From 4574dd3939f9e5a6f8b004cb8f63aa26518738d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Mar 2023 12:59:12 +0000 Subject: [PATCH 1/3] build(deps): bump github.com/jackc/pgx/v5 from 5.3.0 to 5.3.1 Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.3.0 to 5.3.1. - [Release notes](https://github.com/jackc/pgx/releases) - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.3.0...v5.3.1) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 13b2cb8..ada438f 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/anacrolix/torrent v1.48.0 github.com/cespare/xxhash/v2 v2.2.0 github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/jackc/pgx/v5 v5.3.0 + github.com/jackc/pgx/v5 v5.3.1 github.com/julienschmidt/httprouter v1.3.0 github.com/libp2p/go-reuseport v0.2.0 github.com/minio/sha256-simd v1.0.0 diff --git a/go.sum b/go.sum index 9584fbc..a325822 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.3.0 h1:/NQi8KHMpKWHInxXesC8yD4DhkXPrVhmnwYkjp9AmBA= -github.com/jackc/pgx/v5 v5.3.0/go.mod h1:t3JDKnCBlYIc0ewLF0Q7B8MXmoIaBOZj/ic7iHozM/8= +github.com/jackc/pgx/v5 v5.3.1 h1:Fcr8QJ1ZeLi5zsPZqQeUZhNhxfkkKBOgJuYkJHoBOtU= +github.com/jackc/pgx/v5 v5.3.1/go.mod h1:t3JDKnCBlYIc0ewLF0Q7B8MXmoIaBOZj/ic7iHozM/8= github.com/jackc/puddle/v2 v2.2.0 h1:RdcDk92EJBuBS55nQMMYFXTxwstHug4jkhT5pq8VxPk= github.com/jackc/puddle/v2 v2.2.0/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= From 3e5a26dd5011cba3770aea8ac14a5cc1a47f4e17 Mon Sep 17 00:00:00 2001 From: "Lawrence, Rendall" Date: Fri, 3 Mar 2023 12:21:57 +0300 Subject: [PATCH 2/3] fix lint warnings, update wf go version --- .github/workflows/build.yaml | 2 +- .github/workflows/lint.yaml | 2 +- cmd/mochi-e2e/e2e.go | 8 ++++---- middleware/jwt/jwt_test.go | 9 +++++++-- storage/test/storage_bench.go | 5 ++++- storage/test/storage_test_data.go | 12 +++++++----- 6 files changed, 24 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f8aa42a..e7d5d1a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,7 +15,7 @@ jobs: - uses: "actions/checkout@v3" - uses: "actions/setup-go@v3" with: - go-version: "^1.19" + go-version: ">=1.19" - name: "Build" run: "go build ./cmd/..." diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e2fd4d4..b8fd7f8 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,7 +15,7 @@ jobs: - uses: "actions/checkout@v3" - uses: "actions/setup-go@v3" with: - go-version: "^1.19" + go-version: ">=1.19" - uses: "authzed/actions/gofumpt@main" - uses: "authzed/actions/go-mod-tidy@main" - uses: "authzed/actions/go-generate@main" diff --git a/cmd/mochi-e2e/e2e.go b/cmd/mochi-e2e/e2e.go index 9841c72..11fe030 100644 --- a/cmd/mochi-e2e/e2e.go +++ b/cmd/mochi-e2e/e2e.go @@ -3,17 +3,15 @@ package main import ( + "crypto/rand" "flag" "fmt" "log" - "math/rand" "time" "github.com/anacrolix/torrent/tracker" "github.com/sot-tech/mochi/bittorrent" - - _ "github.com/sot-tech/mochi/pkg/randseed" ) func main() { @@ -43,7 +41,9 @@ func main() { func test(addr string, delay time.Duration) error { b := make([]byte, bittorrent.InfoHashV1Len) - rand.Read(b) + if _, err := rand.Read(b); err != nil { + panic(err) + } ih, _ := bittorrent.NewInfoHash(b) return testWithInfoHash(ih, addr, delay) } diff --git a/middleware/jwt/jwt_test.go