From b06a6672dd10923e28254c6d9060a36a8c0dee88 Mon Sep 17 00:00:00 2001 From: Sergio Arroutbi Date: Thu, 3 Oct 2024 13:55:27 +0200 Subject: [PATCH] Fix issues related to gosec output Signed-off-by: Sergio Arroutbi --- api/v1alpha1/tangserver_types.go | 10 +++++----- controllers/tangserver_controller.go | 20 +++++++++++++------ .../tangserver_controller_deployment.go | 4 ++-- controllers/tangserver_controller_pod.go | 2 +- controllers/tangserver_controller_service.go | 6 +++--- 5 files changed, 25 insertions(+), 17 deletions(-) diff --git a/api/v1alpha1/tangserver_types.go b/api/v1alpha1/tangserver_types.go index e43aa3f3..8337b382 100644 --- a/api/v1alpha1/tangserver_types.go +++ b/api/v1alpha1/tangserver_types.go @@ -32,7 +32,7 @@ type TangServerSpec struct { // Replicas is the Tang Server amount to bring up // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Amount of replicas to launch" - Replicas uint32 `json:"replicas"` + Replicas int32 `json:"replicas"` // Persistent Volume Claim to store the keys // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Persistent Volume Claim to attach to (default:tangserver-pvc)" @@ -57,7 +57,7 @@ type TangServerSpec struct { // PodListenPort is the port where pods will listen for traffic // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Port where Pod will listen " // +optional - PodListenPort uint32 `json:"podListenPort,omitempty"` + PodListenPort int32 `json:"podListenPort,omitempty"` // Secret is the secret name to use to download image appropriately // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Secret name to use for container download" @@ -67,7 +67,7 @@ type TangServerSpec struct { // ServiceListenPort is the port where service will listen for traffic // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Port where service will listen" // +optional - ServiceListenPort uint32 `json:"serviceListenPort,omitempty"` + ServiceListenPort int32 `json:"serviceListenPort,omitempty"` // ResourceRequest is the resource request to perform for each pod // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Resources Request for Tang Server" @@ -175,11 +175,11 @@ type TangServerStatus struct { // Tang Server Running provides information about the Running Replicas // +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server Running Replicas" // +optional - Running uint32 `json:"running"` + Running int32 `json:"running"` // Tang Server Ready provides information about the Ready Replicas // +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server Ready Replicas" // +optional - Ready uint32 `json:"ready"` + Ready int32 `json:"ready"` // Tang Server Service External URL provides information about the External Service URL // +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:text",displayName="Tang Server External URL" // +optional diff --git a/controllers/tangserver_controller.go b/controllers/tangserver_controller.go index 37150ea9..160d4cb5 100644 --- a/controllers/tangserver_controller.go +++ b/controllers/tangserver_controller.go @@ -18,9 +18,10 @@ package controllers import ( "context" + "crypto/rand" "crypto/sha256" "fmt" - "math/rand" + "math/big" "os" "time" @@ -90,7 +91,11 @@ func dumpToErrFile(msg string) { func getSHA256() string { data := make([]byte, 10) for i := range data { - data[i] = byte(rand.Intn(256)) + d, err := rand.Int(rand.Reader, big.NewInt(256)) + if err != nil { + panic(err) + } + data[i] = byte(d.Int64()) } sha := fmt.Sprintf("%x", sha256.Sum256(data)) return sha @@ -312,15 +317,18 @@ func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo) bool { } else { GetLogInstance().Info("Using default active keys", "Key Amount", requiredActiveKeyPairs) } - GetLogInstance().Info("createNewKeysIfNecessary", "Active