lint: enable gosec G401,G501 md5; dsort

* enable G501 "Blocklisted MD5" * enable G402 "TLS MinVersion" * dsort not to import crypto/md5 Signed-off-by: Alex Aizman <[email protected]>
NVIDIA · Nov 9, 2024 · 50fd98d · 50fd98d
1 parent 5cb1ab5
commit 50fd98d
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 15 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -47,7 +47,7 @@ linters-settings:
     ignore-generated-header: true
     severity: warning
     rules:
-      # name: import-shadowing
+      # name: import-shadowing ## TODO: enable
       # name: unhandled-error
       # name: line-length-limit
       # name: dot-imports
@@ -84,7 +84,7 @@ linters-settings:
   govet:
     enable-all: true
     disable:
-      - fieldalignment # TODO: Enable, for now reports a lot of problems.
+      - fieldalignment # TODO: enable to select and fix a few; then disable
       - shadow # Reports a lot of false-positives and conflicts with other linters.
   errcheck:
     check-blank: true
@@ -94,15 +94,13 @@ linters-settings:
       - performance
       - style
     disabled-checks:
-      - ifElseChain
+      - ifElseChain ## TODO: enable
       - unnamedResult
   gosec:
-    excludes: ## TODO: revisit
+    excludes: ## integer overflow; week rand
       - G115
-      - G401
       - G402
       - G404
-      - G501
   prealloc:
     simple: true # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them
     range-loops: true # Report preallocation suggestions on range loops, true by default

diff --git a/cmn/cos/cksum.go b/cmn/cos/cksum.go
@@ -5,7 +5,7 @@
 package cos
 
 import (
-	"crypto/md5"
+	"crypto/md5" //nolint:gosec // G501 have to support Cloud's MD5
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding"
@@ -112,7 +112,7 @@ func (ck *CksumHash) Init(ty string) {
 	case ChecksumXXHash:
 		ck.H = xxhash.New64()
 	case ChecksumMD5:
-		ck.H = md5.New()
+		ck.H = md5.New() //nolint:gosec // G401 ditto (see G501 above)
 	case ChecksumCRC32C:
 		ck.H = NewCRC32C()
 	case ChecksumSHA256:

diff --git a/ext/dsort/shard/key.go b/ext/dsort/shard/key.go
@@ -1,17 +1,15 @@
 // Package shard provides Extract(shard), Create(shard), and associated methods
 // across all suppported archival formats (see cmn/archive/mime.go)
 /*
- * Copyright (c) 2018-2023, NVIDIA CORPORATION. All rights reserved.
+ * Copyright (c) 2018-2024, NVIDIA CORPORATION. All rights reserved.
  */
 package shard
 
 import (
 	"bytes"
-	"crypto/md5"
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"hash"
 	"io"
 	"regexp"
 	"strconv"
@@ -39,7 +37,7 @@ type (
 	}
 
 	md5KeyExtractor struct {
-		h hash.Hash
+		cksum *cos.CksumHash
 	}
 
 	nameKeyExtractor    struct{}
@@ -64,12 +62,12 @@ type (
 /////////////////////
 
 func NewMD5KeyExtractor() (KeyExtractor, error) {
-	return &md5KeyExtractor{h: md5.New()}, nil
+	return &md5KeyExtractor{cksum: cos.NewCksumHash(cos.ChecksumMD5)}, nil
 }
 
 func (ke *md5KeyExtractor) ExtractKey(ske *SingleKeyExtractor) (any, error) {
-	s := hex.EncodeToString(ke.h.Sum([]byte(ske.name)))
-	ke.h.Reset()
+	s := hex.EncodeToString(ke.cksum.H.Sum(cos.UnsafeB(ske.name)))
+	ke.cksum.H.Reset()
 	return s, nil
 }