b/middleware/jwt/jwt_test.go index 04a4983..f2b7997 100644 --- a/middleware/jwt/jwt_test.go +++ b/middleware/jwt/jwt_test.go @@ -4,6 +4,7 @@ import ( "context" "crypto/ecdsa" "crypto/elliptic" + cr "crypto/rand" "encoding/base64" "encoding/json" "math/rand" @@ -74,7 +75,9 @@ func init() { _ = log.ConfigureLogger("", "info", false, false) privKey, _ = jwt.ParseECPrivateKeyFromPEM([]byte(privKeyPEM)) ihBytes := make([]byte, bittorrent.InfoHashV1Len) - rand.Read(ihBytes) + if _, err := cr.Read(ihBytes); err != nil { + panic(err) + } infoHash, _ = bittorrent.NewInfoHash(ihBytes) s2 := sha256.New() s2.Write(elliptic.Marshal(privKey.PublicKey.Curve, privKey.PublicKey.X, privKey.PublicKey.Y)) @@ -158,7 +161,9 @@ func TestHook_HandleAnnounceInvalid(t *testing.T) { token.Header["kid"] = jwksData.Keys[0].KeyID k := make([]byte, 20) - rand.Read(k) + if _, err := cr.Read(k); err != nil { + panic(err) + } tokenString, err := token.SignedString(k) require.Nil(t, err) //goland:noinspection HttpUrlsUsage diff --git a/storage/test/storage_bench.go b/storage/test/storage_bench.go index fa2765a..b86c6f7 100644 --- a/storage/test/storage_bench.go +++ b/storage/test/storage_bench.go @@ -4,6 +4,7 @@ package test import ( "context" + cr "crypto/rand" "math/rand" "net" "net/netip" @@ -42,7 +43,9 @@ func generatePeers() (a [peersCount]bittorrent.Peer) { } else { ip = make([]byte, net.IPv6len) } - rand.Read(ip) + if _, err := cr.Read(ip); err != nil { + panic(err) + } addr, ok := netip.AddrFromSlice(ip) if !ok { panic("unable to create ip from random bytes") diff --git a/storage/test/storage_test_data.go b/storage/test/storage_test_data.go index 38ed925..bbaa77c 100644 --- a/storage/test/storage_test_data.go +++ b/storage/test/storage_test_data.go @@ -3,12 +3,10 @@ package test import ( - "math/rand" + "crypto/rand" "net/netip" "github.com/sot-tech/mochi/bittorrent" - // used for seeding global math.Rand - _ "github.com/sot-tech/mochi/pkg/randseed" ) var ( @@ -25,14 +23,18 @@ func randIH(v2 bool) (ih bittorrent.InfoHash) { } else { b = make([]byte, bittorrent.InfoHashV1Len) } - rand.Read(b) + if _, err := rand.Read(b); err != nil { + panic(err) + } ih, _ = bittorrent.NewInfoHash(b) return } func randPeerID() (ih bittorrent.PeerID) { b := make([]byte, bittorrent.PeerIDLen) - rand.Read(b) + if _, err := rand.Read(b); err != nil { + panic(err) + } ih, _ = bittorrent.NewPeerID(b) return } From 13dbeb63189392311da3092113ee0a78a529c919 Mon Sep 17 00:00:00 2001 From: "Lawrence, Rendall" Date: Fri, 3 Mar 2023 12:47:56 +0300 Subject: [PATCH 3/3] add separate job for golangci wf --- .github/workflows/lint.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b8fd7f8..1f077d2 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -19,7 +19,18 @@ jobs: - uses: "authzed/actions/gofumpt@main" - uses: "authzed/actions/go-mod-tidy@main" - uses: "authzed/actions/go-generate@main" - - uses: "authzed/actions/golangci-lint@main" + + go-lint-ci: + name: "Lint CI" + runs-on: "ubuntu-latest" + steps: + - uses: "actions/checkout@v3" + - uses: "actions/setup-go@v3" + with: + go-version: ">=1.19" + - uses: "golangci/golangci-lint-action@v3" + with: + version: "latest" codeql: name: "Analyze with CodeQL"