Keys", uint32(len(k.TangServer.Status.ActiveKeys)), "Required Active Keys", requiredActiveKeyPairs) + GetLogInstance().Info("createNewKeysIfNecessary", "Active Keys", int(len(k.TangServer.Status.ActiveKeys)), + "Required Active Keys", requiredActiveKeyPairs) // Only create if more than one required active key pairs. Otherwise, they are automatically created - if uint32(len(k.TangServer.Status.ActiveKeys)) < requiredActiveKeyPairs && requiredActiveKeyPairs > 1 { + if int(len(k.TangServer.Status.ActiveKeys)) < int(requiredActiveKeyPairs) && requiredActiveKeyPairs > 1 { if err := createNewPairOfKeys(k); err != nil { GetLogInstance().Error(err, "Unable to create new keys", "KeyObtainInfo", k) r.Recorder.Event(k.TangServer, "Error", "NewKeys", "Unable to create new pair of keys") } else { - GetLogInstance().Info("New Active Keys Created", "KeyObtainInfo", k, "Active Keys", uint32(len(k.TangServer.Status.ActiveKeys)), "Required Active Keys", requiredActiveKeyPairs) - r.Recorder.Event(k.TangServer, "Normal", "NewKeys", fmt.Sprintf("Created %d active pair of keys", uint32(len(k.TangServer.Status.ActiveKeys)))) + GetLogInstance().Info("New Active Keys Created", "KeyObtainInfo", k, "Active Keys", + len(k.TangServer.Status.ActiveKeys), "Required Active Keys", requiredActiveKeyPairs) + r.Recorder.Event(k.TangServer, "Normal", "NewKeys", fmt.Sprintf("Created %d active pair of keys", + len(k.TangServer.Status.ActiveKeys))) return true } } diff --git a/controllers/tangserver_controller_deployment.go b/controllers/tangserver_controller_deployment.go index dc7686cd..6020b7f6 100644 --- a/controllers/tangserver_controller_deployment.go +++ b/controllers/tangserver_controller_deployment.go @@ -67,8 +67,8 @@ func getDeployment(cr *daemonsv1alpha1.TangServer) *appsv1.Deployment { } // getDeploymentReadyReplicas function returns ready replicas -func getDeploymentReadyReplicas(deployment *appsv1.Deployment) uint32 { - return uint32(deployment.Status.ReadyReplicas) +func getDeploymentReadyReplicas(deployment *appsv1.Deployment) int32 { + return deployment.Status.ReadyReplicas } // isDeploymentReady returns a true bool if the deployment has all its pods ready diff --git a/controllers/tangserver_controller_pod.go b/controllers/tangserver_controller_pod.go index 5ac4fe60..da3eb919 100644 --- a/controllers/tangserver_controller_pod.go +++ b/controllers/tangserver_controller_pod.go @@ -29,7 +29,7 @@ const DEFAULT_TANGSERVER_PVC_NAME = "tangserver-pvc" const DEFAULT_TANGSERVER_SECRET = "tangserversecret" // getPodListenPort function returns the internal port where tangserver will listen -func getPodListenPort(cr *daemonsv1alpha1.TangServer) uint32 { +func getPodListenPort(cr *daemonsv1alpha1.TangServer) int32 { if cr.Spec.PodListenPort != 0 { return cr.Spec.PodListenPort } diff --git a/controllers/tangserver_controller_service.go b/controllers/tangserver_controller_service.go index d96e9deb..f8889207 100644 --- a/controllers/tangserver_controller_service.go +++ b/controllers/tangserver_controller_service.go @@ -40,8 +40,8 @@ func getServiceName(tangserver *daemonsv1alpha1.TangServer) string { } // getServicePort function returns service name -func getServicePort(tangserver *daemonsv1alpha1.TangServer) uint32 { - servicePort := uint32(tangserver.Spec.ServiceListenPort) +func getServicePort(tangserver *daemonsv1alpha1.TangServer) int32 { + servicePort := tangserver.Spec.ServiceListenPort if servicePort == 0 { servicePort = DEFAULT_SERVICE_PORT } @@ -90,7 +90,7 @@ func getService(tangserver *daemonsv1alpha1.TangServer) *corev1.Service { Ports: []corev1.ServicePort{ { Name: DEFAULT_SERVICE_PROTO, - Port: int32(servicePort), + Port: servicePort, TargetPort: intstr.FromInt(int(getPodListenPort(tangserver))), }, },