diff --git a/.golangci.yaml b/.golangci.yaml index 2a82a1e6..beeaeaff 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -36,9 +36,9 @@ linters: - errorlint - exportloopref # - gocritic - # - godot + - godot # - gomoddirectives - # - gosec + - gosec - nakedret - nilerr - nilnil @@ -79,4 +79,5 @@ issues: exclude-rules: - path: _test\.go linters: - - unparam \ No newline at end of file + - unparam + - gosec \ No newline at end of file diff --git a/common/metrics/metrics.go b/common/metrics/metrics.go index a087bdde..68179195 100644 --- a/common/metrics/metrics.go +++ b/common/metrics/metrics.go @@ -21,6 +21,7 @@ import ( "net" "net/http" "os" + "time" "github.com/pkg/errors" "github.com/prometheus/client_golang/prometheus/promhttp" @@ -100,8 +101,11 @@ func Start(bindAddress string) (*PrometheusMetrics, error) { } p := &PrometheusMetrics{ - server: &http.Server{Handler: mux}, - port: listener.Addr().(*net.TCPAddr).Port, + server: &http.Server{ + Handler: mux, + ReadHeaderTimeout: time.Second, + }, + port: listener.Addr().(*net.TCPAddr).Port, } slog.Info(fmt.Sprintf("Serving Prometheus metrics at http://localhost:%d/metrics", p.port)) diff --git a/common/pprof.go b/common/pprof.go index 9587de4b..17cb787f 100644 --- a/common/pprof.go +++ b/common/pprof.go @@ -20,9 +20,10 @@ import ( "io" "log/slog" "net/http" - _ "net/http/pprof" + _ "net/http/pprof" //nolint:gosec "os" "runtime/pprof" + "time" ) var ( @@ -48,8 +49,9 @@ func DoWithLabels(labels map[string]string, f func()) { func RunProfiling() io.Closer { s := &http.Server{ - Addr: PprofBindAddress, - Handler: http.DefaultServeMux, + Addr: PprofBindAddress, + Handler: http.DefaultServeMux, + ReadHeaderTimeout: time.Second, } if !PprofEnable { diff --git a/coordinator/impl/metadata_file.go b/coordinator/impl/metadata_file.go index 1d8c9416..63279638 100644 --- a/coordinator/impl/metadata_file.go +++ b/coordinator/impl/metadata_file.go @@ -113,7 +113,7 @@ func (m *metadataProviderFile) Store(cs *model.ClusterStatus, expectedVersion Ve return "", err } - if err := os.WriteFile(m.path, newContent, 0640); err != nil { + if err := os.WriteFile(m.path, newContent, 0600); err != nil { return MetadataNotExists, err } diff --git a/coordinator/impl/shard_controller.go b/coordinator/impl/shard_controller.go index 4d310fb0..111ba11a 100644 --- a/coordinator/impl/shard_controller.go +++ b/coordinator/impl/shard_controller.go @@ -563,7 +563,7 @@ func (s *shardController) selectNewLeader(newTermResponses map[model.ServerAddre } // Select a random leader among the nodes with the highest entry in the wal - leader = candidates[rand.Intn(len(candidates))] + leader = candidates[rand.Intn(len(candidates))] //nolint:gosec followers = make(map[model.ServerAddress]*proto.EntryId) for a, e := range newTermResponses { if a != leader { diff --git a/oxia/async_client_impl.go b/oxia/async_client_impl.go index cd02d45c..33cdebf1 100644 --- a/oxia/async_client_impl.go +++ b/oxia/async_client_impl.go @@ -212,10 +212,10 @@ func (c *clientImpl) List(ctx context.Context, minKeyInclusive string, maxKeyExc ch := make(chan ListResult) wg := common.NewWaitGroup(len(shardIds)) for _, shardId := range shardIds { - shardIdPtr := &shardId + shardIdPtr := shardId go func() { request := &proto.ListRequest{ - ShardId: shardIdPtr, + ShardId: &shardIdPtr, StartInclusive: minKeyInclusive, EndExclusive: maxKeyExclusive, } diff --git a/perf/perf.go b/perf/perf.go index 3053c000..2f03cfbd 100644 --- a/perf/perf.go +++ b/perf/perf.go @@ -153,7 +153,7 @@ func (p *perf) generateWriteTraffic(ctx context.Context, client oxia.AsyncClient return } - key := p.keys[rand.Intn(int(p.config.KeysCardinality))] + key := p.keys[rand.Intn(int(p.config.KeysCardinality))] //nolint:gosec start := time.Now() ch := client.Put(key, value) @@ -188,7 +188,7 @@ func (p *perf) generateReadTraffic(ctx context.Context, client oxia.AsyncClient, return } - key := p.keys[rand.Intn(int(p.config.KeysCardinality))] + key := p.keys[rand.Intn(int(p.config.KeysCardinality))] //nolint:gosec start := time.Now() ch := client.Get(key)