You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/11/24 12:52:53 UTC
[camel-k] 05/19: fix(gosec): Use of weak random number generator (G404)
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit a0747e162050fa2e67e59a7eb0cf6b3bfc7c8eb1
Author: Luca Burgazzoli <lb...@gmail.com>
AuthorDate: Mon Nov 22 13:47:28 2021 +0100
fix(gosec): Use of weak random number generator (G404)
---
pkg/trait/route_test.go | 7 ++++++-
pkg/util/sync/file_test.go | 12 ++++--------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/pkg/trait/route_test.go b/pkg/trait/route_test.go
index 3bf5306..96c67a4 100644
--- a/pkg/trait/route_test.go
+++ b/pkg/trait/route_test.go
@@ -90,9 +90,14 @@ pxv6zFeVEkAEEkqIYi0omA9+CjanB/6Bz4n1uw8H
tlsKeySecretName = "tls-test"
tlsKeySecretOnlyKeyName = "tls.key"
- tlsMultipleSecretsName = "tls-multiple-test"
+ // Potential hardcoded credentials
+ // #nosec G101
+ tlsMultipleSecretsName = "tls-multiple-test"
+ // #nosec G101
tlsMultipleSecretsCert1Key = "cert1.crt"
+ // #nosec G101
tlsMultipleSecretsCert2Key = "cert2.crt"
+ // #nosec G101
tlsMultipleSecretsCert3Key = "cert3.crt"
)
diff --git a/pkg/util/sync/file_test.go b/pkg/util/sync/file_test.go
index 5c1e2b2..792cd60 100644
--- a/pkg/util/sync/file_test.go
+++ b/pkg/util/sync/file_test.go
@@ -20,9 +20,7 @@ package sync
import (
"context"
"io/ioutil"
- "math/rand"
"os"
- "path"
"strconv"
"testing"
"time"
@@ -31,21 +29,19 @@ import (
)
func TestFile(t *testing.T) {
- tempdir := os.TempDir()
- fileName := path.Join(tempdir, "camel-k-test-"+strconv.FormatUint(rand.Uint64(), 10))
- _, err := os.Create(fileName)
+ file, err := os.CreateTemp("", "camel-k-test-*")
assert.Nil(t, err)
- defer os.Remove(fileName)
+ defer os.Remove(file.Name())
ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(100*time.Second))
defer cancel()
- changes, err := File(ctx, fileName)
+ changes, err := File(ctx, file.Name())
assert.Nil(t, err)
time.Sleep(100 * time.Millisecond)
expectedNumChanges := 3
for i := 0; i < expectedNumChanges; i++ {
- if err := ioutil.WriteFile(fileName, []byte("data-"+strconv.Itoa(i)), 0o600); err != nil {
+ if err := ioutil.WriteFile(file.Name(), []byte("data-"+strconv.Itoa(i)), 0o600); err != nil {
t.Error(err)
}
time.Sleep(350 * time.Millisecond)