

func makeSlice() []method {
r := rand.New(rand.NewSource(time.Now().UnixNano()))
r := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
ret := make([]method, len(methods))
perm := r.Perm(len(methods))
for idx, randIdx := range perm {
Expand Down
2 changes: 1 addition & 1 deletion internal/enginelocate/stun.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func stunIPLookup(ctx context.Context, config stunConfig) (string, error) {
}
clnt, err := newClient(conn)
if err != nil {
conn.Close()
_ = conn.Close()
return model.DefaultProbeIP, err
}
defer clnt.Close()
Expand Down
2 changes: 1 addition & 1 deletion internal/enginenetx/bridgespolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func bridgesTacticsForDomain(domain, port string) <-chan *httpsDialerTactic {

func bridgesDomainsInRandomOrder() (out []string) {
out = bridgesDomains()
r := rand.New(rand.NewSource(time.Now().UnixNano()))
r := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
r.Shuffle(len(out), func(i, j int) {
out[i], out[j] = out[j], out[i]
})
Expand Down
6 changes: 3 additions & 3 deletions internal/enginenetx/httpsdialer.go
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ func httpsDialerReduceResult(connv []model.TLSConn, errorv []error) (model.TLSCo
switch {
case len(connv) >= 1:
for _, c := range connv[1:] {
c.Close()
_ = c.Close()
}
return connv[0], nil

Expand Down Expand Up @@ -400,7 +400,7 @@ func (hd *httpsDialer) dialTLS(
// handle handshake error
if err != nil {
hd.stats.OnTLSHandshakeError(ctx, tactic, err)
tcpConn.Close()
_ = tcpConn.Close()
return nil, err
}

Expand All @@ -412,7 +412,7 @@ func (hd *httpsDialer) dialTLS(
// handle verification error
if err != nil {
hd.stats.OnTLSVerifyError(tactic, err)
tlsConn.Close()
_ = tlsConn.Close()
return nil, err
}

Expand Down
2 changes: 1 addition & 1 deletion internal/engineresolver/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ func (r *Resolver) lookupHost(ctx context.Context, ri *resolverinfo, hostname st
//
// The return value is only meaningful for testing.
func (r *Resolver) maybeConfusion(state []*resolverinfo, seed int64) int {
rng := rand.New(rand.NewSource(seed))
rng := rand.New(rand.NewSource(seed)) // #nosec G404 -- not really important
const confusion = 0.3
if rng.Float64() >= confusion {
return -1
Expand Down
2 changes: 1 addition & 1 deletion internal/engineresolver/resolvermaker.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ var allbyurl = resolverMakeInitialState()
// see https://github.com/ooni/probe/issues/2544.
func resolverMakeInitialState() map[string]*resolvermaker {
output := make(map[string]*resolvermaker)
rng := rand.New(rand.NewSource(time.Now().UnixNano()))
rng := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
for _, e := range allmakers {
output[e.url] = e
if e.url != systemResolverURL {
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/echcheck/handshake.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ var certpool = netxlite.NewMozillaCertPool()

// genTLSConfig generates tls.Config from a given SNI
func genTLSConfig(sni string) *tls.Config {
return &tls.Config{
return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
RootCAs: certpool,
ServerName: sni,
NextProtos: []string{"h2", "http/1.1"},
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/fbmessenger/fbmessenger.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ func (m Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error {
for _, service := range Services {
inputs = append(inputs, urlgetter.MultiInput{Target: service})
}
rnd := rand.New(rand.NewSource(time.Now().UnixNano()))
rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
rnd.Shuffle(len(inputs), func(i, j int) {
inputs[i], inputs[j] = inputs[j], inputs[i]
})
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/portfiltering/tcpconnect.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,6 @@ func (m *Measurer) tcpConnect(ctx context.Context, index int64,
dialer := trace.NewDialerWithoutResolver(logger)
conn, err := dialer.DialContext(ctx, "tcp", address)
ol.Stop(err)
measurexlite.MaybeClose(conn)
_ = measurexlite.MaybeClose(conn)
return trace.FirstTCPConnectOrNil()
}
2 changes: 1 addition & 1 deletion internal/experiment/quicping/quicping.go
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ func (m *Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error {

