From 0f937a530110cbd1214ba0aa57a9e6316f97de31 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:48:16 +0100
Subject: [PATCH 1/6] Resolving syncing issues

---
 releases/releases.json |  4 ++--
 syncer.go              | 35 +++++++++--------------------------
 2 files changed, 11 insertions(+), 28 deletions(-)

diff --git a/releases/releases.json b/releases/releases.json
index f85244a..70af548 100644
--- a/releases/releases.json
+++ b/releases/releases.json
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a032c0b23b1b07ec0f6052de044e4002fe870ce20daed7b4534a41f31bb0df03
-size 965746
+oid sha256:473a9565641a4a55550388ce80f93e5024d52751878a4211d22ff1806a51a02f
+size 1008637
diff --git a/syncer.go b/syncer.go
index 974de45..fed9cde 100644
--- a/syncer.go
+++ b/syncer.go
@@ -8,6 +8,7 @@ import (
 	"math/big"
 	"net/http"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -103,6 +104,7 @@ func (s *Solc) SyncBinaries(versions []Version, limitVersion string) error {
 
 		for _, asset := range version.Assets {
 			distribution := s.GetDistributionForAsset()
+
 			if strings.Contains(asset.Name, distribution) {
 				filename := fmt.Sprintf("%s/solc-%s", s.config.GetReleasesPath(), versionTag)
 				if distribution == "solc-windows" {
@@ -236,38 +238,19 @@ func (s *Solc) downloadFile(file string, url string) error {
 	// Just a bit of the time because we could receive 503 from GitHub so we don't want to spam them
 	randomDelayBetween500And1500()
 
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		return err
-	}
-
-	req.Header.Add("Authorization", fmt.Sprintf("token %s", s.config.personalAccessToken))
-	req = req.WithContext(s.ctx)
-
-	resp, err := s.GetHTTPClient().Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("failed to download file: %s", resp.Status)
-	}
-
-	out, err := os.Create(filepath.Clean(file))
-	if err != nil {
-		return err
-	}
-	defer out.Close()
+	// Construct the curl command
+	curlCmd := exec.Command("curl", "-s", "-L", url, "-o", file)
+	curlCmd.Stderr = os.Stderr
 
-	if _, err = io.Copy(out, resp.Body); err != nil {
-		return err
+	// Execute curl
+	if err := curlCmd.Run(); err != nil {
+		return fmt.Errorf("curl command failed: %v", err)
 	}
 
 	// #nosec G302
 	// G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
 	// We want executable files to be executable by the user running the program so we can't use 0600.
-	if err := os.Chmod(file, 0700); err != nil {
+	if err := os.Chmod(file, 0755); err != nil {
 		return fmt.Errorf("failed to set file as executable: %v", err)
 	}
 

From 3f14bb26791c48a7985292dc90b5b9ac19d67db0 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:51:42 +0100
Subject: [PATCH 2/6] Security nosec on G302

---
 syncer.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/syncer.go b/syncer.go
index fed9cde..b729158 100644
--- a/syncer.go
+++ b/syncer.go
@@ -248,8 +248,6 @@ func (s *Solc) downloadFile(file string, url string) error {
 	}
 
 	// #nosec G302
-	// G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
-	// We want executable files to be executable by the user running the program so we can't use 0600.
 	if err := os.Chmod(file, 0755); err != nil {
 		return fmt.Errorf("failed to set file as executable: %v", err)
 	}

From 250a8057818092ee7380f6bdd21e5eeec83c7384 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:53:30 +0100
Subject: [PATCH 3/6] Security nosec on G302

---
 .github/workflows/gosec.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index 70b3f1e..8b3458a 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -12,4 +12,4 @@ jobs:
       - name: Run Gosec Security Scanner
         uses: securego/gosec@master
         with:
-          args: ./...
+          args: --exclude=G302 ./...

From 690e01ecda37ad1f39efec794fdd3a63bfc0f9a5 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:55:32 +0100
Subject: [PATCH 4/6] Bumping to 1.22 as a version that's needed

---
 .github/workflows/goveralls.yml | 1 +
 .github/workflows/test.yml      | 2 +-
 go.mod                          | 2 +-
 releases/releases.json          | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/goveralls.yml b/.github/workflows/goveralls.yml
index a23e9cc..263606a 100644
--- a/.github/workflows/goveralls.yml
+++ b/.github/workflows/goveralls.yml
@@ -10,6 +10,7 @@ jobs:
       matrix:
         go:
           - '1.19'
+          - '1.22'
 
     steps:
       - uses: actions/setup-go@v3
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9a1e208..e1edd36 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.19'
+          go-version: '1.22'
 
       - name: Checkout submodules
         run: make submodules
diff --git a/go.mod b/go.mod
index 1463f2b..0e764cd 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/0x19/solc-switch
 
-go 1.19
+go 1.22
 
 require (
 	github.com/stretchr/testify v1.8.4
diff --git a/releases/releases.json b/releases/releases.json
index 70af548..db74359 100644
--- a/releases/releases.json
+++ b/releases/releases.json
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:473a9565641a4a55550388ce80f93e5024d52751878a4211d22ff1806a51a02f
+oid sha256:6b0e6436861a32c13fc259a56fb39efd519283f2fe3dc2007f675ed98ad11b2c
 size 1008637

From 7e070b580953f5cdd0a9d1c226005672cb132e05 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:56:33 +0100
Subject: [PATCH 5/6] Bumping to 1.22 as a version that's needed

---
 .github/workflows/goveralls.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/goveralls.yml b/.github/workflows/goveralls.yml
index 263606a..f8ceb10 100644
--- a/.github/workflows/goveralls.yml
+++ b/.github/workflows/goveralls.yml
@@ -9,8 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         go:
-          - '1.19'
-          - '1.22'
+          - '1.21'
 
     steps:
       - uses: actions/setup-go@v3

From 670cf941df6972582a6fdb307cdb4342df0d3020 Mon Sep 17 00:00:00 2001
From: Nevio <nevio@eiger.co>
Date: Thu, 28 Mar 2024 09:57:27 +0100
Subject: [PATCH 6/6] Bumping to 1.22 as a version that's needed

---
 .github/workflows/goveralls.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/goveralls.yml b/.github/workflows/goveralls.yml
index f8ceb10..db37d21 100644
--- a/.github/workflows/goveralls.yml
+++ b/.github/workflows/goveralls.yml
@@ -9,7 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         go:
-          - '1.21'
+          - '1.22'
 
     steps:
       - uses: actions/setup-go@v3