replace satori/go.uuid with google/uuid (CVE-2021-3538)

Dependency go:github.com/satori/go.uuid:v1.2.0 is vulnerable CVE-2021-3538 9.8 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability with High severity foundResults powered by Checkmarx(c)
orange-cloudfoundry · May 14, 2024 · 0b7f287 · 0b7f287
1 parent 9177f98
commit 0b7f287
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/main.go b/main.go
@@ -3,14 +3,15 @@ package main
 import (
 	"code.cloudfoundry.org/lager"
 	"context"
+	"crypto/sha1"
 	"encoding/base64"
 	"flag"
 	"fmt"
 	"github.com/cloudfoundry-community/gautocloud"
 	"github.com/cloudfoundry-community/gautocloud/connectors/generic"
+	"github.com/google/uuid"
 	"github.com/pivotal-cf/brokerapi"
 	"github.com/pivotal-cf/brokerapi/domain"
-	"github.com/satori/go.uuid"
 	"net/http"
 	"net/url"
 	"os"
@@ -102,9 +103,9 @@ func NewFakeProxyBroker(proxyConfig ProxyConfig) *FakeProxyBroker {
 }
 
 func (b *FakeProxyBroker) Services(context.Context) ([]domain.Service, error) {
-	rootUUid, _ := uuid.FromString(ROOT_UUID)
-	serviceUuid := uuid.NewV5(rootUUid, b.proxyConfig.Name+"-service")
-	planUuid := uuid.NewV5(rootUUid, b.proxyConfig.Name+"-plan")
+	rootUUid, _ := uuid.Parse(ROOT_UUID)
+	serviceUuid := uuid.NewHash(sha1.New(), rootUUid, []byte(b.proxyConfig.Name+"-service"), 5)
+	planUuid := uuid.NewHash(sha1.New(), rootUUid, []byte(b.proxyConfig.Name+"-plan"), 5)
 
 	metadata := &domain.ServiceMetadata{
 		DocumentationUrl: b.proxyConfig.DocumentationURL,