diff --git a/components/ledger/libs/.golangci.yml b/components/ledger/libs/.golangci.yml new file mode 100644 index 0000000000..5cafc8d3d0 --- /dev/null +++ b/components/ledger/libs/.golangci.yml @@ -0,0 +1,43 @@ +allow-parallel-runners: true +run: + timeout: 5m +linters: + disable-all: true + enable: + - gofmt + - goimports + - unused + - gosec +linters-settings: + gosec: + # To select a subset of rules to run. + # Available rules: https://github.com/securego/gosec#available-rules + includes: + - G103 # Audit the use of unsafe block + - G104 # Audit errors not checked + - G106 # Audit the use of ssh.InsecureIgnoreHostKey + - G108 # Profiling endpoint automatically exposed on /debug/pprof + - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 + - G110 # Potential DoS vulnerability via decompression bomb + - G111 # Potential directory traversal + - G112 # Potential slowloris attack +# - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772) + - G201 # SQL query construction using format string + - G202 # SQL query construction using string concatenation + - G203 # Use of unescaped data in HTML templates + - G204 # Audit use of command execution + - G301 # Poor file permissions used when creating a directory + - G302 # Poor file permissions used with chmod + - G303 # Creating tempfile using a predictable path + - G304 # File path provided as taint input + - G305 # File traversal when extracting zip/tar archive + - G306 # Poor file permissions used when writing to a new file + - G307 # Poor file permissions used when creating a file with os.Create + - G401 # Detect the usage of DES, RC4, MD5 or SHA1 + - G403 # Ensure minimum RSA key length of 2048 bits + - G501 # Import blocklist: crypto/md5 + - G502 # Import blocklist: crypto/des + - G503 # Import blocklist: crypto/rc4 + - G504 # Import blocklist: net/http/cgi + - G505 # Import blocklist: crypto/sha1 + - G602 # Slice access out of bounds \ No newline at end of file diff --git a/components/ledger/libs/Earthfile b/components/ledger/libs/Earthfile index c042bf61f6..2afca126b6 100644 --- a/components/ledger/libs/Earthfile +++ b/components/ledger/libs/Earthfile @@ -2,6 +2,7 @@ VERSION --arg-scope-and-set --pass-args --use-function-keyword 0.7 ARG core=github.com/formancehq/earthly:v0.11.1 IMPORT $core AS core +IMPORT ../.. AS stack FROM core+base-image @@ -15,4 +16,18 @@ tidy: COPY (+sources/*) /src WORKDIR /src DO --pass-args stack+GO_TIDY - SAVE ARTIFACT go.* AS LOCAL ./ \ No newline at end of file + SAVE ARTIFACT go.* AS LOCAL ./ + +lint: + FROM core+builder-image + COPY (+sources/*) /src + WORKDIR /src + COPY --pass-args +tidy/go.* . + DO --pass-args stack+GO_LINT + SAVE ARTIFACT * AS LOCAL ./ + +pre-commit: + WAIT + BUILD --pass-args +tidy + END + BUILD --pass-args +lint \ No newline at end of file diff --git a/components/ledger/libs/aws/iam/load.go b/components/ledger/libs/aws/iam/load.go index 332207e7d0..86aa4cab89 100644 --- a/components/ledger/libs/aws/iam/load.go +++ b/components/ledger/libs/aws/iam/load.go @@ -2,6 +2,7 @@ package iam import ( "context" + "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/spf13/pflag" diff --git a/components/ledger/libs/bun/bunconnect/flags.go b/components/ledger/libs/bun/bunconnect/flags.go index 