From 2d2c5b4d59b1d9c8a1ca48f4eabef90f153ebfbd Mon Sep 17 00:00:00 2001 From: Maria Ines Parnisari Date: Wed, 18 Jun 2025 17:33:44 -0700 Subject: [PATCH] deprecate sha1 --- .golangci.yaml | 20 ++++++++++++++++++++ mage/main.go | 10 +++++----- mage/main_test.go | 2 +- mg/deps_test.go | 8 ++++---- mg/fn_test.go | 6 +++--- parse/parse.go | 9 ++------- 6 files changed, 35 insertions(+), 20 deletions(-) create mode 100644 .golangci.yaml diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 00000000..60f6a707 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,20 @@ +--- +version: "2" +run: + allow-parallel-runners: true +linters: + enable: + - "gosec" + disable: + - "errcheck" + settings: + gosec: + includes: + - G501 # Import blocklist: crypto/md5 + - G502 # Import blocklist: crypto/des + - G503 # Import blocklist: crypto/rc4 + - G504 # Import blocklist: net/http/cgi + - G505 # Import blocklist: crypto/sha1 + - G506 # Import blocklist: golang.org/x/crypto/md4 + - G507 # Import blocklist: golang.org/x/crypto/ripemd160 + diff --git a/mage/main.go b/mage/main.go index 0062bd35..f9d5df48 100644 --- a/mage/main.go +++ b/mage/main.go @@ -2,7 +2,7 @@ package mage import ( "bytes" - "crypto/sha1" + "crypto/sha3" "errors" "flag" "fmt" @@ -173,7 +173,7 @@ func ParseAndRun(stdout, stderr io.Writer, stdin io.Reader, args []string) int { case None: return Invoke(inv) default: - panic(fmt.Errorf("Unknown command type: %v", cmd)) + panic(fmt.Errorf("unknown command type: %v", cmd)) } } @@ -656,13 +656,13 @@ func ExeName(goCmd, cacheDir string, files []string) (string, error) { } // hash the mainfile template to ensure if it gets updated, we make a new // binary. - hashes = append(hashes, fmt.Sprintf("%x", sha1.Sum([]byte(mageMainfileTplString)))) + hashes = append(hashes, fmt.Sprintf("%x", sha3.Sum256([]byte(mageMainfileTplString)))) sort.Strings(hashes) ver, err := internal.OutputDebug(goCmd, "version") if err != nil { return "", err } - hash := sha1.Sum([]byte(strings.Join(hashes, "") + magicRebuildKey + ver)) + hash := sha3.Sum256([]byte(strings.Join(hashes, "") + magicRebuildKey + ver)) filename := fmt.Sprintf("%x", hash) out := filepath.Join(cacheDir, filename) @@ -679,7 +679,7 @@ func hashFile(fn string) (string, error) { } defer f.Close() - h := sha1.New() + h := sha3.New256() if _, err := io.Copy(h, f); err != nil { return "", fmt.Errorf("can't write data to hash: %v", err) } diff --git a/mage/main_test.go b/mage/main_test.go index 8b21fb4b..05c2774c 100644 --- a/mage/main_test.go +++ b/mage/main_test.go @@ -920,7 +920,7 @@ func TestOnlyStdLib(t *testing.T) { if err != nil { t.Fatal(err) } - if !filepath.HasPrefix(pkg.Dir, build.Default.GOROOT) { + if !strings.HasPrefix(pkg.Dir, build.Default.GOROOT) { t.Errorf("import of non-stdlib package: %s", s.Path.Value) } } diff --git a/mg/deps_test.go b/mg/deps_test.go index 8424544f..f1f51109 100644 --- a/mg/deps_test.go +++ b/mg/deps_test.go @@ -86,7 +86,7 @@ func TestDepError(t *testing.T) { t.Fatal("expected panic, but didn't get one") } actual := fmt.Sprint(err) - if "ouch" != actual { + if actual != "ouch" { t.Fatalf(`expected to get "ouch" but got "%s"`, actual) } }() @@ -103,7 +103,7 @@ func TestDepFatal(t *testing.T) { t.Fatal("expected panic, but didn't get one") } actual := fmt.Sprint(v) - if "ouch!" != actual { + if actual != "ouch!" { t.Fatalf(`expected to get "ouch!" but got "%s"`, actual) } err, ok := v.(error) @@ -132,7 +132,7 @@ func TestDepTwoFatal(t *testing.T) { } actual := fmt.Sprint(v) // order is non-deterministic, so check for both orders - if "ouch!\nbang!" != actual && "bang!\nouch!" != actual { + if actual != "ouch!\nbang!" && actual != "bang!\nouch!" { t.Fatalf(`expected to get "ouch!" and "bang!" but got "%s"`, actual) } err, ok := v.(error) @@ -157,7 +157,7 @@ func TestDepWithUnhandledFunc(t *testing.T) { t.Fatalf("Expected type error from panic") } }() - var NotValid func(string) string = func(a string) string { + var NotValid = func(a string) string { return a } Deps(NotValid) diff --git a/mg/fn_test.go b/mg/fn_test.go index 8ca481c8..4c1d08e6 100644 --- a/mg/fn_test.go +++ b/mg/fn_test.go @@ -51,7 +51,7 @@ func TestFuncCheck(t *testing.T) { t.Error("func is not on a namespace") } - hasContext, isNamespace, err = checkF(Foo.Bare, nil) + _, _, err = checkF(Foo.Bare, nil) if err != nil { t.Error(err) } @@ -117,11 +117,11 @@ func TestFuncCheck(t *testing.T) { } defer func() { - if r := recover(); r !=nil { + if r := recover(); r != nil { t.Error("expected a nil function argument to be handled gracefully") } }() - _, _, err = checkF(nil, []interface{}{1,2}) + _, _, err = checkF(nil, []interface{}{1, 2}) if err == nil { t.Error("expected a nil function argument to be invalid") } diff --git a/parse/parse.go b/parse/parse.go index c64e7cc2..3e157638 100644 --- a/parse/parse.go +++ b/parse/parse.go @@ -214,7 +214,7 @@ func checkDupes(info *PkgInfo, imports []*Import) error { for _, f := range funcs[alias] { ids = append(ids, f.ID()) } - return fmt.Errorf("alias %q duplicates existing target(s): %s\n", alias, strings.Join(ids, ", ")) + return fmt.Errorf("alias %q duplicates existing target(s): %s", alias, strings.Join(ids, ", ")) } funcs[alias] = append(funcs[alias], f) } @@ -792,11 +792,6 @@ func hasContextParam(ft *ast.FuncType) (bool, error) { return true, nil } -func hasVoidReturn(ft *ast.FuncType) bool { - res := ft.Results - return res.NumFields() == 0 -} - func hasErrorReturn(ft *ast.FuncType) (bool, error) { res := ft.Results if res.NumFields() == 0 { @@ -847,7 +842,7 @@ func funcType(ft *ast.FuncType) (*Function, error) { } func toOneLine(s string) string { - return strings.TrimSpace(strings.Replace(s, "\n", " ", -1)) + return strings.TrimSpace(strings.ReplaceAll(s, "\n", " ")) } var argTypes = map[string]string{