mirror of
https://github.com/fluencelabs/tendermint
synced 2025-06-22 01:11:32 +00:00
make gosec linter pass (#3294)
* not related to linter: remove obsolete constants: - `Insecure` and `Secure` and type `Security` are not used anywhere * not related to linter: update example - NewInsecure was deleted; change example to NewRemoteDB * address: Binds to all network interfaces (gosec): - bind to localhost instead of 0.0.0.0 - regenerate test key and cert for this purpose (was valid for ::) and otherwise we would see: transport: authentication handshake failed: x509: certificate is valid for ::, not 127.0.0.1\" (used https://github.com/google/keytransparency/blob/master/scripts/gen_server_keys.sh to regenerate certs) * use sha256 in tests instead of md5; time difference is negligible * nolint usage of math/rand in test and add comment on its import - crypto/rand is slower and we do not need sth more secure in tests * enable linter in circle-ci * another nolint math/rand in test * replace another occurrence of md5 * consistent comment about importing math/rand
This commit is contained in:
Ismail Khoffi
committed by
Anton Kaliaev
Anton Kaliaev
parent
7fd51e6ade
commit
b089587b42
@ -1,11 +1,14 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"crypto/sha256"
|
||||
"encoding/binary"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
// it is ok to use math/rand here: we do not need a cryptographically secure random
|
||||
// number generator here and we can run the tests a bit faster
|
||||
"math/rand"
|
||||
"net"
|
||||
"net/http"
|
||||
@ -154,12 +157,12 @@ func (t *transacter) sendLoop(connIndex int) {
|
||||
}()
|
||||
|
||||
// hash of the host name is a part of each tx
|
||||
var hostnameHash [md5.Size]byte
|
||||
var hostnameHash [sha256.Size]byte
|
||||
hostname, err := os.Hostname()
|
||||
if err != nil {
|
||||
hostname = "127.0.0.1"
|
||||
}
|
||||
hostnameHash = md5.Sum([]byte(hostname))
|
||||
hostnameHash = sha256.Sum256([]byte(hostname))
|
||||
// each transaction embeds connection index, tx number and hash of the hostname
|
||||
// we update the tx number between successive txs
|
||||
tx := generateTx(connIndex, txNumber, t.Size, hostnameHash)
|
||||
@ -257,7 +260,7 @@ func connect(host string) (*websocket.Conn, *http.Response, error) {
|
||||
return websocket.DefaultDialer.Dial(u.String(), nil)
|
||||
}
|
||||
|
||||
func generateTx(connIndex int, txNumber int, txSize int, hostnameHash [md5.Size]byte) []byte {
|
||||
func generateTx(connIndex int, txNumber int, txSize int, hostnameHash [sha256.Size]byte) []byte {
|
||||
tx := make([]byte, txSize)
|
||||
|
||||
binary.PutUvarint(tx[:8], uint64(connIndex))
|
||||
@ -266,7 +269,7 @@ func generateTx(connIndex int, txNumber int, txSize int, hostnameHash [md5.Size]
|
||||
binary.PutUvarint(tx[32:40], uint64(time.Now().Unix()))
|
||||
|
||||
// 40-* random data
|
||||
if _, err := rand.Read(tx[40:]); err != nil {
|
||||
if _, err := rand.Read(tx[40:]); err != nil { //nolint: gosec
|
||||
panic(errors.Wrap(err, "failed to read random bytes"))
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user