diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eccc7a7..5fcb1e5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,9 +27,10 @@ jobs: if: matrix.os == 'ubuntu-latest' uses: securego/gosec@master with: - args: -exclude-dir examples ./... + args: -exclude-dir _examples ./... - name: Run GoVulnCheck + if: matrix.go-version != '1.17.x' && matrix.go-version != '1.18.x' uses: golang/govulncheck-action@v1 with: go-version-input: ${{ matrix.go-version }} diff --git a/_examples/bufferpool/client.go b/_examples/bufferpool/client.go index a3719a9..6a841af 100644 --- a/_examples/bufferpool/client.go +++ b/_examples/bufferpool/client.go @@ -12,7 +12,7 @@ import ( "sync" "time" - "github.com/gorilla/websocket" + "github.com/fasthttp/websocket" ) var addr = flag.String("addr", "localhost:8080", "http service address") diff --git a/_examples/bufferpool/server.go b/_examples/bufferpool/server.go index 25bb20f..ab582f7 100644 --- a/_examples/bufferpool/server.go +++ b/_examples/bufferpool/server.go @@ -11,7 +11,7 @@ import ( _ "net/http/pprof" - "github.com/gorilla/websocket" + "github.com/fasthttp/websocket" ) var addr = flag.String("addr", "localhost:8080", "http service address") diff --git a/mask.go b/mask.go index 67d0968..0b0223d 100644 --- a/mask.go +++ b/mask.go @@ -23,8 +23,9 @@ func maskBytes(key [4]byte, pos int, b []byte) int { } // Mask one byte at a time to word boundary. - //#nosec G103 -- (CWE-242) Has been audited - if n := int(uintptr(unsafe.Pointer(&b[0]))) % wordSize; n != 0 { + // #nosec G103 -- (CWE-242) Has been audited + n := int(uintptr(unsafe.Pointer(&b[0]))) % wordSize + if n != 0 { n = wordSize - n for i := range b[:n] { b[i] ^= key[pos&3] @@ -42,7 +43,7 @@ func maskBytes(key [4]byte, pos int, b []byte) int { kw := *(*uintptr)(unsafe.Pointer(&k)) // Mask one word at a time. - n := (len(b) / wordSize) * wordSize + n = (len(b) / wordSize) * wordSize for i := 0; i < n; i += wordSize { //#nosec G103 -- (CWE-242) Has been audited *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&b[0])) + uintptr(i))) ^= kw diff --git a/server_fasthttp.go b/server_fasthttp.go index ee98511..2266445 100644 --- a/server_fasthttp.go +++ b/server_fasthttp.go @@ -20,8 +20,7 @@ var strPermessageDeflate = []byte("permessage-deflate") var poolWriteBuffer = sync.Pool{ New: func() interface{} { - var buf []byte - return buf + return new(writePoolData) }, } @@ -183,9 +182,9 @@ func (u *FastHTTPUpgrader) Upgrade(ctx *fasthttp.RequestCtx, handler FastHTTPHan ctx.Hijack(func(netConn net.Conn) { // var br *bufio.Reader // Always nil - writeBuf := poolWriteBuffer.Get().([]byte) + writeBuf := poolWriteBuffer.Get().(*writePoolData) - c := newConn(netConn, true, u.ReadBufferSize, u.WriteBufferSize, u.WriteBufferPool, nil, writeBuf) + c := newConn(netConn, true, u.ReadBufferSize, u.WriteBufferSize, u.WriteBufferPool, nil, writeBuf.buf) if subprotocol != nil { c.subprotocol = strconv.B2S(subprotocol) } @@ -196,11 +195,11 @@ func (u *FastHTTPUpgrader) Upgrade(ctx *fasthttp.RequestCtx, handler FastHTTPHan } // Clear deadlines set by HTTP server. - netConn.SetDeadline(time.Time{}) + _ = netConn.SetDeadline(time.Time{}) handler(c) - writeBuf = writeBuf[0:0] + writeBuf.buf = writeBuf.buf[0:0] poolWriteBuffer.Put(writeBuf) }) diff --git a/util.go b/util.go index 2a2b6ab..9e268d2 100644 --- a/util.go +++ b/util.go @@ -25,7 +25,7 @@ func computeAcceptKey(challengeKey string) string { } func computeAcceptKeyBytes(challengeKey []byte) string { - h := sha1.New() + h := sha1.New() //#nosec G401 -- (CWE-326) https://datatracker.ietf.org/doc/html/rfc6455#page-54 h.Write(challengeKey) h.Write(keyGUID) return base64.StdEncoding.EncodeToString(h.Sum(nil))