Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-31 14:01:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore(lint): enable gosec (#7792)

Browse Source 
Enable "gosec" linter.

Exclude:

- All G115 (integer overflow) findings, to be fixed separately.

Add targeted gosec annotations for:

- non-crypto math/rand usage
- md5 used only for file change detection
- G114 ("net/http serve with no timeout settings"), to be fixed
  separately.

Other findings fixed.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit is contained in:
Ville Vesilehto
2025-12-30 00:01:27 +02:00
committed by GitHub
parent 1e0095d9b0
commit b21c752d7f
13 changed files with 35 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/loadbalance/weighted.go
View File

@@ -3,7 +3,7 @@ package loadbalance
import (
"bufio"
"bytes"
"crypto/md5"
"crypto/md5" // #nosec G501 -- used only as a checksum for file change detection (not for security).
"errors"
"fmt"
"io"
@@ -52,7 +52,7 @@ type randomUint struct {
}
func (r *randomUint) randInit() {
r.rn = rand.New(rand.NewSource(time.Now().UnixNano()))
r.rn = rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- non-cryptographic randomness for load balancing.
}
func (r *randomUint) randUint(limit uint) uint {
@@ -245,7 +245,7 @@ func (w *weightedRR) updateWeights() error {
if err != nil {
return err
}
md5sum := md5.Sum(bytes)
md5sum := md5.Sum(bytes) // #nosec G401 -- used only as a checksum for file change detection (not for security).
if md5sum == w.md5sum {
// file contents has not changed
return nil