Skip to content

Remove redundant size hint for request info map #3582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kallydev wants to merge 1 commit into from
Closed

Remove redundant size hint for request info map #3582

kallydev wants to merge 1 commit into from

Conversation

@kallydev
Copy link

@kallydev kallydev commented Aug 23, 2023
edited
Loading

Summary

🤖 Generated by Copilot at c6f022b

Refactor and simplify code related to HTTP CONNECT protocol. Move GetHTTPSHostname function from pkg/util/vhost/https.go to pkg/util/tcpmux/httpconnect.go and omit zero size argument for reqInfoMap variable.

WHY

golangci-lint updated gosec rules in v1.54.2. golangci/golangci-lint#4015

➜  frp git:(dev) golangci-lint run                        
pkg/util/vhost/https.go:47:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["Host"] = clientHello.ServerName
        ^
pkg/util/vhost/https.go:48:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["Scheme"] = "https"
        ^
pkg/util/tcpmux/httpconnect.go:104:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["Host"] = host
        ^
pkg/util/tcpmux/httpconnect.go:105:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["Scheme"] = "tcp"
        ^
pkg/util/tcpmux/httpconnect.go:106:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["HTTPUser"] = httpUser
        ^
pkg/util/tcpmux/httpconnect.go:107:2: G602: Potentially accessing slice out of bounds (gosec)
        reqInfoMap["HTTPPwd"] = httpPwd
        ^

@fatedier
Copy link
Owner

fatedier commented Aug 23, 2023

We use a specified golangci-lint version https://github.com/fatedier/frp/blob/dev/.golangci.yml#L2C1-L2C1 .

We don't always update all dependencies to the latest version, we do so at the appropriate time.

Finally, what you modified is map, not slice. That looks like a false alarm. This is also why we don't always update our dependency tools to the latest version.

@kallydev
Copy link
Author

kallydev commented Aug 23, 2023
edited
Loading

It has been verified that this is not an issue with the frp main repository, it is caused by a downstream fork that changed the golangci-lint version to 1.54. The gosec rule change was introduced when the CI automatically upgraded from 1.54.1 to 1.54.2 due to not locking the patch version number (x.y.Z) of golangci-lint in the CI configuration file.

I will close this PR because the issue doesn't actually exist, and it's a false positive warning.

Thanks for your review!

@kallydev kallydev closed this Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kallydev @fatedier