5fc94cf3e4..973bce9d00 100644 --- a/components/ledger/libs/bun/bunconnect/flags.go +++ b/components/ledger/libs/bun/bunconnect/flags.go @@ -3,6 +3,8 @@ package bunconnect import ( "context" "database/sql/driver" + "time" + "github.com/aws/aws-sdk-go-v2/config" "github.com/formancehq/stack/libs/go-libs/aws/iam" "github.com/formancehq/stack/libs/go-libs/logging" @@ -10,7 +12,6 @@ import ( "github.com/lib/pq" "github.com/spf13/pflag" "github.com/spf13/viper" - "time" ) const ( diff --git a/components/ledger/libs/bun/bunconnect/iam.go b/components/ledger/libs/bun/bunconnect/iam.go index f7f90acd11..48f4667fe2 100644 --- a/components/ledger/libs/bun/bunconnect/iam.go +++ b/components/ledger/libs/bun/bunconnect/iam.go @@ -4,6 +4,7 @@ import ( "context" "database/sql/driver" "fmt" + "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/rds/auth" "github.com/formancehq/stack/libs/go-libs/logging" diff --git a/components/ledger/libs/bun/bunconnect/module.go b/components/ledger/libs/bun/bunconnect/module.go index 664e1df353..8a403e877a 100644 --- a/components/ledger/libs/bun/bunconnect/module.go +++ b/components/ledger/libs/bun/bunconnect/module.go @@ -2,6 +2,7 @@ package bunconnect import ( "context" + "github.com/formancehq/stack/libs/go-libs/logging" "github.com/uptrace/bun" "go.uber.org/fx" diff --git a/components/ledger/libs/bun/bunmigrate/command.go b/components/ledger/libs/bun/bunmigrate/command.go index 82e6ccd5b3..0a083f42e0 100644 --- a/components/ledger/libs/bun/bunmigrate/command.go +++ b/components/ledger/libs/bun/bunmigrate/command.go @@ -4,6 +4,7 @@ import ( "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" "github.com/spf13/cobra" "github.com/uptrace/bun" + // Import the postgres driver. _ "github.com/lib/pq" ) diff --git a/components/ledger/libs/bun/bunmigrate/run.go b/components/ledger/libs/bun/bunmigrate/run.go index b0fa2a61c8..ef937ee178 100644 --- a/components/ledger/libs/bun/bunmigrate/run.go +++ b/components/ledger/libs/bun/bunmigrate/run.go @@ -4,6 +4,8 @@ import ( "context" "database/sql" "fmt" + "io" + "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" sharedlogging "github.com/formancehq/stack/libs/go-libs/logging" "github.com/formancehq/stack/libs/go-libs/pointer" @@ -14,7 +16,6 @@ import ( "github.com/uptrace/bun" "github.com/uptrace/bun/extra/bundebug" "github.com/xo/dburl" - "io" ) func isDatabaseExists(ctx context.Context, db *bun.DB, name string) (bool, error) { diff --git a/components/ledger/libs/bun/bunmigrate/run_test.go b/components/ledger/libs/bun/bunmigrate/run_test.go index afc794ddde..8de8732abf 100644 --- a/components/ledger/libs/bun/bunmigrate/run_test.go +++ b/components/ledger/libs/bun/bunmigrate/run_test.go @@ -1,13 +1,14 @@ package bunmigrate import ( + "os" + "testing" + "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" "github.com/formancehq/stack/libs/go-libs/logging" "github.com/formancehq/stack/libs/go-libs/pgtesting" "github.com/stretchr/testify/require" "github.com/uptrace/bun" - "os" - "testing" ) func TestRunMigrate(t *testing.T) { @@ -19,7 +20,6 @@ func TestRunMigrate(t *testing.T) { connectionOptions := &bunconnect.ConnectionOptions{ DatabaseSourceName: pgtesting.Server().GetDatabaseDSN("testing"), Debug: testing.Verbose(), - Writer: