Fix issues related to gosec output

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
openshift · Oct 3, 2024 · b06a667 · b06a667
1 parent 3421056
commit b06a667
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 17 deletions.
diff --git a/api/v1alpha1/tangserver_types.go b/api/v1alpha1/tangserver_types.go
@@ -32,7 +32,7 @@ type TangServerSpec struct {
 
 	// Replicas is the Tang Server amount to bring up
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Amount of replicas to launch"
-	Replicas uint32 `json:"replicas"`
+	Replicas int32 `json:"replicas"`
 
 	// Persistent Volume Claim to store the keys
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Persistent Volume Claim to attach to (default:tangserver-pvc)"
@@ -57,7 +57,7 @@ type TangServerSpec struct {
 	// PodListenPort is the port where pods will listen for traffic
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Port where Pod will listen "
 	// +optional
-	PodListenPort uint32 `json:"podListenPort,omitempty"`
+	PodListenPort int32 `json:"podListenPort,omitempty"`
 
 	// Secret is the secret name to use to download image appropriately
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Secret name to use for container download"
@@ -67,7 +67,7 @@ type TangServerSpec struct {
 	// ServiceListenPort is the port where service will listen for traffic
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Port where service will listen"
 	// +optional
-	ServiceListenPort uint32 `json:"serviceListenPort,omitempty"`
+	ServiceListenPort int32 `json:"serviceListenPort,omitempty"`
 
 	// ResourceRequest is the resource request to perform for each pod
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Resources Request for Tang Server"
@@ -175,11 +175,11 @@ type TangServerStatus struct {
 	// Tang Server Running provides information about the Running Replicas
 	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server Running Replicas"
 	// +optional
-	Running uint32 `json:"running"`
+	Running int32 `json:"running"`
 	// Tang Server Ready provides information about the Ready Replicas
 	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server Ready Replicas"
 	// +optional
-	Ready uint32 `json:"ready"`
+	Ready int32 `json:"ready"`
 	// Tang Server Service External URL provides information about the External Service URL
 	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server External URL"
 	// +optional

diff --git a/controllers/tangserver_controller.go b/controllers/tangserver_controller.go
@@ -18,9 +18,10 @@ package controllers
 
 import (
 	"context"
+	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
-	"math/rand"
+	"math/big"
 	"os"
 	"time"
 
@@ -90,7 +91,11 @@ func dumpToErrFile(msg string) {
 func getSHA256() string {
 	data := make([]byte, 10)
 	for i := range data {
-		data[i] = byte(rand.Intn(256))
+		d, err := rand.Int(rand.Reader, big.NewInt(256))
+		if err != nil {
+			panic(err)
+		}
+		data[i] = byte(d.Int64())
 	}
 	sha := fmt.Sprintf("%x", sha256.Sum256(data))
 	return sha
@@ -312,15 +317,18 @@ func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo) bool {
 	} else {
 		GetLogInstance().Info("Using default active keys", "Key Amount", requiredActiveKeyPairs)
 	}
-	GetLogInstance().Info("createNewKeysIfNecessary", "Active Keys", uint32(len(k.TangServer.Status.ActiveKeys)), "Required Active Keys", requiredActiveKeyPairs)
+	GetLogInstance().Info("createNewKeysIfNecessary", "Active Keys", int(len(k.TangServer.Status.ActiveKeys)),
+		"Required Active Keys", requiredActiveKeyPairs)
 	// Only create if more than one required active key pairs. Otherwise, they are automatically created
-	if uint32(len(k.TangServer.Status.ActiveKeys)) < requiredActiveKeyPairs && requiredActiveKeyPairs > 1 {
+	if int(len(k.TangServer.Status.ActiveKeys)) < int(requiredActiveKeyPairs) && requiredActiveKeyPairs > 1 {
 		if err := createNewPairOfKeys(k); err != nil {
 			GetLogInstance().Error(err, "Unable to create new keys", "KeyObtainInfo", k)
 			r.Recorder.Event(k.TangServer, "Error", "NewKeys", "Unable to create new pair of keys")
 		} else {
-			GetLogInstance().Info("New Active Keys Created", "KeyObtainInfo", k, "Active Keys", uint32(len(k.TangServer.Status.ActiveKeys)), "Required Active Keys", requiredActiveKeyPairs)
-			r.Recorder.Event(k.TangServer, "Normal", "NewKeys", fmt.Sprintf("Created %d active pair of keys", uint32(len(k.TangServer.Status.ActiveKeys))))
+			GetLogInstance().Info("New Active Keys Created", "KeyObtainInfo", k, "Active Keys",
+				len(k.TangServer.Status.ActiveKeys), "Required Active Keys", requiredActiveKeyPairs)
+			r.Recorder.Event(k.TangServer, "Normal", "NewKeys", fmt.Sprintf("Created %d active pair of keys",
+				len(k.TangServer.Status.ActiveKeys)))
 			return true
 		}
 	}

diff --git a/controllers/tangserver_controller_deployment.go b/controllers/tangserver_controller_deployment.go
@@ -67,8 +67,8 @@ func getDeployment(cr *daemonsv1alpha1.TangServer) *appsv1.Deployment {
 }
 
 // getDeploymentReadyReplicas function returns ready replicas
-func getDeploymentReadyReplicas(deployment *appsv1.Deployment) uint32 {
-	return uint32(deployment.Status.ReadyReplicas)
+func getDeploymentReadyReplicas(deployment *appsv1.Deployment) int32 {
+	return deployment.Status.ReadyReplicas
 }
 
 // isDeploymentReady returns a true bool if the deployment has all its pods ready

diff --git a/controllers/tangserver_controller_pod.go b/controllers/tangserver_controller_pod.go
@@ -29,7 +29,7 @@ const DEFAULT_TANGSERVER_PVC_NAME = "tangserver-pvc"
 const DEFAULT_TANGSERVER_SECRET = "tangserversecret"
 
 // getPodListenPort function returns the internal port where tangserver will listen
-func getPodListenPort(cr *daemonsv1alpha1.TangServer) uint32 {
+func getPodListenPort(cr *daemonsv1alpha1.TangServer) int32 {
 	if cr.Spec.PodListenPort != 0 {
 		return cr.Spec.PodListenPort
 	}

diff --git a/controllers/tangserver_controller_service.go b/controllers/tangserver_controller_service.go
@@ -40,8 +40,8 @@ func getServiceName(tangserver *daemonsv1alpha1.TangServer) string {
 }
 
 // getServicePort function returns service name
-func getServicePort(tangserver *daemonsv1alpha1.TangServer) uint32 {
-	servicePort := uint32(tangserver.Spec.ServiceListenPort)
+func getServicePort(tangserver *daemonsv1alpha1.TangServer) int32 {
+	servicePort := tangserver.Spec.ServiceListenPort
 	if servicePort == 0 {
 		servicePort = DEFAULT_SERVICE_PORT
 	}
@@ -90,7 +90,7 @@ func getService(tangserver *daemonsv1alpha1.TangServer) *corev1.Service {
 			Ports: []corev1.ServicePort{
 				{
 					Name:       DEFAULT_SERVICE_PROTO,
-					Port:       int32(servicePort),
+					Port:       servicePort,
 					TargetPort: intstr.FromInt(int(getPodListenPort(tangserver))),
 				},
 			},