From f9127c917e1916c9ae23105b8cb84f7d3570fa40 Mon Sep 17 00:00:00 2001 From: srfrog <8219721+srfrog@users.noreply.github.com> Date: Wed, 15 Sep 2021 01:30:00 -0400 Subject: [PATCH] Fix for SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 High severity vulnerability found in github.com/satori/go.uuid Description: Insecure Randomness Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 Introduced through: github.com/satori/go.uuid@1.2.0 From: github.com/satori/go.uuid@1.2.0 --- go.mod | 3 +-- go.sum | 11 ++--------- util.go | 8 ++++---- 3 files changed, 7 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 11cdab2..a752780 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( camlistore.org v0.0.0-20171230002226-a5a65f0d8b22 github.com/garyburd/redigo v1.6.2 - github.com/satori/go.uuid v1.2.0 + github.com/gofrs/uuid v4.0.0+incompatible github.com/sirupsen/logrus v1.8.1 github.com/srfrog/go-strarr v1.0.0 ) @@ -13,5 +13,4 @@ require ( require ( github.com/codehack/go-strarr v1.0.0 // indirect golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect ) diff --git a/go.sum b/go.sum index 2362cf1..c624246 100644 --- a/go.sum +++ b/go.sum @@ -6,15 +6,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/garyburd/redigo v1.6.2 h1:yE/pwKCrbLpLpQICzYTeZ7JsTA/C53wFTJHaEtRqniM= github.com/garyburd/redigo v1.6.2/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= +github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/srfrog/go-strarr v1.0.0 h1:UYP9F2BkH8BfVoseDo/HiyVuxM63YOsLe7rxkMlD5lk= @@ -23,5 +18,3 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/util.go b/util.go index d73d861..27b2c52 100644 --- a/util.go +++ b/util.go @@ -9,7 +9,7 @@ import ( "strconv" "strings" - "github.com/satori/go.uuid" + "github.com/gofrs/uuid" ) // These status codes are inaccessible in net/http but they work with http.StatusText(). @@ -41,7 +41,7 @@ const ( // A valid ID must be between 20 and 200 chars in length, and URL-encoded. func NewRequestID(id string) string { if id == "" { - return uuid.NewV4().String() + return uuid.Must(uuid.NewV4()).String() } l := 0 for i, c := range id { @@ -53,12 +53,12 @@ func NewRequestID(id string) string { case i > 199: fallthrough default: - return uuid.NewV4().String() + return uuid.Must(uuid.NewV4()).String() } l = i } if l < 20 { - return uuid.NewV4().String() + return uuid.Must(uuid.NewV4()).String() } return id }