// set context and read timeouts
deadline := time.Duration(rep*2) * time.Second
pconn.SetDeadline(time.Now().Add(deadline))
_ = pconn.SetDeadline(time.Now().Add(deadline))
ctx, cancel := context.WithTimeout(ctx, deadline)
defer cancel()

Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/simplequicping/simplequicping.go
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ func (m *Measurer) quicHandshake(ctx context.Context, index int64,
// See https://github.com/ooni/probe/issues/2413 to understand
// why we're using nil to force netxlite to use the cached
// default Mozilla cert pool.
tlsConfig := &tls.Config{
tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
NextProtos: alpn,
RootCAs: nil,
ServerName: sni,
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/sniblocking/sniblocking.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ func (m *Measurer) measureone(
thaddr string,
) Subresult {
// slightly delay the measurement
gen := rand.New(rand.NewSource(time.Now().UnixNano()))
gen := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
sleeptime := time.Duration(gen.Intn(250)) * time.Millisecond
select {
case <-time.After(sleeptime):
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/tcpping/tcpping.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ func (m *Measurer) tcpConnect(ctx context.Context, index int64,
ol := logx.NewOperationLogger(logger, "TCPPing #%d %s", index, address)
conn, err := dialer.DialContext(ctx, "tcp", address)
ol.Stop(err)
measurexlite.MaybeClose(conn)
_ = measurexlite.MaybeClose(conn)
sp := &SinglePing{
TCPConnect: trace.FirstTCPConnectOrNil(), // record the first connect from the buffer
}
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/tlsmiddlebox/connect.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ func (m *Measurer) TCPConnect(ctx context.Context, index int64, zeroTime time.Ti
ol := logx.NewOperationLogger(logger, "TCPConnect #%d %s", index, address)
conn, err := dialer.DialContext(ctx, "tcp", address)
ol.Stop(err)
measurexlite.MaybeClose(conn)
_ = measurexlite.MaybeClose(conn)
tcpEvents := trace.TCPConnects()
tk.addTCPConnect(tcpEvents)
return err
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/tlsmiddlebox/tracing.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ func genTLSConfig(sni string) *tls.Config {
// See https://github.com/ooni/probe/issues/2413 to understand
// why we're using nil to force netxlite to use the cached
// default Mozilla cert pool.
return &tls.Config{
return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
RootCAs: nil,
ServerName: sni,
NextProtos: []string{"h2", "http/1.1"},
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/tlsping/tlsping.go
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ func (m *Measurer) tlsConnectAndHandshake(ctx context.Context, index int64,
// See https://github.com/ooni/probe/issues/2413 to understand
// why we're using nil to force netxlite to use the cached
// default Mozilla cert pool.
config := &tls.Config{
config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
NextProtos: alpn,
RootCAs: nil,
ServerName: sni,
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/tlstool/internal/splitter.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ func Splitter3264rand(input []byte) (output [][]byte) {
output = append(output, input)
return
}
rnd := rand.New(rand.NewSource(time.Now().UnixNano()))
rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
offset := rnd.Intn(32) + 32
output = append(output, input[:offset])
output = append(output, input[offset:])
Expand Down
4 changes: 2 additions & 2 deletions internal/experiment/tlstool/tlstool.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,13 +136,13 @@ func (m Measurer) run(ctx context.Context, config runConfig) error {
if err != nil {
return err
}
conn.Close()
_ = conn.Close()
return nil
}

