From 2598087a2792df0f6943157b1a6bd63f2dfe2bfb Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 2 May 2024 15:19:49 +0200 Subject: [PATCH] fix gosec linter issues and enable linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 5 ----- conditions/certificaterequest_test.go | 16 ++++++++-------- conditions/certificatesigningrequest_test.go | 14 +++++++------- conditions/issuer_test.go | 14 +++++++------- controllers/issuer_controller_test.go | 2 +- internal/kubeutil/watch.go | 14 ++------------ internal/tests/testresource/kube.go | 14 ++------------ 7 files changed, 27 insertions(+), 52 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 614a7f4..4674bbf 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,8 +1,3 @@ -issues: - exclude-rules: - - linters: - - gosec - text: ".*" linters: # Explicitly define all enabled linters disable-all: true diff --git a/conditions/certificaterequest_test.go b/conditions/certificaterequest_test.go index f3fb67c..4a2a8e1 100644 --- a/conditions/certificaterequest_test.go +++ b/conditions/certificaterequest_test.go @@ -38,7 +38,7 @@ func randomTime() time.Time { max := time.Date(2070, 1, 0, 0, 0, 0, 0, time.UTC).Unix() delta := max - min - sec := rand.Int63n(delta) + min + sec := rand.Int63n(delta) + min // #nosec: G404 -- The random time does not have to be secure. return time.Unix(sec, 0) } @@ -51,7 +51,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { conditionType cmapi.CertificateRequestConditionType status cmmeta.ConditionStatus - expectedCondition *cmapi.CertificateRequestCondition + expectedCondition cmapi.CertificateRequestCondition expectNewEntry bool } @@ -75,7 +75,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { conditionType: cmapi.CertificateRequestConditionReady, status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.CertificateRequestCondition{ + expectedCondition: cmapi.CertificateRequestCondition{ Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj1, @@ -94,7 +94,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { conditionType: cmapi.CertificateRequestConditionReady, status: cmmeta.ConditionFalse, - expectedCondition: &cmapi.CertificateRequestCondition{ + expectedCondition: cmapi.CertificateRequestCondition{ Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionFalse, LastTransitionTime: &fakeTimeObj2, @@ -118,7 +118,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { conditionType: cmapi.CertificateRequestConditionReady, status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.CertificateRequestCondition{ + expectedCondition: cmapi.CertificateRequestCondition{ Type: cmapi.CertificateRequestConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj1, @@ -142,7 +142,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { conditionType: cmapi.CertificateRequestConditionApproved, status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.CertificateRequestCondition{ + expectedCondition: cmapi.CertificateRequestCondition{ Type: cmapi.CertificateRequestConditionApproved, Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj2, @@ -193,7 +193,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { } test.expectedCondition.Reason = "NewReason" test.expectedCondition.Message = "NewMessage" - require.Equal(t, test.expectedCondition, cond) + require.Equal(t, test.expectedCondition, *cond) require.Equal(t, &fakeTimeObj2, time) // Check that the patchConditions slice got a new entry if expected @@ -206,7 +206,7 @@ func TestSetCertificateRequestStatusCondition(t *testing.T) { // Make sure only the expected condition in the patchConditions slice got updated for _, c := range patchConditions { if c.Type == test.conditionType { - require.Equal(t, test.expectedCondition, &c) + require.Equal(t, test.expectedCondition, c) continue } diff --git a/conditions/certificatesigningrequest_test.go b/conditions/certificatesigningrequest_test.go index 30b5ac3..21e3948 100644 --- a/conditions/certificatesigningrequest_test.go +++ b/conditions/certificatesigningrequest_test.go @@ -35,7 +35,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { conditionType certificatesv1.RequestConditionType status v1.ConditionStatus - expectedCondition *certificatesv1.CertificateSigningRequestCondition + expectedCondition certificatesv1.CertificateSigningRequestCondition expectNewEntry bool } @@ -59,7 +59,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { conditionType: certificatesv1.CertificateApproved, status: v1.ConditionTrue, - expectedCondition: &certificatesv1.CertificateSigningRequestCondition{ + expectedCondition: certificatesv1.CertificateSigningRequestCondition{ Type: certificatesv1.CertificateApproved, Status: v1.ConditionTrue, LastTransitionTime: fakeTimeObj1, @@ -78,7 +78,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { conditionType: certificatesv1.CertificateApproved, status: v1.ConditionFalse, - expectedCondition: &certificatesv1.CertificateSigningRequestCondition{ + expectedCondition: certificatesv1.CertificateSigningRequestCondition{ Type: certificatesv1.CertificateApproved, Status: v1.ConditionFalse, LastTransitionTime: fakeTimeObj2, @@ -102,7 +102,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { conditionType: certificatesv1.CertificateApproved, status: v1.ConditionTrue, - expectedCondition: &certificatesv1.CertificateSigningRequestCondition{ + expectedCondition: certificatesv1.CertificateSigningRequestCondition{ Type: certificatesv1.CertificateApproved, Status: v1.ConditionTrue, LastTransitionTime: fakeTimeObj1, @@ -126,7 +126,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { conditionType: certificatesv1.CertificateDenied, status: v1.ConditionTrue, - expectedCondition: &certificatesv1.CertificateSigningRequestCondition{ + expectedCondition: certificatesv1.CertificateSigningRequestCondition{ Type: certificatesv1.CertificateDenied, Status: v1.ConditionTrue, LastTransitionTime: fakeTimeObj2, @@ -181,7 +181,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { test.expectedCondition.LastUpdateTime = fakeTimeObj2 test.expectedCondition.Reason = "NewReason" test.expectedCondition.Message = "NewMessage" - require.Equal(t, test.expectedCondition, cond) + require.Equal(t, test.expectedCondition, *cond) require.Equal(t, &fakeTimeObj2, time) // Check that the patchConditions slice got a new entry if expected @@ -194,7 +194,7 @@ func TestSetCertificateSigningRequestStatusCondition(t *testing.T) { // Make sure only the expected condition in the patchConditions slice got updated for _, c := range patchConditions { if c.Type == test.conditionType { - require.Equal(t, test.expectedCondition, &c) + require.Equal(t, test.expectedCondition, c) continue } diff --git a/conditions/issuer_test.go b/conditions/issuer_test.go index f4f6911..1172fa0 100644 --- a/conditions/issuer_test.go +++ b/conditions/issuer_test.go @@ -35,7 +35,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { conditionType cmapi.IssuerConditionType status cmmeta.ConditionStatus - expectedCondition *cmapi.IssuerCondition + expectedCondition cmapi.IssuerCondition expectNewEntry bool } @@ -59,7 +59,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { conditionType: cmapi.IssuerConditionReady, status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.IssuerCondition{ + expectedCondition: cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj1, @@ -78,7 +78,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { conditionType: cmapi.IssuerConditionReady, status: cmmeta.ConditionFalse, - expectedCondition: &cmapi.IssuerCondition{ + expectedCondition: cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionFalse, LastTransitionTime: &fakeTimeObj2, @@ -102,7 +102,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { conditionType: cmapi.IssuerConditionReady, status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.IssuerCondition{ + expectedCondition: cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj1, @@ -126,7 +126,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { conditionType: cmapi.IssuerConditionType("AnotherCondition"), status: cmmeta.ConditionTrue, - expectedCondition: &cmapi.IssuerCondition{ + expectedCondition: cmapi.IssuerCondition{ Type: cmapi.IssuerConditionType("AnotherCondition"), Status: cmmeta.ConditionTrue, LastTransitionTime: &fakeTimeObj2, @@ -182,7 +182,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { test.expectedCondition.Reason = "NewReason" test.expectedCondition.Message = "NewMessage" test.expectedCondition.ObservedGeneration = 8 - require.Equal(t, test.expectedCondition, cond) + require.Equal(t, test.expectedCondition, *cond) require.Equal(t, &fakeTimeObj2, time) // Check that the patchConditions slice got a new entry if expected @@ -195,7 +195,7 @@ func TestSetIssuerStatusCondition(t *testing.T) { // Make sure only the expected condition in the patchConditions slice got updated for _, c := range patchConditions { if c.Type == test.conditionType { - require.Equal(t, test.expectedCondition, &c) + require.Equal(t, test.expectedCondition, c) continue } diff --git a/controllers/issuer_controller_test.go b/controllers/issuer_controller_test.go index 07b8e9b..bccca2c 100644 --- a/controllers/issuer_controller_test.go +++ b/controllers/issuer_controller_test.go @@ -57,7 +57,7 @@ func randomTime() time.Time { max := time.Date(2070, 1, 0, 0, 0, 0, 0, time.UTC).Unix() delta := max - min - sec := rand.Int63n(delta) + min + sec := rand.Int63n(delta) + min // #nosec: G404 -- The random time does not have to be secure. return time.Unix(sec, 0) } diff --git a/internal/kubeutil/watch.go b/internal/kubeutil/watch.go index 84f8777..5f2fe7c 100644 --- a/internal/kubeutil/watch.go +++ b/internal/kubeutil/watch.go @@ -19,12 +19,12 @@ package kubeutil import ( "context" "fmt" - "math/rand" "github.com/go-logr/logr" apimeta "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/rand" "k8s.io/client-go/util/workqueue" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" @@ -73,7 +73,7 @@ func NewLinkedResourceHandler( addToQueue func(q workqueue.RateLimitingInterface, req reconcile.Request), ) (handler.EventHandler, error) { // a random index name prevents collisions with other indexes - refField := fmt.Sprintf(".x-index.%s", randStringRunes(10)) + refField := fmt.Sprintf(".x-index.%s", rand.String(10)) if err := SetGroupVersionKind(scheme, objType); err != nil { return nil, err @@ -142,16 +142,6 @@ func (r *linkedResourceHandler) findObjectsForKind(ctx context.Context, object c return requests } -var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") - -func randStringRunes(n int) string { - b := make([]rune, n) - for i := range b { - b[i] = letterRunes[rand.Intn(len(letterRunes))] - } - return string(b) -} - // Based on https://github.com/kubernetes-sigs/controller-runtime/blob/00f2425ce068525e0ff674dba51c3e76ee6ad2da/pkg/handler/enqueue_mapped.go // Copied to this linkedResourceHandler type such that dependencies can be injected. diff --git a/internal/tests/testresource/kube.go b/internal/tests/testresource/kube.go index a3072cc..b237638 100644 --- a/internal/tests/testresource/kube.go +++ b/internal/tests/testresource/kube.go @@ -20,7 +20,6 @@ import ( "context" "errors" "fmt" - "math/rand" goruntime "runtime" "testing" "time" @@ -33,6 +32,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -205,20 +205,10 @@ func (k *OwnedKubeClients) StartObjectWatch( } } -const letterBytes = "abcdefghijklmnopqrstuvwxyz" - -func randStringBytes(n int) string { - b := make([]byte, n) - for i := range b { - b[i] = letterBytes[rand.Intn(len(letterBytes))] - } - return string(b) -} - func (k *OwnedKubeClients) SetupNamespace(tb testing.TB, ctx context.Context) (string, context.CancelFunc) { tb.Helper() - namespace := randStringBytes(15) + namespace := rand.String(15) removeNamespace := func(cleanupCtx context.Context) (bool, error) { err := k.KubeClient.CoreV1().Namespaces().Delete(cleanupCtx, namespace, metav1.DeleteOptions{})