enable gosec linter and fix the errors it reports. (#390)

Author: cosnicolaou

.golangci.yml

@@ -16,6 +16,7 @@ linters-settings:
 linters:
   enable:
     - bodyclose
+    - gosec
     - gocritic
     - gocyclo
     - gofmt

v23/flow/message/internal_message_test.go

@@ -21,15 +21,15 @@ import (
 func randomTestCases() []uint64 {
 	c := make([]uint64, 4096)
 	for i := range c {
-		c[i] = rand.Uint64()
+		c[i] = rand.Uint64() //nolint:gosec
 	}
 	return c
 }
 
 func randomMaxTestCases(limit int64) []uint64 {
 	c := make([]uint64, 4096)
 	for i := range c {
-		c[i] = uint64(rand.Int63n(limit))
+		c[i] = uint64(rand.Int63n(limit)) //nolint:gosec
 	}
 	return c
 }
@@ -38,7 +38,7 @@ func randomLargeTestCases() []uint64 {
 	c := make([]uint64, 4096)
 	for i := range c {
 		for c[i] < math.MaxUint32 {
-			c[i] = rand.Uint64()
+			c[i] = rand.Uint64() //nolint:gosec
 		}
 	}
 	return c

v23/security/algo_test.go

@@ -16,7 +16,7 @@ import (
 
 func TestRSAPanic(t *testing.T) {
 	// Make sure that using a key with < 2048 bits causes a panic.
-	key, err := rsa.GenerateKey(rand.Reader, 1024)
+	key, err := rsa.GenerateKey(rand.Reader, 1024) //nolint:gosec
 	if err != nil {
 		t.Fatal(err)
 	}

v23/security/blessings_test.go

@@ -60,6 +60,7 @@ func TestByteSize(t *testing.T) {
 
 func verifyBlessingSignatures(t *testing.T, blessings ...security.Blessings) {
 	for _, b := range blessings {
+		b := b
 		if err := security.ExposeVerifySignature(&b); err != nil {
 			_, _, line, _ := runtime.Caller(1)
 			t.Fatalf("line %v: invalid signature for blessing %v: %v", line, b.String(), err)

v23/security/publickey.go

@@ -8,7 +8,7 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
-	"crypto/md5"
+	"crypto/md5" //nolint:gosec
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding"
@@ -108,7 +108,7 @@ func (pk publicKeyCommon) MarshalBinary() ([]byte, error) {
 
 func (pk publicKeyCommon) String() string {
 	const hextable = "0123456789abcdef"
-	hash := md5.Sum(pk.keyBytes)
+	hash := md5.Sum(pk.keyBytes) //nolint:gosec
 	var repr [md5.Size * 3]byte
 	for i, v := range hash {
 		repr[i*3] = hextable[v>>4]

v23/security/signature.go

@@ -6,7 +6,6 @@ package security
 
 import (
 	"crypto"
-	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
 )
@@ -84,9 +83,9 @@ func messageDigest(hash crypto.Hash, purpose, message []byte, key PublicKey) []b
 
 func cryptoSum(hash crypto.Hash, data []byte) []byte {
 	switch hash {
-	case crypto.SHA1:
-		h := sha1.Sum(data)
-		return h[:]
+	//	case crypto.SHA1:
+	//		h := sha1.Sum(data)
+	//		return h[:]
 	case crypto.SHA256:
 		h := sha256.Sum256(data)
 		return h[:]
@@ -102,8 +101,8 @@ func cryptoSum(hash crypto.Hash, data []byte) []byte {
 
 func cryptoHash(h Hash) crypto.Hash {
 	switch h {
-	case SHA1Hash:
-		return crypto.SHA1
+	//	case SHA1Hash:
+	//		return crypto.SHA1
 	case SHA256Hash:
 		return crypto.SHA256
 	case SHA384Hash:

v23/vdl/vdltest/entry_generator.go

@@ -56,7 +56,7 @@ func NewEntryGenerator(sourceTypes []*vdl.Type) *EntryGenerator {
 		valueGen:          NewValueGenerator(sourceTypes),
 		hasher:            fnv.New64a(),
 		randSeed:          now,
-		rng:               rand.New(rand.NewSource(now)),
+		rng:               rand.New(rand.NewSource(now)), //nolint:gosec
 	}
 	for _, tt := range sourceTypes {
 		kind := tt.NonOptional().Kind()

v23/vdl/vdltest/internal/vdltestgen/main.go

@@ -51,7 +51,7 @@ const (
 	vdltestPkgName     = "v.io/v23/vdl/vdltest"
 	typeGenFileName    = "type_gen.vdl"
 	typeManualFileName = "type_manual.vdl"
-	passGenFileName    = "entry_pass_gen.vdl"
+	passGenFileName    = "entry_pass_gen.vdl" //nolint:gosec
 	failGenFileName    = "entry_fail_gen.vdl"
 )
 

v23/vdl/vdltest/type_generator.go

@@ -46,7 +46,7 @@ func NewTypeGenerator() *TypeGenerator {
 		BaseTypesPerKind: []int{3, 1},
 		FieldsPerKind:    []int{-1, 2, 1},
 		MaxArrayLen:      3,
-		rng:              rand.New(rand.NewSource(time.Now().Unix())),
+		rng:              rand.New(rand.NewSource(time.Now().Unix())), //nolint:gosec
 	}
 }
 

v23/vdl/vdltest/value_generator.go

@@ -39,7 +39,7 @@ func NewValueGenerator(types []*vdl.Type) *ValueGenerator {
 		RandomZeroPercentage: 20,
 		MaxLen:               3,
 		MaxCycleDepth:        3,
-		rng:                  rand.New(rand.NewSource(time.Now().Unix())),
+		rng:                  rand.New(rand.NewSource(time.Now().Unix())), //nolint:gosec
 	}
 }