func (m Measurer) tlsConfig() *tls.Config {
if m.config.SNI != "" {
return &tls.Config{ServerName: m.config.SNI}
return &tls.Config{ServerName: m.config.SNI} // #nosec G402 - we need to use a large TLS versions range for measuring
}
return nil
}
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/urlgetter/configurer.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func (c Configurer) NewConfiguration() (Configuration, error) {
configuration.DNSClient = dnsclient
configuration.HTTPConfig.BaseResolver = dnsclient
// configure TLS
configuration.HTTPConfig.TLSConfig = &tls.Config{
configuration.HTTPConfig.TLSConfig = &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
NextProtos: []string{"h2", "http/1.1"},
}
if c.Config.TLSServerName != "" {
Expand Down
4 changes: 2 additions & 2 deletions internal/experiment/urlgetter/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func (r Runner) tlsHandshake(ctx context.Context, address string) error {
tlsDialer := netx.NewTLSDialer(r.HTTPConfig)
conn, err := tlsDialer.DialTLSContext(ctx, "tcp", address)
if conn != nil {
conn.Close()
_ = conn.Close()
}
return err
}
Expand All @@ -122,7 +122,7 @@ func (r Runner) tcpConnect(ctx context.Context, address string) error {
dialer := netx.NewDialer(r.HTTPConfig)
conn, err := dialer.DialContext(ctx, "tcp", address)
if conn != nil {
conn.Close()
_ = conn.Close()
}
return err
}
4 changes: 2 additions & 2 deletions internal/experiment/webconnectivitylte/cleartextflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func (t *CleartextFlow) Start(ctx context.Context) {
index := t.IDGenerator.NewIDForEndpointCleartext()
go func() {
defer t.WaitGroup.Done() // synchronize with the parent
t.Run(ctx, index)
_ = t.Run(ctx, index)
}()
}

Expand All @@ -114,7 +114,7 @@ func (t *CleartextFlow) Run(parentCtx context.Context, index int64) error {
sampler := throttling.NewSampler(trace)
defer func() {
t.TestKeys.AppendNetworkEvents(sampler.ExtractSamples()...)
sampler.Close()
_ = sampler.Close()
}()

// start the operation logger
Expand Down
6 changes: 3 additions & 3 deletions internal/experiment/webconnectivitylte/secureflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ func (t *SecureFlow) Start(ctx context.Context) {
index := t.IDGenerator.NewIDForEndpointSecure()
go func() {
defer t.WaitGroup.Done() // synchronize with the parent
t.Run(ctx, index)
_ = t.Run(ctx, index)
}()
}

Expand All @@ -122,7 +122,7 @@ func (t *SecureFlow) Run(parentCtx context.Context, index int64) error {
sampler := throttling.NewSampler(trace)
defer func() {
t.TestKeys.AppendNetworkEvents(sampler.ExtractSamples()...)
sampler.Close()
_ = sampler.Close()
}()

// start the operation logger
Expand Down Expand Up @@ -162,7 +162,7 @@ func (t *SecureFlow) Run(parentCtx context.Context, index int64) error {
// See https://github.com/ooni/probe/issues/2413 to understand
// why we're using nil to force netxlite to use the cached
// default Mozilla cert pool.
tlsConfig := &tls.Config{
tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring
NextProtos: t.alpn(),
RootCAs: nil,
ServerName: tlsSNI,
Expand Down
2 changes: 1 addition & 1 deletion internal/experiment/whatsapp/whatsapp.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ func (m Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error {
// don't care about the HTTP response code.
Target: WebHTTPSURL,
})
rnd := rand.New(rand.NewSource(time.Now().UnixNano()))
rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important
rnd.Shuffle(len(inputs), func(i, j int) {
inputs[i], inputs[j] = inputs[j], inputs[i]
})
Expand Down
4 changes: 2 additions & 2 deletions internal/fsx/fsx.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@ func openWithFS(fs fs.FS, pathname string) (fs.File, error) {
}
info, err := file.Stat()
if err != nil {
file.Close()
_ = file.Close()
return nil, err
}
if !IsRegular(info) {
file.Close()
_ = file.Close()
return nil, fmt.Errorf("%w: %s", ErrNotRegularFile, pathname)
}
return file, nil
Expand Down
Loading
Loading