re-enable gosec/G404 #1757
Merged
re-enable gosec/G404 #1757
Commits on Feb 23, 2024
-
replace math/rand usage in requestid middleware
replaces the generator using math/rand with rs/xid Benchmarked current vs google UUID vs rs/xid BenchmarkUUID-12 475.9 ns/op 64 B/op 2 allocs/op BenchmarkMathRand-12 397.4 ns/op 176 B/op 2 allocs/op BenchmarkXid-12 55.03 ns/op 24 B/op 1 allocs/op xid is not cryptographically secure, but guarantees 16,777,216 unique values per second and per host/process. That number seems higher than we expect a single SpiceDB process to handle in terms of requests per second.
-
disable revive unused-parameter
after updating the golanci-lint action to the latest version, revive is flagging a lot of "unused-parameter" and is very annoying
-
enable gosec G404 and document when why it's ok to use math/rand
all these uses to do not have security concerns, and math rand is used because contention of crypto/rand can hurt throughput/latency on the critical path.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.