os.Stdout, } executor := func(args []string, db *bun.DB) error { return nil diff --git a/components/ledger/libs/bun/bunpaginate/pagination_column_test.go b/components/ledger/libs/bun/bunpaginate/pagination_column_test.go index e0801a781c..f76766b9f8 100644 --- a/components/ledger/libs/bun/bunpaginate/pagination_column_test.go +++ b/components/ledger/libs/bun/bunpaginate/pagination_column_test.go @@ -2,11 +2,12 @@ package bunpaginate_test import ( "context" + "math/big" + "testing" + "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" bunpaginate2 "github.com/formancehq/stack/libs/go-libs/bun/bunpaginate" "github.com/formancehq/stack/libs/go-libs/logging" - "math/big" - "testing" "github.com/formancehq/stack/libs/go-libs/pgtesting" "github.com/stretchr/testify/require" diff --git a/components/ledger/libs/bun/bunpaginate/pagination_offset_test.go b/components/ledger/libs/bun/bunpaginate/pagination_offset_test.go index c5f8f394c5..bfd554ad05 100644 --- a/components/ledger/libs/bun/bunpaginate/pagination_offset_test.go +++ b/components/ledger/libs/bun/bunpaginate/pagination_offset_test.go @@ -2,10 +2,11 @@ package bunpaginate_test import ( "context" + "testing" + "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" bunpaginate2 "github.com/formancehq/stack/libs/go-libs/bun/bunpaginate" "github.com/formancehq/stack/libs/go-libs/logging" - "testing" "github.com/formancehq/stack/libs/go-libs/pgtesting" "github.com/stretchr/testify/require" diff --git a/components/ledger/libs/go.mod b/components/ledger/libs/go.mod index 8df9a98978..823c15a392 100644 --- a/components/ledger/libs/go.mod +++ b/components/ledger/libs/go.mod @@ -6,7 +6,6 @@ toolchain go1.21.5 require ( github.com/IBM/sarama v1.42.1 - github.com/Shopify/sarama v1.38.1 github.com/ThreeDotsLabs/watermill v1.3.5 github.com/ThreeDotsLabs/watermill-http/v2 v2.1.0 github.com/ThreeDotsLabs/watermill-kafka/v3 v3.0.0 diff --git a/components/ledger/libs/go.sum b/components/ledger/libs/go.sum index 1cb227df56..c8e77c8547 100644 --- a/components/ledger/libs/go.sum +++ b/components/ledger/libs/go.sum @@ -47,10 +47,6 @@ github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2y github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= -github.com/Shopify/sarama v1.38.1 h1:lqqPUPQZ7zPqYlWpTh+LQ9bhYNu2xJL6k1SJN4WVe2A= -github.com/Shopify/sarama v1.38.1/go.mod h1:iwv9a67Ha8VNa+TifujYoWGxWnu2kNVAQdSdZ4X2o5g= -github.com/Shopify/toxiproxy/v2 v2.5.0 h1:i4LPT+qrSlKNtQf5QliVjdP08GyAH8+BUIc9gT0eahc= -github.com/Shopify/toxiproxy/v2 v2.5.0/go.mod h1:yhM2epWtAmel9CB8r2+L+PCmhH6yH2pITaPAo7jxJl0= github.com/ThreeDotsLabs/watermill v1.2.0/go.mod h1:IuVxGk/kgCN0cex2S94BLglUiB0PwOm8hbUhm6g2Nx4= github.com/ThreeDotsLabs/watermill v1.3.5 h1:50JEPEhMGZQMh08ct0tfO1PsgMOAOhV3zxK2WofkbXg= github.com/ThreeDotsLabs/watermill v1.3.5/go.mod h1:O/u/Ptyrk5MPTxSeWM5vzTtZcZfxXfO9PK9eXTYiFZY= diff --git a/components/ledger/libs/httpserver/serverport.go b/components/ledger/libs/httpserver/serverport.go index 8a7aef4bbe..4d01bbf60c 100644 --- a/components/ledger/libs/httpserver/serverport.go +++ b/components/ledger/libs/httpserver/serverport.go @@ -6,6 +6,7 @@ import ( "net" "net/http" "strconv" + "time" "github.com/formancehq/stack/libs/go-libs/logging" @@ -80,7 +81,8 @@ func (s *server) StartServer(ctx context.Context, handler http.Handler, options StartedServer(ctx, s.listener) srv := &http.Server{ - Handler: handler, + Handler: handler, + ReadHeaderTimeout: 10 * time.Second, } for _, option := range options { option(srv) diff --git a/components/ledger/libs/migrations/migrator.go b/components/ledger/libs/migrations/migrator.go index 054cc839f4..9e080a984c 100644 --- a/components/ledger/libs/migrations/migrator.go +++ b/components/ledger/libs/migrations/migrator.go @@ -4,9 +4,10 @@ import ( "context" "database/sql" "fmt" - "github.com/lib/pq" "time" + "github.com/lib/pq" + "github.com/pkg/errors" "github.com/uptrace/bun" ) diff --git a/components/ledger/libs/pgtesting/postgres.go b/components/ledger/libs/pgtesting/postgres.go index 4804b0d592..268e8ca016 100644 --- a/components/ledger/libs/pgtesting/postgres.go +++ b/components/ledger/libs/pgtesting/postgres.go @@ -4,13 +4,14 @@ import ( "context" "database/sql" "fmt" - "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" "os" "strconv" "sync" "testing" "time" + "github.com/formancehq/stack/libs/go-libs/bun/bunconnect" + "github.com/google/uuid" _ "github.com/lib/pq" "github.com/ory/dockertest/v3" diff --git a/components/ledger/libs/publish/messages.go b/components/ledger/libs/publish/messages.go index 4f08e3817c..7343b2e59d 100644 --- a/components/ledger/libs/publish/messages.go +++ b/components/ledger/libs/publish/messages.go @@ -3,10 +3,11 @@ package publish import ( "context" "encoding/json" + "time" + "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/trace" - "time" "github.com/ThreeDotsLabs/watermill/message" "github.com/google/uuid" diff --git a/components/ledger/libs/publish/module.go b/components/ledger/libs/publish/module.go index 7be3d900a7..1f0df0bf96 100644 --- a/components/ledger/libs/publish/module.go +++ b/components/ledger/libs/publish/module.go @@ -2,6 +2,7 @@ package publish import ( "context" + "github.com/ThreeDotsLabs/watermill" "github.com/ThreeDotsLabs/watermill/message" "github.com/ThreeDotsLabs/watermill/pubsub/gochannel" diff --git a/components/ledger/libs/publish/module_test.go b/components/ledger/libs/publish/module_test.go index 536cd2ebdc..6bdf0bbbfe 100644 --- a/components/ledger/libs/publish/module_test.go +++ b/components/ledger/libs/publish/module_test.go @@ -3,15 +3,16 @@ package publish import ( "context" "fmt" - "go.opentelemetry.io/otel" - "go.opentelemetry.io/otel/propagation" - tracesdk "go.opentelemetry.io/otel/sdk/trace" - "go.opentelemetry.io/otel/trace" "io" "os" "testing" "time" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/propagation" + tracesdk "go.opentelemetry.io/otel/sdk/trace" + "go.opentelemetry.io/otel/trace" + "github.com/IBM/sarama" "github.com/ThreeDotsLabs/watermill/message" "github.com/formancehq/stack/libs/go-libs/logging" diff --git a/components/ledger/libs/service/app.go b/components/ledger/libs/service/app.go index c52751c0a6..5fd5201749 100644 --- a/components/ledger/libs/service/app.go +++ b/components/ledger/libs/service/app.go @@ -2,12 +2,13 @@ package service import ( "context" + "io" + "os" + "github.com/formancehq/stack/libs/go-libs/logging" "github.com/spf13/cobra" "github.com/spf13/viper" "go.uber.org/fx" - "io" - "os" ) const DebugFlag = "debug"