From 96b57c0b40103be30b7c91fed738e4e20673ef61 Mon Sep 17 00:00:00 2001 From: Glen Johnson Date: Wed, 19 Apr 2023 10:28:51 -0600 Subject: [PATCH 1/2] Fix gosec warnings --- bin/juxtaposer/tester/db/db.go | 1 + .../http/generic/oauth/v1/protocol.go | 18 ++++++++++-------- .../plugin/connectors/http/proxy_service.go | 3 ++- .../connector/http/generic/http_test_server.go | 5 ++++- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/bin/juxtaposer/tester/db/db.go b/bin/juxtaposer/tester/db/db.go index 00c2ff0b9..7c6ccd80b 100644 --- a/bin/juxtaposer/tester/db/db.go +++ b/bin/juxtaposer/tester/db/db.go @@ -77,6 +77,7 @@ func (manager *DriverManager) ensureWantedDbDataState() error { insertItemStatement := QueryTypes["insertItem"] + fmt.Sprintf("(%s)", manager.Tester.GetQueryMarkers(5)) + /* #nosec */ err = manager.Tester.Query(insertItemStatement, fmt.Sprintf("%s%d", NameFieldPrefix, itemIndex), itemIndex, diff --git a/internal/plugin/connectors/http/generic/oauth/v1/protocol.go b/internal/plugin/connectors/http/generic/oauth/v1/protocol.go index 1dba86beb..ec175565d 100644 --- a/internal/plugin/connectors/http/generic/oauth/v1/protocol.go +++ b/internal/plugin/connectors/http/generic/oauth/v1/protocol.go @@ -3,11 +3,12 @@ package oauth1protocol import ( "bytes" "crypto/hmac" + "crypto/rand" "crypto/sha1" "encoding/base64" "fmt" "io/ioutil" - "math/rand" + "math/big" gohttp "net/http" "net/url" "sort" @@ -71,14 +72,15 @@ var requiredConfigParams = []string{ } func generateNonce(length int, charset string) string { - seededRand := rand.New( - rand.NewSource(time.Now().UnixNano())) - - randomChars := make([]byte, length) - for index := range randomChars { - randomChars[index] = charset[seededRand.Intn(len(charset))] + randomBytes := make([]byte, length) + for i := 0; i < length; i++ { + n, err := rand.Int(rand.Reader, big.NewInt(int64(len(charset)))) + if err != nil { + panic(err) + } + randomBytes[i] = charset[n.Int64()] } - return string(randomChars) + return string(randomBytes) } // checkRequiredOAuthParams returns an error if a key from diff --git a/internal/plugin/connectors/http/proxy_service.go b/internal/plugin/connectors/http/proxy_service.go index 5176b5f1d..dc6c32f73 100644 --- a/internal/plugin/connectors/http/proxy_service.go +++ b/internal/plugin/connectors/http/proxy_service.go @@ -97,7 +97,8 @@ func NewProxyService( transport := &gohttp.Transport{ TLSClientConfig: &tls.Config{ - RootCAs: caCertPool, + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, }, } diff --git a/test/connector/http/generic/http_test_server.go b/test/connector/http/generic/http_test_server.go index d14d0645f..4c4d6381f 100644 --- a/test/connector/http/generic/http_test_server.go +++ b/test/connector/http/generic/http_test_server.go @@ -85,7 +85,10 @@ func httpsServer( return nil, err } - config := &tls.Config{Certificates: []tls.Certificate{cert}} + config := &tls.Config{ + Certificates: []tls.Certificate{cert}, + MinVersion: tls.VersionTLS12, + } s.TLS = config s.StartTLS() From bad836d7f24a092dbee09ebe0afddc261fc3ed9f Mon Sep 17 00:00:00 2001 From: Glen Johnson Date: Wed, 19 Apr 2023 11:00:35 -0600 Subject: [PATCH 2/2] Update go-mssqldb submodule --- third_party/go-mssqldb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/go-mssqldb b/third_party/go-mssqldb index 54a5c1da3..77801ab86 160000 --- a/third_party/go-mssqldb +++ b/third_party/go-mssqldb @@ -1 +1 @@ -Subproject commit 54a5c1da31c85cfbb1b3bb2f6f5163c21c86be7b +Subproject commit 77801ab862fa5428431672d8c0ad264823670a2d