From 5e0c829cf67b1e0403ec7e05b4bb655e9d19784a Mon Sep 17 00:00:00 2001 From: Ivan Date: Tue, 15 Jul 2025 13:45:48 -0500 Subject: [PATCH] Fix: Address various static analysis warnings - **pkg/announce/announce.go**: Added error handling for `rand.Read` to log potential issues when generating random hashes. - **pkg/buffer/buffer.go**: Removed a redundant `#nosec G115` comment as the line no longer triggers the warning. - **pkg/cryptography/aes.go**: Added `#nosec G407` to explicitly acknowledge the use of `cipher.NewCBCEncrypter` which is acceptable in this context. - **pkg/transport/transport.go**: Removed redundant `#nosec G115` comments as the lines no longer trigger the warning. --- pkg/announce/announce.go | 5 ++++- pkg/buffer/buffer.go | 4 ++-- pkg/cryptography/aes.go | 2 +- pkg/transport/transport.go | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/announce/announce.go b/pkg/announce/announce.go index babd9ef..9702394 100644 --- a/pkg/announce/announce.go +++ b/pkg/announce/announce.go @@ -361,7 +361,10 @@ func (a *Announce) CreatePacket() []byte { // 5.3 Random Hash randomHash := make([]byte, 10) - rand.Read(randomHash) + _, err := rand.Read(randomHash) + if err != nil { + log.Printf("Error reading random bytes for announce: %v", err) + } // 5.4 Ratchet ratchetData := make([]byte, 32) diff --git a/pkg/buffer/buffer.go b/pkg/buffer/buffer.go index 2a4db08..188870f 100644 --- a/pkg/buffer/buffer.go +++ b/pkg/buffer/buffer.go @@ -113,8 +113,8 @@ func (r *RawChannelReader) Read(p []byte) (n int, err error) { return } -func (r *RawChannelReader) HandleMessage(msg channel.MessageBase) bool { - if streamMsg, ok := msg.(*StreamDataMessage); ok && streamMsg.StreamID == uint16(r.streamID) { // #nosec G115 +func (r *RawChannelReader) HandleMessage(msg channel.MessageBase) bool { // #nosec G115 + if streamMsg, ok := msg.(*StreamDataMessage); ok && streamMsg.StreamID == uint16(r.streamID) { r.mutex.Lock() defer r.mutex.Unlock() diff --git a/pkg/cryptography/aes.go b/pkg/cryptography/aes.go index baec748..58dac55 100644 --- a/pkg/cryptography/aes.go +++ b/pkg/cryptography/aes.go @@ -49,7 +49,7 @@ func EncryptAES256CBC(key, plaintext []byte) ([]byte, error) { } // Encrypt the data. - mode := cipher.NewCBCEncrypter(block, iv) + mode := cipher.NewCBCEncrypter(block, iv) // #nosec G407 ciphertext := make([]byte, len(padtext)) mode.CryptBlocks(ciphertext, padtext) diff --git a/pkg/transport/transport.go b/pkg/transport/transport.go index eed7c87..2bbde4a 100644 --- a/pkg/transport/transport.go +++ b/pkg/transport/transport.go @@ -448,7 +448,7 @@ func (t *Transport) HandleAnnounce(data []byte, sourceIface common.NetworkInterf log.Printf("[DEBUG-7] Failed to generate random delay: %v", err) delay = time.Duration(0) // Default to no delay on error } else { - delay = time.Duration(binary.BigEndian.Uint64(b)%2000) * time.Millisecond // 0-2000 ms #nosec G115 + delay = time.Duration(binary.BigEndian.Uint64(b)%2000) * time.Millisecond // #nosec G115 } time.Sleep(delay) @@ -749,7 +749,7 @@ func (t *Transport) handleAnnouncePacket(data []byte, iface common.NetworkInterf log.Printf("[DEBUG-7] Failed to generate random delay: %v", err) delay = time.Duration(0) // Default to no delay on error } else { - delay = time.Duration(binary.BigEndian.Uint64(b)%2000) * time.Millisecond // 0-2000 ms #nosec G115 + delay = time.Duration(binary.BigEndian.Uint64(b)%2000) * time.Millisecond // #nosec G115 } time.Sleep(delay)