From 890b3dceb505f0c9428a23126a889ab6b45e2f0e Mon Sep 17 00:00:00 2001 From: Alexei Ledenev Date: Wed, 6 Sep 2023 11:31:24 +0300 Subject: [PATCH] update vulnarable versions, fix merge PR --- .golangci.yaml | 2 +- Makefile | 2 +- go.mod | 8 ++++---- go.sum | 11 ++++++----- main.go | 14 +++++++------- pkg/secrets/aws/secrets.go | 5 ++--- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 868fdb6..8a8fd99 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -61,7 +61,7 @@ linters: # - contextcheck disabled because of generics - dupword - decorder - - depguard + # - depguard - dogsled - dupl - durationcheck diff --git a/Makefile b/Makefile index c0a16a6..e922027 100644 --- a/Makefile +++ b/Makefile @@ -52,7 +52,7 @@ platfrom-build: clean lint test ; $(info $(M) building binaries for multiple os/ setup-tools: setup-lint setup-gocov setup-gocov-xml setup-go2xunit setup-mockery setup-ghr setup-lint: - $(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.50.1 + $(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2 setup-gocov: $(GO) install github.com/axw/gocov/... setup-gocov-xml: diff --git a/go.mod b/go.mod index ac4cccd..745bb05 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module secrets-init go 1.19 require ( + cloud.google.com/go/compute v1.10.0 cloud.google.com/go/secretmanager v1.8.0 github.com/aws/aws-sdk-go v1.44.128 github.com/googleapis/gax-go/v2 v2.6.0 @@ -10,12 +11,11 @@ require ( github.com/sirupsen/logrus v1.9.0 github.com/stretchr/testify v1.8.1 github.com/urfave/cli/v2 v2.23.0 - golang.org/x/sys v0.1.0 + golang.org/x/sys v0.12.0 google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e ) require ( - cloud.google.com/go/compute v1.10.0 // indirect cloud.google.com/go/iam v0.5.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -30,9 +30,9 @@ require ( github.com/stretchr/objx v0.5.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458 // indirect + golang.org/x/net v0.15.0 // indirect golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/text v0.13.0 // indirect google.golang.org/api v0.99.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/grpc v1.50.1 // indirect diff --git a/go.sum b/go.sum index 5035ae3..85fdfc7 100644 --- a/go.sum +++ b/go.sum @@ -100,8 +100,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458 h1:MgJ6t2zo8v0tbmLCueaCbF1RM+TtB0rs3Lv8DGtOIpY= -golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1 h1:3VPzK7eqH25j7GYw5w6g/GzNRc0/fYtrxz27z1gD4W0= golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= @@ -115,14 +115,15 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/main.go b/main.go index 820f15f..5f961b5 100644 --- a/main.go +++ b/main.go @@ -53,6 +53,7 @@ func main() { Name: "exit-early", Usage: "exit when a provider fails or a secret is not found", EnvVars: []string{"EXIT_EARLY"}, + }, &cli.StringFlag{ Name: "google-project", Usage: "the google cloud project for secrets without a project prefix", @@ -174,14 +175,13 @@ func removeZombies(childPid int) { } log.WithError(err).Error("unexpected wait4 error") os.Exit(1) - } else { - // check if pid is child, if so save - // PID is > 0 if a child was reaped, and we immediately check if another one is waiting - if pid == childPid { - exitCode = status.ExitStatus() - } - continue } + // check if pid is child, if so save + // PID is > 0 if a child was reaped, and we immediately check if another one is waiting + if pid == childPid { + exitCode = status.ExitStatus() + } + continue } // no more children, exit with the same code as the child process os.Exit(exitCode) diff --git a/pkg/secrets/aws/secrets.go b/pkg/secrets/aws/secrets.go index 67cc704..310458d 100644 --- a/pkg/secrets/aws/secrets.go +++ b/pkg/secrets/aws/secrets.go @@ -45,7 +45,7 @@ func NewAwsSecretsProvider() (secrets.Provider, error) { // ResolveSecrets replaces all passed variables values prefixed with 'aws:aws:secretsmanager' and 'arn:aws:ssm:REGION:ACCOUNT:parameter' // by corresponding secrets from AWS Secret Manager and AWS Parameter Store -func (sp *SecretsProvider) ResolveSecrets(_ context.Context, vars []string) ([]string, error) { //nolint:gocognit +func (sp *SecretsProvider) ResolveSecrets(_ context.Context, vars []string) ([]string, error) { envs := make([]string, 0, len(vars)) for _, env := range vars { @@ -68,9 +68,8 @@ func (sp *SecretsProvider) ResolveSecrets(_ context.Context, vars []string) ([]s envs = append(envs, e) } continue // We continue to not add this ENV variable but only the environment variables that exists in the JSON - } else { - env = key + "=" + *secret.SecretString } + env = key + "=" + *secret.SecretString } else if (strings.HasPrefix(value, "arn:aws:ssm") || strings.HasPrefix(value, "arn:aws-cn:ssm")) && strings.Contains(value, ":parameter/") { tokens := strings.Split(value, ":") // valid parameter ARN arn:aws:ssm:REGION:ACCOUNT:parameter/PATH