Skip to content

Commit

Permalink
Security: resolve gosec G115 (CWE-190)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunginnanet
yunginnanet committed Sep 4, 2024
1 parent 209b8e2 commit 5ff474a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions internal/extra/banner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (
const hellpot = "H4sIAAAAAAACA8VXvW7bQAze9QpZOGQUZNXntBD6Ahm7Gx1cx0jdRnKRKAUCdPDgQavOgB/QTxLZ1P3oRJ5Obo0CtnE5feSR30fylOhmfjv9PEtzwIXIj4dds/xw2jsequNB2gizXd3Mxad2O81PX7AAe+UNGneuR8aUOuTsqQUDXAMv1cJE5Tfbn6GaKz45kpid+lQc3zoNY5zmEUEt+jCGNZUjeYr0StZYmbwtwNavuCaUFWA8MjxVIImjNas6TPQT9Tnq4MnYJF0zkhVU4rLvqflscU/ox0Lg45qKTjoSmiLQPA+ZuTT7BbrckpfWKMkUquTErIPEYbPoKjamy6SjR0feGssPUMYTCDWEnrR8c0m7hJ2B4jekK2KUsBfa7bpTD0ftnmKPE9nN2IzcLc99vxhIUbszlwqrJoklpQWlI6AeQh9nDHXj2ldOvyat/vZdDxVfzZdbSuspRUe/+IKZtxq2GWlbZzS6jnrnDEXGCkXUGnahuTgAA+DY9HU8FUoYH3ji/q84HetDWmT/Y3ml6oX21/eCNzB46+6UuVTSQHXgGmzUTJT/zeNQ3zCvysEBuH3hER9CbhNa6FoLHSBfT2gmK/rFKCj/K1nTfcBduKHVwgjo+Y+HilXBEAqhKg1X6lQzMaIF6ZK6ipVILR0Awh16SWy9KsxvZXWbL34oGpNmMcPNdYFmiE40+qV9cg4Logjm2uXjukzK5a/kYf28WpaTn4u3zcvkfvX09GVTnuFfEYzBNujvr9+S5SafvL0Wj+uiWBSrsov/I6axmMXiLhYf40zE2TTOZnF2F2fNn2n0DpcvBxhQEAAA"

func rc(s []string) string {
return strings.TrimSpace(s[ru()%uint32(len(s))])
return strings.TrimSpace(s[ru()%len(s)])
}

func process(in string) (s string) {
Expand Down Expand Up @@ -64,12 +64,12 @@ func process(in string) (s string) {
return
}

func ru() uint32 {
func ru() int {
b := make([]byte, 8192)
if _, err := crip.Read(b); err != nil {
bannerFail(err)
}
return binary.LittleEndian.Uint32(b)
return int(binary.LittleEndian.Uint32(b))
}

// printBanner prints our entropic banner
Expand Down

1 comment on commit 5ff474a

@paigeadelethompson
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trying to understand,

  • uint32 is 4 bytes, but b is byte[8192] which is ok, but it just casts to the first four bytes of b
  • Converting uint32 value to signed integer(defl 64) (oh ok, I was thinking int32 for a second I was like wuut, but on 32 bit int is 32 right? So that maybe important to note, uint32 can be a value greater than int32 max.
  • what is ru? Reads up to 8192 bytes and the first four bytes is unpacked to an integer for modulus Len somestring? What if ru returns 0?

Please sign in to comment.