diff --git a/.golangci.yml b/.golangci.yml index f20add9..d8c4f69 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,24 @@ linters: enable: + - dogsled + - dupl - goimports - - stylecheck + - gosec - misspell + - nakedret + - stylecheck + - unconvert + - unparam - whitespace + +issues: + exclude-rules: + # Some cache implementations use md5 hashes for cached filenames. There is + # a slight risk of cache poisoning if an attacker could construct a URL + # with the same hash, but it would also need to be allowed by the proxies + # security settings. Changing these to a more secure hash algorithm would + # result in 100% cache misses when users upgrade. For now, just leave these + # alone. + - path: internal/.*cache + linters: gosec + text: G(401|501) diff --git a/cmd/imageproxy-sign/main.go b/cmd/imageproxy-sign/main.go index 02c94c1..63ce144 100644 --- a/cmd/imageproxy-sign/main.go +++ b/cmd/imageproxy-sign/main.go @@ -53,7 +53,7 @@ func sign(key string, s string, urlOnly bool) ([]byte, error) { return nil, fmt.Errorf("error parsing key: %v", err) } - mac := hmac.New(sha256.New, []byte(k)) + mac := hmac.New(sha256.New, k) if _, err := mac.Write([]byte(u.String())); err != nil { return nil, err }